Commit graph

1987 commits

Author SHA1 Message Date
Sheogorath
cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Christoph (Sheogorath) Kern
769a1c4ccb
Merge pull request #1084 from dsprenkels/export-subdirs
Prevent subdirectories in user export
2018-11-28 10:26:41 +01:00
Daan Sprenkels
9fba268288 Prevent subdirectories in user export
This commit also refactors the code a bit, and adds a '-' separator
between a filename and its duplicate index.

This commit fixes #1079.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-28 09:13:28 +01:00
Christoph (Sheogorath) Kern
8bace89cab
Merge pull request #1072 from SISheogorath/update/doctoc
Update doctoc to version 1.4.0
2018-11-24 17:36:16 +01:00
Christoph (Sheogorath) Kern
4856aa2840
Merge pull request #1069 from SISheogorath/fix/to-markdown
Update from to-markdown to turndown
2018-11-24 17:35:53 +01:00
Christoph (Sheogorath) Kern
6d0c3ccd23
Merge pull request #1071 from SISheogorath/fix/node-uuid
Remove node-uuid
2018-11-24 17:35:38 +01:00
Christoph (Sheogorath) Kern
4a623c95db Update ko.json (POEditor.com) 2018-11-23 12:10:14 +01:00
Christoph (Sheogorath) Kern
bf1f14d17c Update it.json (POEditor.com) 2018-11-23 12:10:11 +01:00
Sheogorath
306c25d8f7
Update doctoc to version 1.4.0
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.

This patch updates to the version containing the new, namespaced,
package.

References:
https://github.com/thlorenz/doctoc/pull/151

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 16:43:26 +01:00
Sheogorath
1091efc259
Remove node-uuid
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.

This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:38:40 +01:00
Sheogorath
f9929605af
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:34:56 +01:00
Christoph (Sheogorath) Kern
41fd4f0d66
Merge pull request #1070 from SISheogorath/fix/configExample
Fix typo in config.json.example
2018-11-21 11:32:00 +01:00
Sheogorath
fb46e188b8
Fix typo in config.json.example
We recently added the new logging option. As it turns out, the new
option was not added correctly, which points out that our current json
linting is **not working**. It throws an error but doesn't break.

This patch fixes the typo in the example. It does not fix the CI part.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:17:59 +01:00
Sheogorath
33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Christoph (Sheogorath) Kern
2323d203b4
Merge pull request #1063 from SISheogorath/fix/nodeVersion
After removing ws, node version 10 should work
2018-11-21 01:42:35 +01:00
Christoph (Sheogorath) Kern
26b617b032
Merge pull request #1066 from SISheogorath/update/scrypt
Switch scrypt library to a successor
2018-11-21 01:42:19 +01:00
Sheogorath
cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Christoph (Sheogorath) Kern
234171e117
Merge pull request #1065 from SISheogorath/update/reveal.js
Update reveal.js to version 3.7.0
2018-11-21 01:29:52 +01:00
Christoph (Sheogorath) Kern
2244b11730
Merge pull request #1064 from SISheogorath/fix/hstsSeconds
Fix wrong maxAgeSeconds multiplication
2018-11-21 01:29:04 +01:00
Sheogorath
bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Sheogorath
2d241b9300
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:06:37 +01:00
Sheogorath
0aa3116805
Fix wrong maxAgeSeconds multiplication
It seems like the inital work on the hsts module expected milliseconds.
This has either changed or was never true. Either way, it caused that
the current defaults resulted in theory in a 1000 year HSTS policy.
Luckily helmet was smart enough to not go higher than 1 year.

Anyway, this patch fixes the multiplication of the configured size with
1000 by removing this multiplication.

Also to simplify the reading of the defaults, we split them into their
components, 60 times 60 seconds so we get one hour. 24 of those hours so
we get a day and finally 365 days to get our original wanted default of
one year.

Reference:
d69d65ea74
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:01:54 +01:00
Christoph (Sheogorath) Kern
271dff3808
Merge pull request #1043 from SISheogorath/fix/tocEmptyHead
Fix ToC breaking documents with empty h* elements
2018-11-19 21:33:34 +01:00
Sheogorath
d6dd33620c
Fix wrong anchors
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.

This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 20:20:56 +01:00
Sheogorath
e3b6bcc5f8
After removing ws, node version 10 should work
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.

As far as I can say, it works, so let's try to remove the restriction to
"<10.x"

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:42:28 +01:00
Sheogorath
9951b7df7c
Fix ToC breaking documents with empty h* elements
Right now, the ToC has an undefined variable i that was an index in the
original ToC code. Since the major rewrite in
4fe0620853 it's a recursive function
without this index. The variable `i` was wrongly copied into its current
place from the old code.

This patch replaces the variable `i` with the index of the header
element. Fix the undefined variable problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:27:06 +01:00
Christoph (Sheogorath) Kern
f46a84ab54
Merge pull request #1061 from SISheogorath/feature/updateHints
Add hints about how to be informed about updates
2018-11-19 01:11:00 +01:00
Christoph (Sheogorath) Kern
9a267ed0dd Update de.json (POEditor.com) 2018-11-18 17:22:45 +01:00
Christoph (Sheogorath) Kern
6d05c6d479 Update fr.json (POEditor.com) 2018-11-18 17:22:42 +01:00
Christoph (Sheogorath) Kern
6cc6d564a1 Update nl.json (POEditor.com) 2018-11-18 17:22:39 +01:00
Christoph (Sheogorath) Kern
435341c557 Update zh-TW.json (POEditor.com) 2018-11-18 17:22:36 +01:00
Christoph (Sheogorath) Kern
120dcc3dae Update zh-CN.json (POEditor.com) 2018-11-18 17:22:33 +01:00
Christoph (Sheogorath) Kern
9a8614ea8b Update de.json (POEditor.com) 2018-11-18 12:38:31 +01:00
Christoph (Sheogorath) Kern
651c4be7b8 Update fr.json (POEditor.com) 2018-11-18 12:38:28 +01:00
Christoph (Sheogorath) Kern
4f071fba7d Update nl.json (POEditor.com) 2018-11-18 12:38:25 +01:00
Christoph (Sheogorath) Kern
96efb09a38 Update zh-TW.json (POEditor.com) 2018-11-18 12:38:22 +01:00
Christoph (Sheogorath) Kern
d8fcc83d37 Update zh-CN.json (POEditor.com) 2018-11-18 12:38:19 +01:00
Christoph (Sheogorath) Kern
4b212c8315
Merge pull request #1060 from SISheogorath/fix/indexLinks
Fixing links on index page
2018-11-18 02:46:39 +01:00
Sheogorath
62cad26e08
Add hints about how to be informed about updates
Keeping people in the loop about new version of CodiMD is not easy. When
people don't keep an eye on GitHub it's easy to miss new versions.

To help people keeping their software up to date, this patch adds hints
to check out our community channel or simply the GitHub Atom feed
generated for based on the release page to get informed about new
versions.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-18 02:16:04 +01:00
Christoph (Sheogorath) Kern
af06d38781 Update nl.json (POEditor.com) 2018-11-18 00:51:00 +01:00
Sheogorath
71ce7921bd
Fixing links on index page
Seems like ids in Firefox are case sensitive. So linking in the current
way fails.

This patch fixes the links by using the exact matching version of the
titles on the features page.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-18 00:26:51 +01:00
Christoph (Sheogorath) Kern
5f0d04334b
Merge pull request #1053 from dsprenkels/robots.txt
Disallow creation of robots.txt in freeurl
2018-11-17 13:30:06 +01:00
Daan Sprenkels
4bd8d7eb91 Disallow creation of robots.txt in freeurl
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.

This commit fixes #1052.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-17 13:23:03 +01:00
Christoph (Sheogorath) Kern
6f7fd74b1a
Merge pull request #943 from SISheogorath/feature/improveSetup
Some minor improvements for setup script
2018-11-17 12:42:24 +01:00
Christoph (Sheogorath) Kern
1e2bf3698f
Merge pull request #1040 from sunbit/master
Fix migration failure due to change on error messages
2018-11-17 12:34:15 +01:00
Christoph (Sheogorath) Kern
7328e7ad79
Merge pull request #1059 from SISheogorath/fix/winstonStreaming
Fix streaming for winston
2018-11-17 11:36:56 +01:00
Carles Bruguera
5da10c0e2c Update error message text checks
Signed-off-by: Carles Bruguera <carlesba@gmail.com>
2018-11-16 23:53:50 +01:00
Sheogorath
bdeb053397
Fix streaming for winston
During the upgrade of winston in
c3584770f2 a the class extension for
streaming was removed.

This caused silent crashes. Somehow winston simply called
`process.exit(1)` whenever `logger.write()` was called. This is really
bad and only easy to debug because of the testing right after upgrading.

However, reimplementing the stream interface as it was, didn't work, due
to the fact that `logger.write()` is already implemented and causes the
mentioned problem. So we extent the object with an `stream` object that
implements `write()` for streams and pass that to morgan.

So this patch fixes unexpected exiting for streaming towards our logging
module.

References:
https://www.digitalocean.com/community/tutorials/how-to-use-winston-to-log-node-js-applications
c3584770f2
https://stackoverflow.com/a/28824464
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-16 11:49:39 +01:00
Christoph (Sheogorath) Kern
f1367ba270
Merge pull request #1058 from ccoenen/bug/oauth2internalerror
InternalOAuthError is not part of passport, but of passport-oauth2 #1056
2018-11-16 11:45:50 +01:00
Christoph (Sheogorath) Kern
db69983a62
Merge pull request #1057 from ccoenen/eslint
switching to eslint for code checking
2018-11-16 11:45:20 +01:00