Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.
A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.
https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.
This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.
Checked that speaker view in slide mode still works, so no CSP change
needed.
https://github.com/hakimel/reveal.js/releases/tag/3.7.02d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
It seems like the inital work on the hsts module expected milliseconds.
This has either changed or was never true. Either way, it caused that
the current defaults resulted in theory in a 1000 year HSTS policy.
Luckily helmet was smart enough to not go higher than 1 year.
Anyway, this patch fixes the multiplication of the configured size with
1000 by removing this multiplication.
Also to simplify the reading of the defaults, we split them into their
components, 60 times 60 seconds so we get one hour. 24 of those hours so
we get a day and finally 365 days to get our original wanted default of
one year.
Reference:
d69d65ea74
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.
This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.
As far as I can say, it works, so let's try to remove the restriction to
"<10.x"
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Right now, the ToC has an undefined variable i that was an index in the
original ToC code. Since the major rewrite in
4fe0620853 it's a recursive function
without this index. The variable `i` was wrongly copied into its current
place from the old code.
This patch replaces the variable `i` with the index of the header
element. Fix the undefined variable problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Keeping people in the loop about new version of CodiMD is not easy. When
people don't keep an eye on GitHub it's easy to miss new versions.
To help people keeping their software up to date, this patch adds hints
to check out our community channel or simply the GitHub Atom feed
generated for based on the release page to get informed about new
versions.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Seems like ids in Firefox are case sensitive. So linking in the current
way fails.
This patch fixes the links by using the exact matching version of the
titles on the features page.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.
This commit fixes#1052.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
During the upgrade of winston in
c3584770f2 a the class extension for
streaming was removed.
This caused silent crashes. Somehow winston simply called
`process.exit(1)` whenever `logger.write()` was called. This is really
bad and only easy to debug because of the testing right after upgrading.
However, reimplementing the stream interface as it was, didn't work, due
to the fact that `logger.write()` is already implemented and causes the
mentioned problem. So we extent the object with an `stream` object that
implements `write()` for streams and pass that to morgan.
So this patch fixes unexpected exiting for streaming towards our logging
module.
References:
https://www.digitalocean.com/community/tutorials/how-to-use-winston-to-log-node-js-applicationsc3584770f2https://stackoverflow.com/a/28824464
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
This fixes part of #1056: an error while obtaining the profile
would have `502`-crashed the server.
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
Since it's a very useful feature, we should mention it in multiple
locations.
So we mention it in the slide mode section of the features page.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The yaml-metadata documentation should mention the type field. This is
also open for future extension.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We have this awesome editing mode for slide shows. We just don't enable
it or tell anyone that it exists. Maybe we should do this.
This patch sets the type for the slide example.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Our log library got a new major version which should be implemented.
That's exactly what this patch does. Implementing the new version of the
logging library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Seems like there was some debugging going on some day, this patch should
make sure the right logging is used.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
