Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Seems like we have to explicitly tell the new webpack version that we
want to use the development environment. This provides us with source
maps and similar.
This patch adds the commandline option in our scripts in package.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This reverts commit d2ded08f59.
Seems like the package is used for building the sqlite3 integration.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This dependency where installed, but it seems like they were never used.
Seems like it's a remaining piece from the the prototyping phase of the
project.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We should force db migrations to run on every start. This will minimize
the impact of breaking migrations in future. While it may causes some
issues with the next start since CodiMD won't start when the migrations
fail.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
To export the notes we need the archiver package that takes care of
creating the zip files.
Looks like I forgot this one in the initial commit.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
There was recently a possible security problem with base64url. Shouldn't
really hit us but it doesn't hurt.
Details: https://snyk.io/vuln/npm:base64url:20180511
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As we currently may need higher nofile limits than usual/default on
various systems this commit should probide a fix for that an allow to
build HackMD without highering these limits and increase security.
Inspiration was found in a copy-webpack-plugin-issue[1] and found by
@thegcat[2]. Thanks for that!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
[1]:
https://github.com/webpack-contrib/copy-webpack-plugin/issues/59#issuecomment-228563990
[2]: https://github.com/thegcat
This commit extends the find command to also match the example config
file.
This should validate the syntax or this file to prevent syntax errors
for future pull request.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As the jsonlint package from NPM causes problems and looks unmaintained,
it'll be replaced with `jq` a well maintained project which allows to
search through JSON files in a `grep`-like style, but knowing the JSON
structure.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.
Signed-off-by: Dario Ernst <dario@kanojo.de>
Using the "github:..." form to declare a dependency in package.json
makes npm attempt to install the package using an ssh clone rather than
an https clone. Some deployment environments may not allow ssh access
to external servers which will prevent the clones from succeeding. Using
the "git+https://..." form will clone the same repo from GitHub without
requiring ssh connectivity.
1. Remove eslint , bacause we use JavaScript Standard Style.
2. Add lts/boron version to travis CI, web use it in docker version
Signed-off-by: BoHong Li <a60814billy@gmail.com>
Limitations as of this commit:
- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
- instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
because we aren't using oauth. The currently generated
tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale