Commit graph

512 commits

Author SHA1 Message Date
d59212ea8b
Merge branch 'master' into DepauMD 2019-06-05 11:46:10 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Sheogorath
e2990c56fd
Merge pull request #82 from SISheogorath/fix/doubleCount
Fix missing pictures for OpenID
2019-05-26 22:19:22 +02:00
Sheogorath
0dff8796ac
Fix missing pictures for OpenID
Currently a problem appears when using OpenID for authentication as
there is no method to add a profile picture right now.

This patch makes sure that all undefined login methods get a profile
picture.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-26 03:53:59 +02:00
Sheogorath
6c62efae2a
Add config for toobusy middleware
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.

This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-25 21:08:38 +02:00
Claudius
4833f300c5 polyfilling scrypt for node 8.5+
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
df666dd214 getting password hashing into a hook where it could be async
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
107f92e6fd Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-11 22:30:56 +02:00
Davide Depau
7240364d30 Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-11 22:26:27 +02:00
Davide Depau
283938b35c Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-11 22:25:13 +02:00
BoHong Li
a68d19bc22
fix: scrypt cannot build on some platform, revert the change library commit
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 18:34:31 +08:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Emmanuel Ormancey
df53f465c0
Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2019-04-06 17:54:58 +02:00
Thor77
022c7ad616
Hide port from minio URL for protocol default port
Signed-off-by: Thor77 <thor77@thor77.org>
2019-04-06 13:52:49 +02:00
Stéphane Guillou
afc8541c86 change default mode to "both" when clicking edit
Add "both" mode to URLs because I assume most people want to straight away see the code when they click the "edit" button in a published note.

Fixes https://github.com/codimd/server/issues/27

Not tested, followed instructions from @ccoenen , please do review! :)

Signed-off-by: Stéphane Guillou <stephane.guillou@member.fsf.org>
2019-04-05 20:58:06 +10:00
Christoph (Sheogorath) Kern
7f04013f4a
Merge pull request #7 from SISheogorath/feature/libravatar
Use libravatar as drop-in replacement for gravatar
2019-03-31 03:30:51 +02:00
Sheogorath
7cde6958f3
Update links to new repositories
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.

Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27 19:31:34 +01:00
Sheogorath
a5133e0f9b
Use libravatar as drop-in replacement for gravatar
Since libravatar got a default fallback to Gravatar and in generell
allows federated image hosting for avatars this shouldn't break any
existing implementations.

The federation functionality is not added yet. This would require to use
the libravatar library.

Details:
https://wiki.libravatar.org/api/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-17 23:51:54 +01:00
Davide Depau
9bb50dda6c * Run db migrations on npm start
* Add documentation about integration with AD LDAP
 * Add `rel="noopener"` to all links
 * Add documentation about integration with Nextcloud for authentication
 * Update URL on frontpage to point to codimd.org
 * Replace Fontawesome with Forkawesome
 * Add OpenID support
 * Add print icon to slide view
 * Add auto-complete for language names that are highlighted in codeblocks
 * Improve translations for Chinese, Dutch, French, German, Italien, Korean, Polish, and Russian language
 * Add Download action to published document API
 * Add reset password feature to `manage_users` script
 * Move from own `./tmp` directory to system temp directory
 * Add Etherpad migration guide
 * Move XSS library to a more native position
 * Use full version string to determine changes from the backend
 * Update winston (logging library)
 * Use slide preview in slide example
 * Improve migration handling
 * Update reveal.js to version 3.7.0
 * Replace scrypt library with its successor
 * Replace `to-markdown` with `turndown` (successor library)
 * Update socket.io
 * Add warning on missing base URL
 * Update bootstrap to version 3.4.0
 * Update handlebar
 
 * Fix paths in GitLab documentation
 * Fix missing `data:` URL in CSP
 * Fix oAuth2 name/label field
 * Fix GitLab API integration
 * Fix auto-completed but not rendered emojis
 * Fix menu organization depending on enabled services
 * Fix some logging in the OT module
 * Fix some unhandled internalOAuthError exception
 * Fix unwanted creation of robots.txt document in "freeurl-mode"
 * Fix some links on index page to lead to the right sections on feature page
 * Fix document breaking, empty headlines
 * Fix wrong multiplication for HSTS header seconds
 * Fix wrong subdirectories in exported user data
 * Fix CSP for speaker notes
 * Fix CSP for disqus
 * Fix URL API usage
 * Fix Gist embedding
 * Fix upload provider error message
 * Fix unescaped disqus user names
 * Fix SAML vulnerability
 * Fix link to SAML guide
 * Fix deep dependency problem with node 6.x
 * Fix broken PDF export by wrong unlink call
 * Fix possible XSS attack in MathJax
 
 * Refactor to use `ws` instead of the the no longer supported `uws`
 * Refactor frontend build system to use webpack version 4
 * Refactor file path configuration (views, uploads, …)
 * Refactor `manage_users` script
 * Refactor handling of template variables
 * Refactor linting to use eslint
 
 * Remove no longer working Octicons
 * Remove links to our old Gitter channel
 * Remove unused library node-uuid
 * Remove unneeded blueimp-md5 dependency
 * Remove speakerdeck due to broken implementation
 
 * Adam.emts (translator)
 * [Alex Garcia](https://github.com/asg017)
 * [Cédric Couralet (micedre)](https://github.com/micedre)
 * [Claudius Coenen](https://github.com/ccoenen)
 * [Daan Sprenkels](https://github.com/dsprenkels)
 * [David Mehren](https://github.com/davidmehren)
 * [Erona](https://github.com/Eronana)
 * [Felix Yan](https://github.com/felixonmars)
 * [Jonathan](https://github.com/phrix32)
 * Jong-kai Yang (translator)
 * [MartB](https://github.com/MartB)
 * [Max Wu (jackycute)](https://github.com/jackycute)
 * [mcnesium](https://github.com/mcnesium)
 * Nullnine (translator)
 * RanoIP (translator)
 * [SuNbiT](https://github.com/sunbit)
 * Sylke Vicious (translator)
 * Timothee (translator)
 * [WilliButz](https://github.com/WilliButz)
 * [Xaver Maierhofer](https://github.com/xf-)
 * [云屿](https://github.com/cloudyu)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAeWzysDCaBZIKvtIHwXMNjXN3/0FAlx9Dj8ACgkQHwXMNjXN
 3/2faw/8CYL5qB43K1L3wwMu5YMfVfrZALyQTrrb016I1VkGh+e18ffM4FOYSa5C
 xeUDf/GRa30EKqxaBZjsHoUGxQ196g9WvyA4HziEVUti2LvmWwnSjSvFqGrjFJ79
 veaCfxG2NjvVc+k2Ts+E8G+1VH5TdU/TloViE6hvsu9zAOjKlxbTVlhu/YTpkIx0
 9fmSSrSonMFURvVG9LFnTgtzf0f9cbjGCmu+EjKxDJ2CZ9WkjShaL3nuPTOXReaq
 0MYOaWZJBsDd8nWcVqIamkKhzz/U7jRO6PpvXG6TXhJo8cqml/qpr3ZD6j6L9FOq
 HDQUUcligMynPaSOUBkVQXmlSPljL/2q1NYHAo0zDlP1vcm5+EWt1D4o73RZU4h5
 41mNJhanDeNk/QPrnI+Dldwg1k4PBrLrlPUYyNM7F6FgoZPBTtFVJ9nQVHyI6UWS
 oa3iq0YKCd1ofl0AdfLljgIeRxpArQGK6ey87eXRZXveeDOC+TEAZeS1/1/cac7+
 R7uCszvvLUBdE3W7JzcS5Xo4TtARPOjLkaYKObZhtzUW1YtMyGk+HpIvx2yZet8K
 NGpneShNa6IvygsVQqZ1ZZfIYLFIDsLQmoAe1+dffGF3K2b+ObkrT/hSimP2Ftq0
 +MrdXH56cuKqfyGPnfoqa0zQhieGC6n57xW2WAoBAOcEmpx2Ng4=
 =cjCR
 -----END PGP SIGNATURE-----

Merge tag '1.3.0' into DepauMD

* Run db migrations on `npm start`
* Add documentation about integration with AD LDAP
* Add `rel="noopener"` to all links
* Add documentation about integration with Nextcloud for authentication
* Update URL on frontpage to point to codimd.org
* Replace Fontawesome with Forkawesome
* Add OpenID support
* Add print icon to slide view
* Add auto-complete for language names that are highlighted in codeblocks
* Improve translations for Chinese, Dutch, French, German, Italien, Korean, Polish, and Russian language
* Add Download action to published document API
* Add reset password feature to `manage_users` script
* Move from own `./tmp` directory to system temp directory
* Add Etherpad migration guide
* Move XSS library to a more native position
* Use full version string to determine changes from the backend
* Update winston (logging library)
* Use slide preview in slide example
* Improve migration handling
* Update reveal.js to version 3.7.0
* Replace scrypt library with its successor
* Replace `to-markdown` with `turndown` (successor library)
* Update socket.io
* Add warning on missing base URL
* Update bootstrap to version 3.4.0
* Update handlebar

* Fix paths in GitLab documentation
* Fix missing `data:` URL in CSP
* Fix oAuth2 name/label field
* Fix GitLab API integration
* Fix auto-completed but not rendered emojis
* Fix menu organization depending on enabled services
* Fix some logging in the OT module
* Fix some unhandled internalOAuthError exception
* Fix unwanted creation of robots.txt document in "freeurl-mode"
* Fix some links on index page to lead to the right sections on feature page
* Fix document breaking, empty headlines
* Fix wrong multiplication for HSTS header seconds
* Fix wrong subdirectories in exported user data
* Fix CSP for speaker notes
* Fix CSP for disqus
* Fix URL API usage
* Fix Gist embedding
* Fix upload provider error message
* Fix unescaped disqus user names
* Fix SAML vulnerability
* Fix link to SAML guide
* Fix deep dependency problem with node 6.x
* Fix broken PDF export by wrong unlink call
* Fix possible XSS attack in MathJax

* Refactor to use `ws` instead of the the no longer supported `uws`
* Refactor frontend build system to use webpack version 4
* Refactor file path configuration (views, uploads, …)
* Refactor `manage_users` script
* Refactor handling of template variables
* Refactor linting to use eslint

* Remove no longer working Octicons
* Remove links to our old Gitter channel
* Remove unused library node-uuid
* Remove unneeded blueimp-md5 dependency
* Remove speakerdeck due to broken implementation

* Adam.emts (translator)
* [Alex Garcia](https://github.com/asg017)
* [Cédric Couralet (micedre)](https://github.com/micedre)
* [Claudius Coenen](https://github.com/ccoenen)
* [Daan Sprenkels](https://github.com/dsprenkels)
* [David Mehren](https://github.com/davidmehren)
* [Erona](https://github.com/Eronana)
* [Felix Yan](https://github.com/felixonmars)
* [Jonathan](https://github.com/phrix32)
* Jong-kai Yang (translator)
* [MartB](https://github.com/MartB)
* [Max Wu (jackycute)](https://github.com/jackycute)
* [mcnesium](https://github.com/mcnesium)
* Nullnine (translator)
* RanoIP (translator)
* [SuNbiT](https://github.com/sunbit)
* Sylke Vicious (translator)
* Timothee (translator)
* [WilliButz](https://github.com/WilliButz)
* [Xaver Maierhofer](https://github.com/xf-)
* [云屿](https://github.com/cloudyu)
2019-03-13 13:19:21 +01:00
Christoph (Sheogorath) Kern
329d39d0d0
Merge pull request #1131 from SISheogorath/fix/gitlabSnippets
Fix shown but broken GitLab snippets
2019-03-09 14:50:47 +01:00
Sheogorath
cda878d377
Add required change for Google+ API deprecation
Since Google+ is shutting down soon, we need to get the profile data
from another URL. Since the library already supports it, all we need to
do is adding a single line of code.

Details:
https://github.com/hackmdio/codimd/issues/1160

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 14:42:06 +01:00
Sheogorath
bcb7972607
Fix shown but broken GitLab snippets
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.

This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-05 18:16:04 +01:00
Christoph (Sheogorath) Kern
de0acbb566
Merge pull request #1153 from toshi0123/for_empty_serverurl
Fix empty serverURL did not redirect properly
2019-03-05 18:11:37 +01:00
Sheogorath
b51a048777
Fix wrong value type for HSTS environment variable
Seem like also environment variables are affected. This patch fixes that
as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 17:13:43 +01:00
toshi0123
6aab032709 Fix empty serverURL did not redirect properly
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
2019-03-04 13:59:14 +09:00
Sheogorath
1ee9874393
Fix names with spaces in letter-avatars
Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-03 15:46:28 +01:00
Sheogorath
806f403045
Disable OpenID by default
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.

This patch disables OpenID by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-25 19:31:34 +01:00
Sheogorath
4e81079050
Fix broken PDF export by wrong unlink call
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.

This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 13:02:53 +01:00
Daan Sprenkels
f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
3a14801a8b Merge branch 'master' into DepauMD 2018-12-22 03:00:12 +01:00
Christoph (Sheogorath) Kern
f9cc2ff0ef
Merge pull request #1105 from SISheogorath/fix/gistCSP
Fix broken Gist embedding
2018-12-21 18:39:22 +01:00
Daan Sprenkels
8835a09d95 Update upload provider error message
Fixes #1107.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-21 15:30:06 +01:00
4395b1dcfa Merge branch 'master' into DepauMD 2018-12-21 03:00:12 +01:00
Sheogorath
0f9e367015
Fix broken Gist embedding
Looks like GitHub changed their asset system and our CSP prevented them
from getting loaded.

This patch should fix the Gist embedding with enabled CSP by replacing
the old URL `https://assets-cdn.github.com` with the new
`https://github.githubassets.com`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-20 22:49:25 +01:00
Christoph (Sheogorath) Kern
f492fea418
Merge pull request #1103 from SISheogorath/fix/localImageUpload
Fix usage of new URL API
2018-12-20 22:42:17 +01:00
Sheogorath
0621d7a72d
Fix usage of new URL API
Due to the deprecation of the old `url`-API provided by NodeJS we
replaced `url.resolve` with `url.URL.resolve`, which doesn't exist.

This patch fixes the local filesystem upload of CodiMD by using the new
API correctly. Creating an URL object and using its href.

Some more background:
https://nodejs.org/api/url.html#url_url_href
https://nodejs.org/api/url.html#url_url_resolve_from_to

Fixes https://github.com/hackmdio/codimd/issues/1102

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-18 14:52:18 +01:00
0a02264625 Merge branch 'master' into DepauMD 2018-12-07 03:00:16 +01:00
Christoph (Sheogorath) Kern
7f0fe6903c
Merge pull request #1091 from SISheogorath/fix/speakerNotesCSP
Fix CSP for speaker notes
2018-12-06 10:35:41 +01:00
Sheogorath
ecee16bd73
Fix disqus CSP
Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.

This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 13:17:14 +01:00
Sheogorath
a556575b91
Fix CSP for speaker notes
Looks like I was wrong in my previous commit to update revealjs.[1]

The speaker notes broke again with the CSPs. So this patch updates the
hash and this way the speaker notes.

[1]: bcebf1e8d2

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 11:32:14 +01:00
107f4d03bd Merge branch 'master' into DepauMD 2018-12-02 00:40:31 +01:00
Christoph (Sheogorath) Kern
786140331b
Merge pull request #1086 from SISheogorath/feature/urlWarning
Warn on missing serverURL
2018-12-01 12:25:02 +01:00
84dce80bc9 Merge branch 'master' into DepauMD 2018-11-29 03:00:13 +01:00
Sheogorath
a4941be3de
Warn on missing serverURL
We see some issues that are based on not properly configured
`config.serverURL`.

This patch adds a warning when `config.serverURL` is an empty value.
This should provide users direct feedback about how to improve their
configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 14:38:49 +01:00
Christoph (Sheogorath) Kern
b749d50e20
Merge pull request #1082 from cloudyu/pull
Fix wrong config options

In `./lib/web/auth/` some config includes still used `config.serverurl` instead of the correct `config.serverURL`. This causes wrong URL in worst case.

This patch should fix those problems and migrate the wrong statements to camelcase.
2018-11-28 13:27:38 +01:00
Daan Sprenkels
9fba268288 Prevent subdirectories in user export
This commit also refactors the code a bit, and adds a '-' separator
between a filename and its duplicate index.

This commit fixes #1079.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-28 09:13:28 +01:00
CloudYu
35a9f72a06 Fix typo
Signed-off-by: CloudYu <cloudyu322@gmail.com>
2018-11-27 22:14:37 +08:00
b72b3b48fe Merge branch 'master' into DepauMD 2018-11-26 23:59:06 +01:00
4f47ce33bb Merge branch 'master' into DepauMD 2018-11-26 23:58:51 +01:00