Compare commits

...

765 commits

Author SHA1 Message Date
7b31ddecc3
Merge branch 'master' into DepauMD 2019-08-04 10:49:43 +02:00
Sheogorath
1a4a0c41a4 Update de.json (POEditor.com) 2019-08-03 18:16:00 +02:00
Sheogorath
7d67566b96
Update yarn.lock 2019-08-01 20:14:48 +02:00
Salim B
5e7715a4e2
Slightly improve docker-linux-server.md
- fix typo
- add link to PhantomJS
- improve formatting

Signed-off-by: Salim B <salim@posteo.de>
2019-08-01 20:11:55 +02:00
Sheogorath
e85f4defbb
Merge pull request #114 from SISheogorath/fix/linuxServerDocs
Fix some minor quirks in the LinuxServer.io docs
2019-08-01 20:07:09 +02:00
Sheogorath
788d8ca933
Fix some minor quirks in the LinuxServer.io docs
The current documents might end up confusing people and are not
completely accessible. This minor fixes should clear up the situation
and add alt texts to all badges, explain the links at the end of the
docs, and list LinuxServer.io in the supported provider section of the
README.

Some reasoning on the change in the listing:
Since we maintain an own container image which is for sure kept updated
on release, this is our first listing, as well as general solutions that
are build on that image, like the K8s integration.

The next listings are integrated provides which allow self-hosting, like
Cloudron and I also consider LinuxServer.io as this kind of providers.
Which try to enable people to run CodiMD on their own hardware or rented
servers in a very easy way, but by using their own images.

As third category I would look at hosted offers, like Heroku, which are
not completely SaaS but far enough away from the self-hostability that
I consider them as an own category. PaaS-based solutions are not as
FOSS-style as we want our setups to be, but of course still supported.

Finally the manual setup. We keep it down here, because we support it,
but don't recommend it in general. It's hard to upgrade and can cause
problems when dependencies are not correctly updated or people don't run
the db migrations.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-01 20:03:07 +02:00
Sheogorath
1ec083a091
Merge pull request #137 from codimd/snyk-fix-90a963f5d1c4d3e15b1c30f372c2f444
[Snyk] Fix for 1 vulnerable dependencies
2019-08-01 19:59:10 +02:00
snyk-test
6f588826e0 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MERMAID-174698
2019-07-24 05:32:45 +00:00
Sheogorath
1bfed17f8c
Merge pull request #104 from SISheogorath/feature/dnt
Respect DNT header
2019-07-20 12:50:13 +02:00
Sheogorath
2f6e81e4db
Merge pull request #128 from dargmuesli/docker-secrets
DB URL: Secret File Support
2019-07-20 12:49:19 +02:00
Jonas Thelemann
cc78dd0428
Docker Secrets: Add DB URL Support
As the connection string may include a password it should be supported by Docker Secrets.

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-07-01 19:43:42 +02:00
Sheogorath
118314d8dd
Merge pull request #119 from lhw/patch-1
Add SVG image detection based on file extension
2019-07-01 19:03:18 +02:00
Sheogorath
0d5923d61c
Update sequelize to latest version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
Sheogorath
502fae70a4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:23:24 +02:00
Sheogorath
fd2731042f
Merge pull request #107 from SISheogorath/feature/db-upgrade
Fix sequelize by updating to the latest version
2019-06-22 16:17:11 +02:00
Lennart Weller
f22a563116 Add SVG image detection based on file extension
Add simple SVG image detecetion base on the file extension .svg.
This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG.

Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
2019-06-18 17:13:50 +02:00
Sheogorath
8612740f82 Update sv.json (POEditor.com) 2019-06-16 10:59:48 +02:00
Sheogorath
3d2f5daa0f Update de.json (POEditor.com) 2019-06-16 10:59:46 +02:00
Sheogorath
4b4c6d6168
Merge pull request #111 from CHBMB/ls.io
Add docker image from LinuxServer.io as an install option.
2019-06-13 17:30:07 +02:00
chbmb
04d26637d6 Add docker image from LinuxServer.io as an install option.
As requested by @SISheogorath [here](https://github.com/linuxserver/docker-codimd/issues/4#issue-454332233) and further to discussion about previous PR [here.](https://github.com/codimd/server/pull/110#issuecomment-501214087)

Signed-off-by: Neil Green <chbmb@linuxserver.io>
2019-06-12 11:46:49 +01:00
Sheogorath
1e48b763d6
Merge pull request #106 from SISheogorath/fix/dco-location
Move DCO into docs section
2019-06-11 10:23:30 +02:00
BoHong Li
63c96e7359
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-11 00:41:50 +02:00
Sheogorath
7cdb325e1c
Move DCO into docs section
The DCO currently resides in an own directory creating a pointless
additional click/tab in order to reach end read it. It also just
clutteres the directory structure of the project.

Therefore this patch provides moves the DCO into an own legal section in
the docs directory, which is hopefully a more reasonable place.

This section can also be extended in future in order to host other legal
documents as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-10 17:35:36 +02:00
Sheogorath
02929cd4bf
Merge pull request #103 from SISheogorath/feature/improve-logging
Rework debug logging
2019-06-09 13:47:32 +02:00
Sheogorath
da4665c759
Respect DNT header
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.

This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.

This should later-on extended towards other document content (i.e.
iframe based content).

The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08 23:43:50 +02:00
Sheogorath
b5fc6db75d
Rework debug logging
We have various places with overly simple if statements that could be
handled by our logging library. Also a lot of those logs are not marked
as debug logs but as info logs, which can cause confusion during
debugging.

This patch removed unneeded if clauses around debug logging statements,
reworks debug log messages towards ECMA templates and add some new
logging statements which might be helpful in order to debug things like
image uploads.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08 21:27:29 +02:00
d59212ea8b
Merge branch 'master' into DepauMD 2019-06-05 11:46:10 +02:00
Sheogorath
6462968e84
Merge pull request #97 from SISheogorath/fix/linting
Fix eslint warnings
2019-06-04 16:09:46 +02:00
Sheogorath
ae32a12930
Merge pull request #93 from ttasovac/master
fixed styling of slides preview
2019-06-04 16:09:26 +02:00
Claudius Coenen
9140ca3c96
Merge pull request #98 from codimd/ccoenen-patch-1
mentioning the node 6 deprecation along with the migration guide
2019-05-31 15:21:57 +02:00
Claudius Coenen
8d576895ea
mentioning the node 6 deprecation along with the migration guide
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-31 15:16:24 +02:00
Sheogorath
51d69d993c
Release version 1.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 01:08:45 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Sheogorath
ac0bcb1c81
Merge pull request #94 from SISheogorath/fix/mathjax
Fix hidden MathJax output
2019-05-30 19:16:34 +02:00
Sheogorath
6f4841dcd2
Fix hidden MathJax output
In order to have a better experience when linking to headlines based on
their ID, a patch[1] introduced a new CSS construct to add some space in
front of HTML tags with an id field. Therefore they would no longer be
hidden by a visible navbar.

This cause a regression bug by moving the rendered mathjax out of its
visible area. This patch fixes the problem by restricting the previous
change to headlines only.

[1]: commit c9af13cf34

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30 13:26:24 +02:00
Toma Tasovac
9e7b081bd9 fixed styling of slides preview
Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
2019-05-30 10:53:08 +02:00
Sheogorath
3eca0a74ae
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30 00:10:44 +02:00
Sheogorath
e02defd402
Add Discourse link to footer
As we are about to announce the community forum, we should provide a
link to it in the footer. This patch adds Discouse between Riot, GitHub
and Mastodon as platform to follow our progress.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30 00:02:37 +02:00
Sheogorath
388f034750
Merge pull request #81 from SISheogorath/fix/codemirrorBottomCSS
Fix CodeMirror toolbar hiding content
2019-05-26 22:19:57 +02:00
Sheogorath
e2990c56fd
Merge pull request #82 from SISheogorath/fix/doubleCount
Fix missing pictures for OpenID
2019-05-26 22:19:22 +02:00
Sheogorath
515495bfbc
Merge pull request #83 from SISheogorath/language/vietnamese
Add vietnamese language
2019-05-26 14:32:53 +02:00
Sheogorath
c89c43b0bc
Add vietnamese language
There was some awesome work by Hồng in the recent days who translated
CodiMD completely into Vietnamese language! This patch provides this
awesome contributions.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-26 05:34:52 +02:00
Sheogorath
0dff8796ac
Fix missing pictures for OpenID
Currently a problem appears when using OpenID for authentication as
there is no method to add a profile picture right now.

This patch makes sure that all undefined login methods get a profile
picture.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-26 03:53:59 +02:00
Sheogorath
5e500de628
Fix CodeMirror toolbar hiding content
As it may happens that the codemirror content flows underneath the
status bar, this patch should help to avoid it. It adds the size of the
status bar as margin-bottom so the codemirror window itself is forced
above the statusbar.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-26 03:48:58 +02:00
Sheogorath
678d139691
Merge pull request #6 from SISheogorath/feautre/notTooBusy
Add config for toobusy middleware
2019-05-25 21:17:28 +02:00
Sheogorath
6c62efae2a
Add config for toobusy middleware
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.

This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-25 21:08:38 +02:00
Sheogorath
816ed4ebc7
Merge pull request #77 from SISheogorath/fix/scrolling
Fix hidden header on link
2019-05-25 20:41:54 +02:00
Sheogorath
c9af13cf34
Fix hidden header on link
When people link a section or use the ToC to scroll to it upwards, it
happens that those become hidden behind the navbar.

This patch adds a little hack from StackOverflow[1] in order to fix this
problem. By adding a pseudo element in front of any field that contains
an id, it's possible to add the needed space.

There was no negative impact found except of marking around the header
areas in the rendered view requires a bit preciser work. This needs some
more detailed testing.

[1]: https://stackoverflow.com/a/24298427

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-24 15:00:41 +02:00
Sheogorath
de669c7b93
Merge pull request #73 from Amolith/master
fix issues #70 and #72
2019-05-20 23:44:01 +02:00
Amolith
871d8ea183
remove single quote preceding mastodon link
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-05-20 15:16:49 -04:00
Amolith
0eb1d4d612
add mastodon link to index - complete #70
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-05-19 21:52:21 -04:00
Amolith
b220de8eb1
add mastodon badge - partially fix #70
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-05-19 21:52:08 -04:00
Amolith
4a02ca5d11
fix issue 72
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-05-19 20:50:53 -04:00
Christoph (Sheogorath) Kern
84d9b9acb5 Update es.json (POEditor.com) 2019-05-17 02:59:51 +02:00
Claudius
4c90863f2c Merge branch 'feature/drop-node-6' 2019-05-14 14:43:31 +02:00
Claudius
1da5a5bccc travis config is now in stages
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:22 +02:00
Claudius
aa57b76a4f updating travis config: readable job names, more recent distro
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:22 +02:00
Claudius
806ebe6e1a drop node 6 support
We will no longer test on node6 and instead focus on 8+. This won't
break node6 immediately, but we will no longer go out of our way
supporting a version that does not receive security updates.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
4833f300c5 polyfilling scrypt for node 8.5+
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
df666dd214 getting password hashing into a hook where it could be async
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
Claudius
4b579be93e Adding the first few lines of user model test
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
Claudius Coenen
dabcb91185
Merge pull request #44 from pferreir/fix-23
Fix toolbar day mode and upload button
2019-05-12 23:30:28 +02:00
Pedro Ferreira
e4c24c2936 Remove sass-loader, to avoid confusion
Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Pedro Ferreira
23f22d1fa6 Add no-console as a warning
Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Pedro Ferreira
26dacde959 Fix toolbar day mode
Also moved the code to SCSS

Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Pedro Ferreira
1801febfe6 Make upload button respect night mode
Also set a title in the input field, so that the file name doesn't show
up.

Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Christoph (Sheogorath) Kern
5bb6929767
Merge pull request #57 from boardfish/patch-1
Provide documentation for configuration with Keycloak
2019-05-11 00:10:37 +02:00
Simon Fish
d1fbf63291 Improve documentation
Signed-off-by: Simon Fish <si@mon.fish>
2019-05-06 17:15:07 +01:00
Simon Fish
335065cba9 Provide documentation for configuration with Keycloak
Signed-off-by: Simon Fish <si@mon.fish>
2019-05-06 17:15:07 +01:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1 2019-05-06 10:42:41 +02:00
Christoph (Sheogorath) Kern
d0b234048b
Merge pull request #61 from archemiro/archemiro/docs-setup-docker
Add name of directory to clone into
2019-05-06 10:34:00 +02:00
Mauricio Robayo
d4ac3fdd5f Add name of directory to clone into
Signed-off-by: Mauricio Robayo <rfmajo@gmail.com>
2019-05-05 19:28:30 -05:00
9d9a4c2357
Update Mermaid 2019-04-26 21:57:56 +02:00
1eca9efd6b Add "DepauMD" to home screen 2019-04-25 22:40:33 +02:00
36749cc645 Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-25 21:30:07 +02:00
Christoph (Sheogorath) Kern
868e8e6d66 Update sv.json (POEditor.com) 2019-04-25 10:17:24 +02:00
Christoph (Sheogorath) Kern
321114db12 Update de.json (POEditor.com) 2019-04-20 00:00:12 +02:00
Christoph (Sheogorath) Kern
dbfd6f0429 Update de.json (POEditor.com) 2019-04-19 23:23:44 +02:00
Christoph (Sheogorath) Kern
3f458178bd Update zh-TW.json (POEditor.com) 2019-04-19 23:23:42 +02:00
Christoph (Sheogorath) Kern
e1fd3f3cca Update sr.json (POEditor.com) 2019-04-19 22:34:15 +02:00
Christoph (Sheogorath) Kern
857f1e3f7a Update pl.json (POEditor.com) 2019-04-19 22:34:13 +02:00
Christoph (Sheogorath) Kern
999e9f21ff Update ja.json (POEditor.com) 2019-04-19 22:34:11 +02:00
Christoph (Sheogorath) Kern
967d2b65a7 Update it.json (POEditor.com) 2019-04-19 22:34:08 +02:00
Christoph (Sheogorath) Kern
72a6e1a5a5 Update fr.json (POEditor.com) 2019-04-19 22:34:06 +02:00
Christoph (Sheogorath) Kern
e5af02fe98 Update zh-CN.json (POEditor.com) 2019-04-19 22:34:04 +02:00
Christoph (Sheogorath) Kern
81904b6717
Merge pull request #51 from SISheogorath/fix/wurl
Replace js-url with wurl
2019-04-19 21:46:08 +02:00
Christoph (Sheogorath) Kern
a22c1a9d65
Merge pull request #52 from codimd/snyk-fix-yfvllf
[Snyk] Fix for 1 vulnerable dependencies
2019-04-16 22:02:16 +02:00
snyk-bot
54fd5ee0a2 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
2019-04-16 19:16:26 +00:00
Sheogorath
c0e75b8606
Replace js-url with wurl
js-url is outdated and wurl is it's successor. This will fix some
vulnerabilities in the dependencies and also optimize the build process
by removing the external library toward internal tooling.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 19:28:23 +02:00
Christoph (Sheogorath) Kern
04da0615d2
Merge pull request #45 from ccoenen/master
fixing manual upgrade instructions and completing requirements
2019-04-16 19:24:47 +02:00
naimo
cc53d5ebfa fix unix socket not removed on shutdown (#50)
* fix unix socket not removed on shutdown

Signed-off-by: naimo <nicolas@aimon.fr>
2019-04-16 18:19:11 +02:00
Sheogorath
d359d4aa84
Update yarn.lock 2019-04-16 14:31:01 +02:00
Christoph (Sheogorath) Kern
2df474b63e
Merge pull request #48 from SISheogorath/fix/graphvizXSS
Fix stored XSS in the graphviz error message rendering
2019-04-16 14:17:10 +02:00
Max Wu
fb399ebe73
Fix stored XSS in the graphviz error message rendering [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>

Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 14:05:26 +02:00
Claudius
32d3b914b2 fixing manual upgrade instructions and completing requirements
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-15 22:25:06 +02:00
Christoph (Sheogorath) Kern
074198f941
Merge pull request #43 from SISheogorath/feature/community
Add community forum to help section
2019-04-12 23:47:51 +02:00
Christoph (Sheogorath) Kern
2b99ed6d53
Merge pull request #42 from SISheogorath/fix/meta-marked
Update meta-marked to fix possible vulnerabilities
2019-04-12 23:33:52 +02:00
Christoph (Sheogorath) Kern
4630c7afea Update zh-CN.json (POEditor.com) 2019-04-12 15:17:52 +02:00
Sheogorath
454b39ac10
Add community forum to help section
We have a community forum and want to use it for users support and to
bring developers and end-users together. In order to achieve this, it
would be helpful to inform users about its existence.

This patch adds the community forum as resource to the help section and
aligns it along the Matrix channel and GitHub issue tracker.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-12 12:29:56 +02:00
107f92e6fd Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-11 22:30:56 +02:00
Davide Depau
7240364d30 Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-11 22:26:27 +02:00
Davide Depau
283938b35c Merge remote-tracking branch 'upstream/master' into DepauMD 2019-04-11 22:25:13 +02:00
Raccoon
ad9f29acbf
Merge pull request #1188 from hackmdio/fix/js-sequence-diagram
Fix/js sequence diagram
2019-04-10 20:16:37 +08:00
Sheogorath
197b0db88f
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:58:04 +02:00
Sheogorath
32f6037da9
Update yarn to version 1.15.2
The yarn version we use in CI is quite outdated. This brings up the
problem that it doesn't support semver for git repositories. In order to
fix that problem updating yarn seems to be the right thing to do.

This patch should fix the CI problem caused by the semver git URL.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:40:54 +02:00
BoHong Li
c69d91be9f
fix: bump js-sequence-diagrams version to alpha.2 to fix error height measure
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 19:39:00 +08:00
BoHong Li
c50a9b416f
fix: flowchart.js eve denpency eve not found
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 19:18:26 +08:00
Sheogorath
e014a73393
Update meta-marked to fix possible vulnerabilities
Snyk informed us about possible vulnerabilities in meta-marked. It seems
like at least some of them were already address by HackMD around a year
ago but never pushed upstream to CodiMD.

This patch provides a fix by using an up-to-date dependency from our own
repository with CI integration.

Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:11:57 +02:00
BoHong Li
0734f0faa8
fix: js-sequence-diagram not found
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 18:34:31 +08:00
BoHong Li
a68d19bc22
fix: scrypt cannot build on some platform, revert the change library commit
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 18:34:31 +08:00
Christoph (Sheogorath) Kern
ef348fc49b
Merge pull request #33 from codimd/lutim-support
Add support for image hosting with lutim
2019-04-10 11:39:11 +02:00
Christoph (Sheogorath) Kern
f541c00bad
Merge pull request #41 from SISheogorath/js-diagram-v2
Fix broken dependency js-sequence-diagrams
2019-04-10 11:38:54 +02:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Sheogorath
1f55150441
Fix broken dependency js-sequence-diagrams
A few days ago the dependency was removed from npm. this causes various
setups to fail and blocks deployments and development.

This patch should fix the dependency and allow CodiMD to move forward.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 00:18:24 +02:00
Max Wu
d032b37ddf
Update README.md 2019-04-08 21:57:46 -04:00
Christoph (Sheogorath) Kern
c6384567b8
Merge pull request #38 from codimd/snyk-fix-d5beoi
[Snyk] Fix for 1 vulnerable dependencies
2019-04-07 22:03:21 +02:00
snyk-bot
502c70008e fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
2019-04-07 19:49:25 +00:00
Christoph (Sheogorath) Kern
36c083277e
Merge pull request #30 from codimd/samlConfig
Added a configuration option for passport-saml:
2019-04-06 21:35:39 +02:00
Emmanuel Ormancey
df53f465c0
Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2019-04-06 17:54:58 +02:00
Christoph (Sheogorath) Kern
5379d65edc
Merge pull request #31 from codimd/hidePortMinio
Hide port minio
2019-04-06 17:50:22 +02:00
Thor77
022c7ad616
Hide port from minio URL for protocol default port
Signed-off-by: Thor77 <thor77@thor77.org>
2019-04-06 13:52:49 +02:00
Christoph (Sheogorath) Kern
ee725dc58c
Merge pull request #37 from stragu/patch-1
change default mode to "both" when clicking edit
2019-04-05 13:49:28 +02:00
Stéphane Guillou
afc8541c86 change default mode to "both" when clicking edit
Add "both" mode to URLs because I assume most people want to straight away see the code when they click the "edit" button in a published note.

Fixes https://github.com/codimd/server/issues/27

Not tested, followed instructions from @ccoenen , please do review! :)

Signed-off-by: Stéphane Guillou <stephane.guillou@member.fsf.org>
2019-04-05 20:58:06 +10:00
Christoph (Sheogorath) Kern
fdd912d23a Update sr.json (POEditor.com) 2019-04-04 14:27:27 +02:00
Christoph (Sheogorath) Kern
0d3e065e34
Merge pull request #35 from ccoenen/enhancement/translation-churn
specifying the locale jsons to be in the exact style of poeditor
2019-04-04 13:45:31 +02:00
Claudius
e738efe217 specifying the locale jsons to be in the exact style of poeditor should cut down on unneccessary changes ('churn')
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-04 12:31:38 +02:00
Christoph (Sheogorath) Kern
279235fbbb Update pl.json (POEditor.com) 2019-04-04 12:05:36 +02:00
Henrik "HerHde" Hüttemann
f13a91c698 Clean up headings
Signed-off-by: Henrik "HerHde" Hüttemann <mail@herh.de>
2019-04-04 00:54:47 +02:00
Claudius Coenen
49539fb27f
tiny correction to url. also adding RSS feed. 2019-04-04 00:34:23 +02:00
Sheogorath
e96c8d1dd4
Update community call URL
We have a discourse forum and since it's the place for all kinds of
community organisation, this should be used for organising the community
calls.

This patch updates the link to the new topic in the forum.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-03 23:56:31 +02:00
Claudius
acd7634fc7 more ways to engage with the community added to the readme
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-03 23:24:05 +02:00
Christoph (Sheogorath) Kern
07a0594c9a
Merge pull request #22 from SISheogorath/feature/newScreenshot
Add new screenshot
2019-04-02 01:47:48 +02:00
Sheogorath
004b2e51f1
Add new screenshot
The old screenshot is quite dated since it's from the earlier days of
HackMD.

But we developed a lot in the recent years. Changed the name, added a
toolbar, moved buttons, and so on.

This patch should represent those changes in the front page.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-01 23:19:02 +02:00
Henrik Hüttemann
5951dd1805 Add missing space to footer
Signed-off-by: Henrik "HerHde" Hüttemann <mail@herh.de>
2019-04-01 09:47:06 +02:00
Claudius
a140bff47e minor fixes to internal links in documentation 2019-04-01 09:42:33 +02:00
Claudius Coenen
a95f1e9f56
Merge pull request #15 from ccoenen/feature/documentation-overhaul
Documentation overhaul
2019-04-01 01:31:05 +02:00
Claudius
ba6ede57bd moving code of conduct into its own file for better discoverability
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:26:42 +02:00
Claudius
33b22cf26f breaking up config docs into sections
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:16:24 +02:00
Claudius
54edec8900 striving for consistency across various docs
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
74fdd26ea0 integrating information from the old wiki
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
fb973d2a6f removing doctoc, which is no longer being used
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
edf301cfa3 splitting README.md into files in /docs for better readability
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Christoph (Sheogorath) Kern
3a0ff5edd3
Merge pull request #9 from SISheogorath/feature/moveUpload
Move upload button into toolbar
2019-03-31 15:14:31 +02:00
Christoph (Sheogorath) Kern
948c3367eb
Merge pull request #14 from SISheogorath/fix/LICENSE
Fix LICENSE content
2019-03-31 12:41:49 +02:00
Claudius Coenen
d08d9f34b0
Merge pull request #13 from ccoenen/feature/heroku-cleanup
cleanup of the heroku configuration
2019-03-31 12:41:38 +02:00
Christoph (Sheogorath) Kern
7f04013f4a
Merge pull request #7 from SISheogorath/feature/libravatar
Use libravatar as drop-in replacement for gravatar
2019-03-31 03:30:51 +02:00
Christoph (Sheogorath) Kern
52055ec7b7
Merge pull request #8 from SISheogorath/fix/languages
Fix capital letters in language selection
2019-03-31 03:30:15 +02:00
Sheogorath
962330933d
Fix LICENSE content
It seems like the license was never correctly filled.

This patch updates the LICENSE file to represent members of the
community and major code contributors.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-31 03:27:12 +02:00
Claudius
5c607c4f80 cleanup of the heroku configuration
this removes the general `postinstall` call to `bin/heroku` and instead
puts it into a heroku-prebuild hook. At the same time, env vars get
updated to use the `CMD` prefix. The configured buildpacks were not used.
Finally, npm run build is now automatically
done by Heroku.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-03-31 01:29:34 +01:00
Sheogorath
4ffeab6129
Release version 1.3.2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:33:20 +01:00
Sheogorath
16d84926f9
Fix logo URL in app.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:31:18 +01:00
Sheogorath
9941d5613b
Fix button background color
When introducing night mode the rule for the background of the view 
switches seems to be generated from the view button.

This patch should change the introduced rule to fix for all default 
buttons.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:30:21 +01:00
Sheogorath
974dc8fc21
Update maintainers in package.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:30:20 +01:00
Sheogorath
e982ef686c
Add note about changing the upstream repository
People who want to get the latest and greatest version of CodiMD should 
be aware of the repository change. This upgrade note, will hopefully 
help.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-28 22:45:58 +01:00
Sheogorath
a5836dd52f
Fix container image links
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-28 22:45:58 +01:00
Sheogorath
982a12f569
Fix some remaining references to the old repository
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-28 22:45:57 +01:00
Max Wu
f65d958517
Update README.md 2019-03-27 18:07:22 -04:00
Raccoon
b9f36fc9a0 Update zh-TW.json (POEditor.com) 2019-03-28 06:02:23 +08:00
Max Wu
ec908f1ba4
Update README.md 2019-03-27 17:56:37 -04:00
Max Wu
6d7202bc97
Update README.md 2019-03-27 17:54:57 -04:00
Max Wu
dab90bf4e1
Update README.md 2019-03-27 17:49:38 -04:00
Sheogorath
7cde6958f3
Update links to new repositories
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.

Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27 19:31:34 +01:00
Sheogorath
1544b45af5
Move upload button into toolbar
Currently we have the odd situation to have two toolbars. One inside the
header and one in the editor.

Since we only show the image upload button when the editor is visible we
should move the upload button into the editor toolbar.

This patch does this by adding the image upload button besides the image
tag button.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-25 22:33:27 +01:00
Sheogorath
d167f7b092
Fix capital letters in language selection
Vladan[1] gave a hint about some minor problems with the capitalization
of language names.

This patch should fix most of them. and removes some "language" prefix
and suffixes which are not needed to make clear what people are
selecting here.

[1]: https://github.com/cvladan

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-24 23:13:48 +01:00
Sheogorath
50c80c99a4
Release version 1.3.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:27:39 +01:00
Sheogorath
b817b9efd9
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:25:33 +01:00
Christoph (Sheogorath) Kern
1678c8e2cc Update ja.json (POEditor.com) 2019-03-20 15:40:28 +01:00
Christoph (Sheogorath) Kern
f9fbff2d59 Update it.json (POEditor.com) 2019-03-20 15:40:23 +01:00
Christoph (Sheogorath) Kern
f15ab84810 Update id.json (POEditor.com) 2019-03-20 15:40:20 +01:00
Christoph (Sheogorath) Kern
4977dd6109 Update fr.json (POEditor.com) 2019-03-20 15:40:17 +01:00
Christoph (Sheogorath) Kern
01b1697c0c Update nl.json (POEditor.com) 2019-03-20 15:40:11 +01:00
Sheogorath
a5133e0f9b
Use libravatar as drop-in replacement for gravatar
Since libravatar got a default fallback to Gravatar and in generell
allows federated image hosting for avatars this shouldn't break any
existing implementations.

The federation functionality is not added yet. This would require to use
the libravatar library.

Details:
https://wiki.libravatar.org/api/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-17 23:51:54 +01:00
Christoph (Sheogorath) Kern
992f02c294
Merge pull request #1158 from SISheogorath/feature/serbianLanguage
Add serbian language
2019-03-16 19:58:45 +01:00
Davide Depau
9bb50dda6c * Run db migrations on npm start
* Add documentation about integration with AD LDAP
 * Add `rel="noopener"` to all links
 * Add documentation about integration with Nextcloud for authentication
 * Update URL on frontpage to point to codimd.org
 * Replace Fontawesome with Forkawesome
 * Add OpenID support
 * Add print icon to slide view
 * Add auto-complete for language names that are highlighted in codeblocks
 * Improve translations for Chinese, Dutch, French, German, Italien, Korean, Polish, and Russian language
 * Add Download action to published document API
 * Add reset password feature to `manage_users` script
 * Move from own `./tmp` directory to system temp directory
 * Add Etherpad migration guide
 * Move XSS library to a more native position
 * Use full version string to determine changes from the backend
 * Update winston (logging library)
 * Use slide preview in slide example
 * Improve migration handling
 * Update reveal.js to version 3.7.0
 * Replace scrypt library with its successor
 * Replace `to-markdown` with `turndown` (successor library)
 * Update socket.io
 * Add warning on missing base URL
 * Update bootstrap to version 3.4.0
 * Update handlebar
 
 * Fix paths in GitLab documentation
 * Fix missing `data:` URL in CSP
 * Fix oAuth2 name/label field
 * Fix GitLab API integration
 * Fix auto-completed but not rendered emojis
 * Fix menu organization depending on enabled services
 * Fix some logging in the OT module
 * Fix some unhandled internalOAuthError exception
 * Fix unwanted creation of robots.txt document in "freeurl-mode"
 * Fix some links on index page to lead to the right sections on feature page
 * Fix document breaking, empty headlines
 * Fix wrong multiplication for HSTS header seconds
 * Fix wrong subdirectories in exported user data
 * Fix CSP for speaker notes
 * Fix CSP for disqus
 * Fix URL API usage
 * Fix Gist embedding
 * Fix upload provider error message
 * Fix unescaped disqus user names
 * Fix SAML vulnerability
 * Fix link to SAML guide
 * Fix deep dependency problem with node 6.x
 * Fix broken PDF export by wrong unlink call
 * Fix possible XSS attack in MathJax
 
 * Refactor to use `ws` instead of the the no longer supported `uws`
 * Refactor frontend build system to use webpack version 4
 * Refactor file path configuration (views, uploads, …)
 * Refactor `manage_users` script
 * Refactor handling of template variables
 * Refactor linting to use eslint
 
 * Remove no longer working Octicons
 * Remove links to our old Gitter channel
 * Remove unused library node-uuid
 * Remove unneeded blueimp-md5 dependency
 * Remove speakerdeck due to broken implementation
 
 * Adam.emts (translator)
 * [Alex Garcia](https://github.com/asg017)
 * [Cédric Couralet (micedre)](https://github.com/micedre)
 * [Claudius Coenen](https://github.com/ccoenen)
 * [Daan Sprenkels](https://github.com/dsprenkels)
 * [David Mehren](https://github.com/davidmehren)
 * [Erona](https://github.com/Eronana)
 * [Felix Yan](https://github.com/felixonmars)
 * [Jonathan](https://github.com/phrix32)
 * Jong-kai Yang (translator)
 * [MartB](https://github.com/MartB)
 * [Max Wu (jackycute)](https://github.com/jackycute)
 * [mcnesium](https://github.com/mcnesium)
 * Nullnine (translator)
 * RanoIP (translator)
 * [SuNbiT](https://github.com/sunbit)
 * Sylke Vicious (translator)
 * Timothee (translator)
 * [WilliButz](https://github.com/WilliButz)
 * [Xaver Maierhofer](https://github.com/xf-)
 * [云屿](https://github.com/cloudyu)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAeWzysDCaBZIKvtIHwXMNjXN3/0FAlx9Dj8ACgkQHwXMNjXN
 3/2faw/8CYL5qB43K1L3wwMu5YMfVfrZALyQTrrb016I1VkGh+e18ffM4FOYSa5C
 xeUDf/GRa30EKqxaBZjsHoUGxQ196g9WvyA4HziEVUti2LvmWwnSjSvFqGrjFJ79
 veaCfxG2NjvVc+k2Ts+E8G+1VH5TdU/TloViE6hvsu9zAOjKlxbTVlhu/YTpkIx0
 9fmSSrSonMFURvVG9LFnTgtzf0f9cbjGCmu+EjKxDJ2CZ9WkjShaL3nuPTOXReaq
 0MYOaWZJBsDd8nWcVqIamkKhzz/U7jRO6PpvXG6TXhJo8cqml/qpr3ZD6j6L9FOq
 HDQUUcligMynPaSOUBkVQXmlSPljL/2q1NYHAo0zDlP1vcm5+EWt1D4o73RZU4h5
 41mNJhanDeNk/QPrnI+Dldwg1k4PBrLrlPUYyNM7F6FgoZPBTtFVJ9nQVHyI6UWS
 oa3iq0YKCd1ofl0AdfLljgIeRxpArQGK6ey87eXRZXveeDOC+TEAZeS1/1/cac7+
 R7uCszvvLUBdE3W7JzcS5Xo4TtARPOjLkaYKObZhtzUW1YtMyGk+HpIvx2yZet8K
 NGpneShNa6IvygsVQqZ1ZZfIYLFIDsLQmoAe1+dffGF3K2b+ObkrT/hSimP2Ftq0
 +MrdXH56cuKqfyGPnfoqa0zQhieGC6n57xW2WAoBAOcEmpx2Ng4=
 =cjCR
 -----END PGP SIGNATURE-----

Merge tag '1.3.0' into DepauMD

* Run db migrations on `npm start`
* Add documentation about integration with AD LDAP
* Add `rel="noopener"` to all links
* Add documentation about integration with Nextcloud for authentication
* Update URL on frontpage to point to codimd.org
* Replace Fontawesome with Forkawesome
* Add OpenID support
* Add print icon to slide view
* Add auto-complete for language names that are highlighted in codeblocks
* Improve translations for Chinese, Dutch, French, German, Italien, Korean, Polish, and Russian language
* Add Download action to published document API
* Add reset password feature to `manage_users` script
* Move from own `./tmp` directory to system temp directory
* Add Etherpad migration guide
* Move XSS library to a more native position
* Use full version string to determine changes from the backend
* Update winston (logging library)
* Use slide preview in slide example
* Improve migration handling
* Update reveal.js to version 3.7.0
* Replace scrypt library with its successor
* Replace `to-markdown` with `turndown` (successor library)
* Update socket.io
* Add warning on missing base URL
* Update bootstrap to version 3.4.0
* Update handlebar

* Fix paths in GitLab documentation
* Fix missing `data:` URL in CSP
* Fix oAuth2 name/label field
* Fix GitLab API integration
* Fix auto-completed but not rendered emojis
* Fix menu organization depending on enabled services
* Fix some logging in the OT module
* Fix some unhandled internalOAuthError exception
* Fix unwanted creation of robots.txt document in "freeurl-mode"
* Fix some links on index page to lead to the right sections on feature page
* Fix document breaking, empty headlines
* Fix wrong multiplication for HSTS header seconds
* Fix wrong subdirectories in exported user data
* Fix CSP for speaker notes
* Fix CSP for disqus
* Fix URL API usage
* Fix Gist embedding
* Fix upload provider error message
* Fix unescaped disqus user names
* Fix SAML vulnerability
* Fix link to SAML guide
* Fix deep dependency problem with node 6.x
* Fix broken PDF export by wrong unlink call
* Fix possible XSS attack in MathJax

* Refactor to use `ws` instead of the the no longer supported `uws`
* Refactor frontend build system to use webpack version 4
* Refactor file path configuration (views, uploads, …)
* Refactor `manage_users` script
* Refactor handling of template variables
* Refactor linting to use eslint

* Remove no longer working Octicons
* Remove links to our old Gitter channel
* Remove unused library node-uuid
* Remove unneeded blueimp-md5 dependency
* Remove speakerdeck due to broken implementation

* Adam.emts (translator)
* [Alex Garcia](https://github.com/asg017)
* [Cédric Couralet (micedre)](https://github.com/micedre)
* [Claudius Coenen](https://github.com/ccoenen)
* [Daan Sprenkels](https://github.com/dsprenkels)
* [David Mehren](https://github.com/davidmehren)
* [Erona](https://github.com/Eronana)
* [Felix Yan](https://github.com/felixonmars)
* [Jonathan](https://github.com/phrix32)
* Jong-kai Yang (translator)
* [MartB](https://github.com/MartB)
* [Max Wu (jackycute)](https://github.com/jackycute)
* [mcnesium](https://github.com/mcnesium)
* Nullnine (translator)
* RanoIP (translator)
* [SuNbiT](https://github.com/sunbit)
* Sylke Vicious (translator)
* Timothee (translator)
* [WilliButz](https://github.com/WilliButz)
* [Xaver Maierhofer](https://github.com/xf-)
* [云屿](https://github.com/cloudyu)
2019-03-13 13:19:21 +01:00
Christoph (Sheogorath) Kern
27ba5f910d
Merge pull request #1166 from SISheogorath/fix/exportEmojis
Fix broken HTML export with emojis
2019-03-13 11:50:50 +01:00
Sheogorath
5e634aef87
Fix possible order changes for 'Powered by' in other languages
Since not all languages use the same word oder and we run into potential
issues, where the translation of powered by need to add something after
the CodiMD link, this should give us the needed flexiblity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-10 01:43:13 +01:00
Christoph (Sheogorath) Kern
1ffc492442
Merge pull request #1076 from SISheogorath/fix/translation
Add some missing translations
2019-03-10 01:32:20 +01:00
Sheogorath
982775f6dc
Fix broken HTML export with emojis
HTML export was broken due to missing alt-attribute for emojis.

This patch adds the old alt-element style and restores the exportability
this way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 15:04:07 +01:00
Christoph (Sheogorath) Kern
329d39d0d0
Merge pull request #1131 from SISheogorath/fix/gitlabSnippets
Fix shown but broken GitLab snippets
2019-03-09 14:50:47 +01:00
Christoph (Sheogorath) Kern
d1b2fb2258
Merge pull request #1163 from SISheogorath/fix/googleAuth
Add required change for Google+ API deprecation
2019-03-09 14:50:20 +01:00
Sheogorath
cda878d377
Add required change for Google+ API deprecation
Since Google+ is shutting down soon, we need to get the profile data
from another URL. Since the library already supports it, all we need to
do is adding a single line of code.

Details:
https://github.com/hackmdio/codimd/issues/1160

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 14:42:06 +01:00
Sheogorath
bcb7972607
Fix shown but broken GitLab snippets
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.

This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-05 18:16:04 +01:00
Christoph (Sheogorath) Kern
de0acbb566
Merge pull request #1153 from toshi0123/for_empty_serverurl
Fix empty serverURL did not redirect properly
2019-03-05 18:11:37 +01:00
Christoph (Sheogorath) Kern
e48342a64a
Merge pull request #1155 from Turakar/master
Mention dependency on libssl-dev in README.md
2019-03-04 20:20:02 +01:00
Turakar
13ee05ba0d Mention dependency on libssl-dev in README.md
This dependency was introduced by upgrading to the new scrypt version in commit cee2aa92f9.

Signed-off-by: Tilman Hoffbauer <turakar23@gmail.com>
2019-03-04 20:14:55 +01:00
Sheogorath
b51a048777
Fix wrong value type for HSTS environment variable
Seem like also environment variables are affected. This patch fixes that
as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 17:13:43 +01:00
Sheogorath
32a1afbe86
Fix wrong value type in example config
HSTS maxAge has to be an integer, not a string.

Fixes https://github.com/hackmdio/codimd/issues/1159

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 16:59:44 +01:00
Sheogorath
20d1f17d2c
Add serbian language
Thanks for the work of the translator Vladan we got a serbian
translation added! Those few changes will add serbian language support
for future CodiMD releases.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 13:21:01 +01:00
Christoph (Sheogorath) Kern
126cd1b1f0
Merge pull request #1139 from Luclu7/patch-1
Corrected a typo
2019-03-04 13:10:56 +01:00
Sheogorath
87443dec5f
Release version 1.3.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 12:37:00 +01:00
toshi0123
6aab032709 Fix empty serverURL did not redirect properly
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
2019-03-04 13:59:14 +09:00
Sheogorath
1ee9874393
Fix names with spaces in letter-avatars
Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-03 15:46:28 +01:00
Christoph (Sheogorath) Kern
112827423a
Merge pull request #1157 from hackmdio/fix-MathJax-XSS-issue
Fix possible MathJax XSS issue [Security Issue]
2019-03-03 15:44:33 +01:00
Max Wu
1743a97c22 Fix possible MathJax XSS issue [Security Issue]
see more at: http://docs.mathjax.org/en/latest/safe-mode.html

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-03-03 18:32:58 +08:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 19:14:12 +01:00
Sheogorath
edfe7fc401
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 15:27:16 +01:00
Sheogorath
9981a6c8ba
Fix wrong domain in app.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 14:27:59 +01:00
Christoph (Sheogorath) Kern
5274247790
Merge pull request #1150 from SISheogorath/fix/speakerdeck
Remove broken speakerdeck embedding
2019-02-21 23:34:15 +01:00
Sheogorath
1f0fb12755
Fix CI errors for unused variables
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-21 01:36:39 +01:00
Sheogorath
c5ca7b634a
Remove broken speakerdeck embedding
The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.

This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-21 01:26:37 +01:00
Sheogorath
0d88707475
Update yarn.lock 2019-02-15 15:40:45 +01:00
Sheogorath
bce58db97c
Update handlebar to version 4.0.13
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.

Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
2019-02-15 15:40:44 +01:00
Claudius Coenen
baefa1c672
Merge pull request #1148 from felixonmars/patch-1
Fix several typos in auth/saml.md
2019-02-14 23:19:40 +01:00
Felix Yan
1ccadec5a3 Fix several typos in auth/saml.md
Signed-off-by: Felix Yan <felixonmars@archlinux.org>
2019-02-15 04:14:17 +08:00
Luclu7
d982d8aaf2
Corrected a typo
Signed-off-by: Luclu7 <me@luclu7.fr>
2019-02-07 20:47:43 +01:00
Christoph (Sheogorath) Kern
b28201176e Update ja.json (POEditor.com) 2019-01-31 13:06:56 +01:00
Sheogorath
806f403045
Disable OpenID by default
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.

This patch disables OpenID by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-25 19:31:34 +01:00
Christoph (Sheogorath) Kern
afcbea48cd
Merge pull request #1127 from SISheogorath/fix/unlinkFix
Fix broken PDF export by wrong unlink call
2019-01-25 18:27:33 +01:00
Sheogorath
4e81079050
Fix broken PDF export by wrong unlink call
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.

This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 13:02:53 +01:00
Sheogorath
3dc40116e4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 12:21:19 +01:00
Claudius Coenen
2c1a618c56
Merge pull request #1125 from hackmdio/dependency-node-6-fix
Fixing deep dependency problem with node 6.x
2019-01-24 01:18:07 +01:00
Claudius Coenen
fa0dea0a1b Fixing deep dependency problem with node 6.x
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: 231275b5a4
see: https://github.com/salesforce/tough-cookie/pull/141

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2019-01-23 23:37:13 +01:00
Christoph (Sheogorath) Kern
a9d12e3a28
Merge pull request #1124 from phrix32/patch-1
Fix reference to SAML guide in README
2019-01-22 11:03:20 +01:00
Jonathan
07697ee9a1 Fix reference to SAML guide in README
Signed-off-by: Jonathan Klauck <jonathan.klauck@aoe.com>
2019-01-22 10:48:45 +01:00
Christoph (Sheogorath) Kern
d69edd1def
Merge pull request #1123 from SISheogorath/fix/lintingTests
Add linting for tests
2019-01-21 23:16:22 +01:00
Sheogorath
bf229d91c6
Add linting for tests
The tests are currently not linted. This causes a different coding style
than the rest of the sources.

This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-21 17:17:54 +01:00
Christoph (Sheogorath) Kern
3a23bd7c05
Merge pull request #1121 from SISheogorath/test/CSP
Add tests for csp.js
2019-01-21 17:14:51 +01:00
Sheogorath
d408f4c0fe
Add tests for csp.js
Since we lack of tests but got some great point to start, let's write
more tests.

This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-19 13:54:52 +01:00
Sheogorath
5f1406a136
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-18 22:04:22 +01:00
Christoph (Sheogorath) Kern
b88a1ed04a
Merge pull request #1116 from dsprenkels/manage_users
Fix broken manage_users after Winston upgrade
2019-01-12 15:09:12 +01:00
Christoph (Sheogorath) Kern
4eb9d6941d
Merge pull request #1117 from SISheogorath/upgrade/bootstrap
Update bootstrap from 3.3.7 to 3.4.0
2019-01-12 15:08:54 +01:00
Sheogorath
62477f0279
Update bootstrap from 3.3.7 to 3.4.0
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-11 01:56:52 +01:00
Daan Sprenkels
7c144ac7a9 Fix broken manage_users after Winston upgrade
Commit c3584770 upgrades Winston and with that version
`logger.transports.console` becomes undefined. This commit
updates the code to prevent the crash.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2019-01-10 14:05:12 +01:00
Christoph (Sheogorath) Kern
4eb7748adb
Merge pull request #1114 from SISheogorath/fix/samlVersion
Update SAML to version 1.0.0
2019-01-09 11:53:11 +01:00
Sheogorath
9eb4e545d2
Update SAML to version 1.0.0
Seems like there was a security problem with the library.

This patch updates to version 1.0.0 which fixed the details.

Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-09 01:15:02 +01:00
Christoph (Sheogorath) Kern
7a83fc0f14
Merge pull request #1110 from dsprenkels/issue_1106
Remove blueimp-md5 dependency
2019-01-05 14:08:23 +01:00
Christoph (Sheogorath) Kern
dba9575c94
Merge pull request #1112 from hackmdio/fix-XSS-issues
Fix some XSS issues
2018-12-29 21:52:03 +01:00
Max Wu
067cfe2d1e Fix to escape html comment tag [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-12-28 16:42:55 +08:00
Max Wu
b89a35196a
Fix to sanitize disqus shortnames to remove slashes [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-12-28 16:39:13 +08:00
Daan Sprenkels
f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
Daan Sprenkels
318a37d41c Add a test for gravatar urls
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:45 +01:00
3a14801a8b Merge branch 'master' into DepauMD 2018-12-22 03:00:12 +01:00
Christoph (Sheogorath) Kern
f9cc2ff0ef
Merge pull request #1105 from SISheogorath/fix/gistCSP
Fix broken Gist embedding
2018-12-21 18:39:22 +01:00
Christoph (Sheogorath) Kern
e4845849dc
Merge pull request #1108 from dsprenkels/patch-1
Update upload provider error message
2018-12-21 18:38:49 +01:00
Daan Sprenkels
8835a09d95 Update upload provider error message
Fixes #1107.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-21 15:30:06 +01:00
4395b1dcfa Merge branch 'master' into DepauMD 2018-12-21 03:00:12 +01:00
Sheogorath
0f9e367015
Fix broken Gist embedding
Looks like GitHub changed their asset system and our CSP prevented them
from getting loaded.

This patch should fix the Gist embedding with enabled CSP by replacing
the old URL `https://assets-cdn.github.com` with the new
`https://github.githubassets.com`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-20 22:49:25 +01:00
Christoph (Sheogorath) Kern
f492fea418
Merge pull request #1103 from SISheogorath/fix/localImageUpload
Fix usage of new URL API
2018-12-20 22:42:17 +01:00
Sheogorath
0621d7a72d
Fix usage of new URL API
Due to the deprecation of the old `url`-API provided by NodeJS we
replaced `url.resolve` with `url.URL.resolve`, which doesn't exist.

This patch fixes the local filesystem upload of CodiMD by using the new
API correctly. Creating an URL object and using its href.

Some more background:
https://nodejs.org/api/url.html#url_url_href
https://nodejs.org/api/url.html#url_url_resolve_from_to

Fixes https://github.com/hackmdio/codimd/issues/1102

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-18 14:52:18 +01:00
84f948aa9a Merge branch 'master' into DepauMD 2018-12-15 03:00:13 +01:00
Christoph (Sheogorath) Kern
17b1b5d6bf Update ru.json (POEditor.com) 2018-12-13 00:10:57 +01:00
0a02264625 Merge branch 'master' into DepauMD 2018-12-07 03:00:16 +01:00
Christoph (Sheogorath) Kern
7f0fe6903c
Merge pull request #1091 from SISheogorath/fix/speakerNotesCSP
Fix CSP for speaker notes
2018-12-06 10:35:41 +01:00
Christoph (Sheogorath) Kern
b9848a4f7c
Merge pull request #1092 from SISheogorath/fix/disqusCSP
Fix disqus CSP
2018-12-06 10:35:24 +01:00
Sheogorath
ecee16bd73
Fix disqus CSP
Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.

This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 13:17:14 +01:00
Sheogorath
a556575b91
Fix CSP for speaker notes
Looks like I was wrong in my previous commit to update revealjs.[1]

The speaker notes broke again with the CSPs. So this patch updates the
hash and this way the speaker notes.

[1]: bcebf1e8d2

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 11:32:14 +01:00
650084daff Merge branch 'master' into DepauMD 2018-12-05 03:00:12 +01:00
Sheogorath
b40f14f66d
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-04 14:04:34 +01:00
107f4d03bd Merge branch 'master' into DepauMD 2018-12-02 00:40:31 +01:00
Christoph (Sheogorath) Kern
3cfd18d54f
Merge pull request #1085 from SISheogorath/update/socket.io
Update socket.io
2018-12-01 12:25:18 +01:00
Christoph (Sheogorath) Kern
786140331b
Merge pull request #1086 from SISheogorath/feature/urlWarning
Warn on missing serverURL
2018-12-01 12:25:02 +01:00
84dce80bc9 Merge branch 'master' into DepauMD 2018-11-29 03:00:13 +01:00
Sheogorath
a4941be3de
Warn on missing serverURL
We see some issues that are based on not properly configured
`config.serverURL`.

This patch adds a warning when `config.serverURL` is an empty value.
This should provide users direct feedback about how to improve their
configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 14:38:49 +01:00
Christoph (Sheogorath) Kern
b749d50e20
Merge pull request #1082 from cloudyu/pull
Fix wrong config options

In `./lib/web/auth/` some config includes still used `config.serverurl` instead of the correct `config.serverURL`. This causes wrong URL in worst case.

This patch should fix those problems and migrate the wrong statements to camelcase.
2018-11-28 13:27:38 +01:00
Sheogorath
cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Christoph (Sheogorath) Kern
769a1c4ccb
Merge pull request #1084 from dsprenkels/export-subdirs
Prevent subdirectories in user export
2018-11-28 10:26:41 +01:00
Daan Sprenkels
9fba268288 Prevent subdirectories in user export
This commit also refactors the code a bit, and adds a '-' separator
between a filename and its duplicate index.

This commit fixes #1079.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-28 09:13:28 +01:00
CloudYu
35a9f72a06 Fix typo
Signed-off-by: CloudYu <cloudyu322@gmail.com>
2018-11-27 22:14:37 +08:00
b72b3b48fe Merge branch 'master' into DepauMD 2018-11-26 23:59:06 +01:00
4f47ce33bb Merge branch 'master' into DepauMD 2018-11-26 23:58:51 +01:00
Christoph (Sheogorath) Kern
8bace89cab
Merge pull request #1072 from SISheogorath/update/doctoc
Update doctoc to version 1.4.0
2018-11-24 17:36:16 +01:00
Christoph (Sheogorath) Kern
4856aa2840
Merge pull request #1069 from SISheogorath/fix/to-markdown
Update from to-markdown to turndown
2018-11-24 17:35:53 +01:00
Christoph (Sheogorath) Kern
6d0c3ccd23
Merge pull request #1071 from SISheogorath/fix/node-uuid
Remove node-uuid
2018-11-24 17:35:38 +01:00
Sheogorath
494a0d5f06
Add some missing translations
There are some places in our code that made it to be not translated.

This patch fixes some small translation problems and adds some static
strings in templates to translation.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-23 17:10:44 +01:00
Christoph (Sheogorath) Kern
4a623c95db Update ko.json (POEditor.com) 2018-11-23 12:10:14 +01:00
Christoph (Sheogorath) Kern
bf1f14d17c Update it.json (POEditor.com) 2018-11-23 12:10:11 +01:00
Sheogorath
306c25d8f7
Update doctoc to version 1.4.0
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.

This patch updates to the version containing the new, namespaced,
package.

References:
https://github.com/thlorenz/doctoc/pull/151

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 16:43:26 +01:00
Sheogorath
1091efc259
Remove node-uuid
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.

This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:38:40 +01:00
Sheogorath
f9929605af
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:34:56 +01:00
Christoph (Sheogorath) Kern
41fd4f0d66
Merge pull request #1070 from SISheogorath/fix/configExample
Fix typo in config.json.example
2018-11-21 11:32:00 +01:00
Sheogorath
fb46e188b8
Fix typo in config.json.example
We recently added the new logging option. As it turns out, the new
option was not added correctly, which points out that our current json
linting is **not working**. It throws an error but doesn't break.

This patch fixes the typo in the example. It does not fix the CI part.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:17:59 +01:00
Sheogorath
33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Christoph (Sheogorath) Kern
2323d203b4
Merge pull request #1063 from SISheogorath/fix/nodeVersion
After removing ws, node version 10 should work
2018-11-21 01:42:35 +01:00
Christoph (Sheogorath) Kern
26b617b032
Merge pull request #1066 from SISheogorath/update/scrypt
Switch scrypt library to a successor
2018-11-21 01:42:19 +01:00
Sheogorath
cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Christoph (Sheogorath) Kern
234171e117
Merge pull request #1065 from SISheogorath/update/reveal.js
Update reveal.js to version 3.7.0
2018-11-21 01:29:52 +01:00
Christoph (Sheogorath) Kern
2244b11730
Merge pull request #1064 from SISheogorath/fix/hstsSeconds
Fix wrong maxAgeSeconds multiplication
2018-11-21 01:29:04 +01:00
Sheogorath
bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Sheogorath
2d241b9300
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:06:37 +01:00
Sheogorath
0aa3116805
Fix wrong maxAgeSeconds multiplication
It seems like the inital work on the hsts module expected milliseconds.
This has either changed or was never true. Either way, it caused that
the current defaults resulted in theory in a 1000 year HSTS policy.
Luckily helmet was smart enough to not go higher than 1 year.

Anyway, this patch fixes the multiplication of the configured size with
1000 by removing this multiplication.

Also to simplify the reading of the defaults, we split them into their
components, 60 times 60 seconds so we get one hour. 24 of those hours so
we get a day and finally 365 days to get our original wanted default of
one year.

Reference:
d69d65ea74
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:01:54 +01:00
Christoph (Sheogorath) Kern
271dff3808
Merge pull request #1043 from SISheogorath/fix/tocEmptyHead
Fix ToC breaking documents with empty h* elements
2018-11-19 21:33:34 +01:00
Sheogorath
d6dd33620c
Fix wrong anchors
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.

This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 20:20:56 +01:00
Sheogorath
e3b6bcc5f8
After removing ws, node version 10 should work
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.

As far as I can say, it works, so let's try to remove the restriction to
"<10.x"

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:42:28 +01:00
Sheogorath
9951b7df7c
Fix ToC breaking documents with empty h* elements
Right now, the ToC has an undefined variable i that was an index in the
original ToC code. Since the major rewrite in
4fe0620853 it's a recursive function
without this index. The variable `i` was wrongly copied into its current
place from the old code.

This patch replaces the variable `i` with the index of the header
element. Fix the undefined variable problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:27:06 +01:00
Christoph (Sheogorath) Kern
f46a84ab54
Merge pull request #1061 from SISheogorath/feature/updateHints
Add hints about how to be informed about updates
2018-11-19 01:11:00 +01:00
Christoph (Sheogorath) Kern
9a267ed0dd Update de.json (POEditor.com) 2018-11-18 17:22:45 +01:00
Christoph (Sheogorath) Kern
6d05c6d479 Update fr.json (POEditor.com) 2018-11-18 17:22:42 +01:00
Christoph (Sheogorath) Kern
6cc6d564a1 Update nl.json (POEditor.com) 2018-11-18 17:22:39 +01:00
Christoph (Sheogorath) Kern
435341c557 Update zh-TW.json (POEditor.com) 2018-11-18 17:22:36 +01:00
Christoph (Sheogorath) Kern
120dcc3dae Update zh-CN.json (POEditor.com) 2018-11-18 17:22:33 +01:00
Christoph (Sheogorath) Kern
9a8614ea8b Update de.json (POEditor.com) 2018-11-18 12:38:31 +01:00
Christoph (Sheogorath) Kern
651c4be7b8 Update fr.json (POEditor.com) 2018-11-18 12:38:28 +01:00
Christoph (Sheogorath) Kern
4f071fba7d Update nl.json (POEditor.com) 2018-11-18 12:38:25 +01:00
Christoph (Sheogorath) Kern
96efb09a38 Update zh-TW.json (POEditor.com) 2018-11-18 12:38:22 +01:00
Christoph (Sheogorath) Kern
d8fcc83d37 Update zh-CN.json (POEditor.com) 2018-11-18 12:38:19 +01:00
Christoph (Sheogorath) Kern
4b212c8315
Merge pull request #1060 from SISheogorath/fix/indexLinks
Fixing links on index page
2018-11-18 02:46:39 +01:00
Sheogorath
62cad26e08
Add hints about how to be informed about updates
Keeping people in the loop about new version of CodiMD is not easy. When
people don't keep an eye on GitHub it's easy to miss new versions.

To help people keeping their software up to date, this patch adds hints
to check out our community channel or simply the GitHub Atom feed
generated for based on the release page to get informed about new
versions.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-18 02:16:04 +01:00
Christoph (Sheogorath) Kern
af06d38781 Update nl.json (POEditor.com) 2018-11-18 00:51:00 +01:00
Sheogorath
71ce7921bd
Fixing links on index page
Seems like ids in Firefox are case sensitive. So linking in the current
way fails.

This patch fixes the links by using the exact matching version of the
titles on the features page.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-18 00:26:51 +01:00
Christoph (Sheogorath) Kern
5f0d04334b
Merge pull request #1053 from dsprenkels/robots.txt
Disallow creation of robots.txt in freeurl
2018-11-17 13:30:06 +01:00
Daan Sprenkels
4bd8d7eb91 Disallow creation of robots.txt in freeurl
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.

This commit fixes #1052.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-17 13:23:03 +01:00
Christoph (Sheogorath) Kern
6f7fd74b1a
Merge pull request #943 from SISheogorath/feature/improveSetup
Some minor improvements for setup script
2018-11-17 12:42:24 +01:00
Christoph (Sheogorath) Kern
1e2bf3698f
Merge pull request #1040 from sunbit/master
Fix migration failure due to change on error messages
2018-11-17 12:34:15 +01:00
Christoph (Sheogorath) Kern
7328e7ad79
Merge pull request #1059 from SISheogorath/fix/winstonStreaming
Fix streaming for winston
2018-11-17 11:36:56 +01:00
Carles Bruguera
5da10c0e2c Update error message text checks
Signed-off-by: Carles Bruguera <carlesba@gmail.com>
2018-11-16 23:53:50 +01:00
Sheogorath
bdeb053397
Fix streaming for winston
During the upgrade of winston in
c3584770f2 a the class extension for
streaming was removed.

This caused silent crashes. Somehow winston simply called
`process.exit(1)` whenever `logger.write()` was called. This is really
bad and only easy to debug because of the testing right after upgrading.

However, reimplementing the stream interface as it was, didn't work, due
to the fact that `logger.write()` is already implemented and causes the
mentioned problem. So we extent the object with an `stream` object that
implements `write()` for streams and pass that to morgan.

So this patch fixes unexpected exiting for streaming towards our logging
module.

References:
https://www.digitalocean.com/community/tutorials/how-to-use-winston-to-log-node-js-applications
c3584770f2
https://stackoverflow.com/a/28824464
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-16 11:49:39 +01:00
Christoph (Sheogorath) Kern
f1367ba270
Merge pull request #1058 from ccoenen/bug/oauth2internalerror
InternalOAuthError is not part of passport, but of passport-oauth2 #1056
2018-11-16 11:45:50 +01:00
Christoph (Sheogorath) Kern
db69983a62
Merge pull request #1057 from ccoenen/eslint
switching to eslint for code checking
2018-11-16 11:45:20 +01:00
Claudius Coenen
858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Claudius Coenen
56c043424d InternalOAuthError is not part of passport, but of passport-oauth2
This fixes part of #1056: an error while obtaining the profile
would have `502`-crashed the server.

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 14:38:47 +01:00
Christoph (Sheogorath) Kern
f9aa001ee7
Merge pull request #1055 from SISheogorath/upgrade/winston
Upgrade winston / refactor logging
2018-11-14 12:13:43 +01:00
Christoph (Sheogorath) Kern
fc49326b94
Merge pull request #1047 from SISheogorath/docs/slideMode
Add documentation for document type
2018-11-14 10:49:59 +01:00
Sheogorath
d94271c81a
Add documentation for slide view mode to features page
Since it's a very useful feature, we should mention it in multiple 
locations.

So we mention it in the slide mode section of the features page.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 01:06:20 +01:00
Sheogorath
43021283e4
Some minor improvements to the yaml-metadata docs
Switching form XAML to YAML syntax highlighting and fixing some grammar.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 01:06:20 +01:00
Sheogorath
3020c11d11
Add documentation for type field
The yaml-metadata documentation should mention the type field. This is
also open for future extension.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 01:06:20 +01:00
Sheogorath
44ca7be294
Activate slide editing mode for example
We have this awesome editing mode for slide shows. We just don't enable 
it or tell anyone that it exists. Maybe we should do this.

This patch sets the type for the slide example.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 01:04:56 +01:00
Sheogorath
c3584770f2
Upgrade winston
Our log library got a new major version which should be implemented.

That's exactly what this patch does. Implementing the new version of the
logging library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 00:47:11 +01:00
Christoph (Sheogorath) Kern
df2a2e6c6c
Merge pull request #1054 from SISheogorath/fix/otLogging
Fix logging in ot module
2018-11-13 23:59:56 +01:00
Sheogorath
694fb37aea
Fix logging in ot module
Seems like there was some debugging going on some day, this patch should
make sure the right logging is used.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-13 23:30:13 +01:00
Christoph (Sheogorath) Kern
54d3d930cf
Merge pull request #1027 from asg017/master
Add download action to published notes
2018-11-12 22:11:44 +01:00
Christoph (Sheogorath) Kern
8ad3fdc3ca
Merge pull request #983 from SISheogorath/fix/disableIndexes
Enforce disabled index for static assets
2018-11-12 22:11:05 +01:00
Sheogorath
e8ec9a8af4
Enforce disabled index for static assets
ExpressJS still does allow serving index.html files. This change
disables that permanently.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-12 21:42:55 +01:00
Christoph (Sheogorath) Kern
1d8c83cec5
Merge pull request #1028 from SISheogorath/docs/editorModes
Add documentation about editor modes in features page
2018-11-12 21:40:30 +01:00
Christoph (Sheogorath) Kern
51f095a02b
Merge pull request #1048 from dsprenkels/etherpad-migration-guide
Add an etherpad migration guide
2018-11-12 21:30:48 +01:00
Sheogorath
3d1b138a31
Update yarn.lock 2018-11-12 14:27:42 +01:00
Christoph (Sheogorath) Kern
4a39017fe0
Merge pull request #1051 from SISheogorath/feature/fullversion
Fix wrong reading from commit
2018-11-12 14:21:03 +01:00
Sheogorath
4b0528ac4f
Fix wrong reading from commit
Right now we use a substr after reading the commit. That's definitely
wrong and leads to wrong commit hashes since the first 5 chars are
missing.

This patch removes the substr usage here and this way fixes the
generated links.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-12 11:18:38 +01:00
Christoph (Sheogorath) Kern
2a8b56e14b
Merge pull request #1046 from SISheogorath/feature/optimizeXSS
Remove the xss library from webpack
2018-11-11 19:01:44 +01:00
Christoph (Sheogorath) Kern
a1211abd32
Merge pull request #961 from SISheogorath/feature/osTEMP
Use OS based tmp dir
2018-11-11 19:00:58 +01:00
Christoph (Sheogorath) Kern
ca9c4b3135
Merge pull request #991 from SISheogorath/feature/fullversion
Add full version string (and no AGPL violation detection)
2018-11-11 19:00:03 +01:00
Sheogorath
bcc914a773
Add full version string
Currently we only provide the version from `package.json`. This means
that during updates of instances, e.g. the demo instance, which runs
latest master instead of a stable release, changes are not reflected to
the webclient.

This patch adds a fullversion string that contains the current commit
and this way makes that clients are notified about changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-11 12:44:19 +01:00
Daan Sprenkels
1f8e8b476f Add an etherpad migration guide
In this guide I share how a migration from etherpad to codimd can
be done. I am not completely sure if the script that is included is
completely error-free. Readers/reviewers should be aware that there
may be bugs.may be bugs.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-10 23:48:03 +01:00
Sheogorath
c59b94a37b
Remove the xss library from webpack
We can load the xss functions directly from the library instead of
loading them through the expose loader of webpack, this should simplify
the setup and maybe even improve speed a bit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-10 20:27:07 +01:00
Christoph (Sheogorath) Kern
4e5e7df4f8
Merge pull request #1041 from micedre/export-menu-fix
Fix menu when gitlab is enabled
2018-11-07 13:35:10 +01:00
Cédric Couralet
67f8a64f2b Fix menu for github and dropbox
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-11-07 12:30:17 +00:00
Cédric Couralet
d24fb48f16 Fix menu when gitlab is enabled
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-11-07 11:32:20 +00:00
Christoph (Sheogorath) Kern
dbcb469fd3
Merge pull request #1033 from SISheogorath/fix/versions
Upgrade some package versions
2018-11-06 19:12:30 +01:00
Christoph (Sheogorath) Kern
e17522add9
Merge pull request #1034 from SISheogorath/fix/emojiPlugin
Again: Replace emoji-plugin regex
2018-11-06 19:11:56 +01:00
Claudius Coenen
64e9dfd714
Merge pull request #1035 from ccoenen/feature/global-site-layout-vars
removing global site layout vars from individual routers
2018-11-05 00:35:48 +01:00
Claudius
44ffc564da removing global site layout vars from individual routers, putting them into app.local
Signed-off-by: Claudius <opensource@amenthes.de>
2018-11-03 00:52:48 +01:00
Sheogorath
d188b3526a
Again: Replace emoji-plugin regex
The Regex introduced in the last commit[1], was already working quite
good. But still resulted in false positives for all URL that contained a
second `:`.

To fix this once and for all, we craft a simple, but long regex based on
all emoji names and use this to match them.

We could probably optimize it, but that should also be something the
regex engine itself can and should do.

[1]: 7e45533c75 (in this source tree)

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 15:33:45 +01:00
af995b048d Merge branch 'master' into DepauMD 2018-10-31 03:00:12 +01:00
Sheogorath
59b3885dda
Use OS based tmp dir
We should use the official OS temp directory instead of an own one, to
not run into conflicts. Also various dependencies already use the OS
temp directory, which makes it pointless to use a different for our
internal purposes then. This commit provides the changes needed to use
the OS tmp directory by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 00:37:11 +01:00
Christoph (Sheogorath) Kern
637f955bdd
Merge pull request #1030 from Eronana/patch-1
add option reset in bin/manage_users
2018-10-31 00:33:57 +01:00
Christoph (Sheogorath) Kern
d79301a00d
Merge pull request #1031 from SISheogorath/fix/emojiPlugin
Fix emoji regex
2018-10-31 00:30:23 +01:00
Sheogorath
77b2757a16
Upgrade some package versions
`npm audit` reports a ton of issues on CodiMD. Most of them are minor
issues, but these are still things that should be fixed.

This changes were created by running `npm audit fix`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 00:27:53 +01:00
Sheogorath
7e45533c75
Fix emoji regex
The old regex, adapted from the other plugins, was a bit too open for
matching. This leads to matching something like: `This is a sentence:
[And something with a: in it.]()` which doesn't become a link anymore.
Because the match is: ` [And something with a`.

This patch provides a fix for the regex to only match non-space string
within the `:`'s.

References:
- Introducing commit:
2063eb8bdf
- Inspirational source of the original RegEx:
2063eb8bdf/public/js/extra.js (L1095)

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-29 20:37:47 +01:00
Erona
3abf1f04ed
feat(bin): ensure email exists
Signed-off-by: Erona <erona@loli.bz>
2018-10-29 23:11:32 +08:00
Erona
e90d4d824b
feat(bin): add option --reset to reset user password
Signed-off-by: Erona <erona@loli.bz>
2018-10-29 23:11:32 +08:00
Erona
79842b82e8
refactor(bin): add function getPass in bin/manage_users
Signed-off-by: Erona <erona@loli.bz>
2018-10-29 23:11:32 +08:00
Erona
63626b1267
refactor(bin): eliminate var and use template string refactor string things
Signed-off-by: Erona <erona@loli.bz>
2018-10-29 23:11:32 +08:00
Erona
2f82e0c86a
refactor(bin): add function showUsage to refactor usage things
Signed-off-by: Erona <erona@loli.bz>
2018-10-29 23:11:19 +08:00
Erona
7b12945c49
refactor(bin): refactor check args in bin/manage_users
Signed-off-by: Erona <erona@loli.bz>
2018-10-29 22:34:45 +08:00
6b2c7b1778 Merge branch 'master' into DepauMD 2018-10-29 03:00:12 +01:00
Christoph (Sheogorath) Kern
279213eb75 Update it.json (POEditor.com) 2018-10-28 10:12:40 +01:00
Christoph (Sheogorath) Kern
73ff7fea5b Update fr.json (POEditor.com) 2018-10-28 10:12:37 +01:00
Sheogorath
0915b33000
Add documentation about editor modes in features page
Codemirror provides various modes via keymapping. These are already
available by a menu in the interface. But they aren't mentioned
anywhere.

This patch provides some documentation about the editor modes and their
implications. Since they are a feature, the documentation is done on the
features page.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-28 10:01:47 +01:00
Alex Garcia
fcf08f89c3 forgot break statement
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
2018-10-27 17:54:01 -07:00
Alex Garcia
5b789025f3 Add download action to published notes
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
2018-10-27 16:55:14 -07:00
e8e503ceda Merge branch 'master' into DepauMD 2018-10-23 03:00:11 +02:00
Christoph (Sheogorath) Kern
152dfc2323
Merge pull request #997 from SISheogorath/docs/slidePrint
slide example: Add link to slide printing instructions
2018-10-22 23:03:11 +02:00
Christoph (Sheogorath) Kern
e115423d12
Merge pull request #1006 from SISheogorath/fix/missingEmojis
Fix not rendered autocomplete emojis
2018-10-22 23:02:33 +02:00
8458e18c51 Merge branch 'master' into DepauMD 2018-10-20 03:00:10 +02:00
Christoph (Sheogorath) Kern
26a65322a4
Merge pull request #1021 from davidmehren/webpack-4
Webpack: Cleanup common config
2018-10-19 14:42:02 +02:00
David Mehren
098908fb25
Code style fixes for webpack.common.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-19 12:46:44 +02:00
David Mehren
8264f50062
Use const instead of var in webpack configs.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-19 12:46:39 +02:00
a1d0a8c30c Merge branch 'master' into DepauMD 2018-10-18 03:00:10 +02:00
Christoph (Sheogorath) Kern
c97027b897
Merge pull request #1018 from SISheogorath/remove/gitter
Remove Gitter from codebase
2018-10-17 16:03:27 +02:00
627650c57c Merge branch 'master' into DepauMD 2018-10-17 03:00:30 +02:00
Sheogorath
7d5abadcf7
Remove Gitter from codebase
We no longer use Gitter for development talk and similar. So we might
want to remove it?

This patch removes Gitter from README, help page and features page. And
replaces it in the help modal with POEditor, our translation platform.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-17 02:28:19 +02:00
Christoph (Sheogorath) Kern
dba56b6f33
Merge pull request #1017 from MartB/master
Fix #1016: webpack include defect for scripts and header files.
2018-10-16 13:31:08 +02:00
MartB
6bce9ac5bf Fix #1016: webpack include defect for scripts and header files.
Signed-off-by: MartB <mart.b@outlook.de>
2018-10-16 11:40:21 +02:00
55d4e230b3 Merge branch 'master' into DepauMD 2018-10-16 03:00:22 +02:00
Christoph (Sheogorath) Kern
e47442c604 Update de.json (POEditor.com) 2018-10-15 10:10:00 +02:00
1c7200b098 Merge branch 'master' into DepauMD 2018-10-13 03:00:10 +02:00
Christoph (Sheogorath) Kern
d3ec67bbd7 Update pl.json (POEditor.com) 2018-10-12 07:45:37 +02:00
Christoph (Sheogorath) Kern
5fd8b77f80 Update fr.json (POEditor.com) 2018-10-12 07:44:03 +02:00
13a10da740 Merge branch 'master' into DepauMD 2018-10-12 03:00:11 +02:00
Christoph (Sheogorath) Kern
1abf7c54ae
Merge pull request #1004 from SISheogorath/feature/integrateHljs
Add autocomplete for highlight.js languages into codemirror
2018-10-11 17:30:03 +02:00
b665a62323 Merge branch 'master' into DepauMD 2018-10-11 03:00:12 +02:00
Sheogorath
a7281a5275
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-11 00:23:23 +02:00
Christoph (Sheogorath) Kern
763b000bc6
Merge pull request #985 from SISheogorath/fix/helmetCSP
Add `data:` URL to CSP and upgrade helmet
2018-10-11 00:19:24 +02:00
Christoph (Sheogorath) Kern
4bce4b1635
Merge pull request #989 from SISheogorath/remove/octicon
Remove dead package octicon
2018-10-11 00:19:00 +02:00
Sheogorath
1d452a6ed4
Remove dead package octicon
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 23:42:41 +02:00
Christoph (Sheogorath) Kern
bf525e43d4
Merge pull request #1007 from davidmehren/webpack-4
Webpack 4 refactor & docs
2018-10-10 23:38:13 +02:00
David Mehren
7eed584c01
Update yarn.lock
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
David Mehren
ea027c9b19
Add dev-docs for webpack.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
David Mehren
9f92bba036
Use webpack-merge.
Move html export config to own file.
Delete unnecessary config options.
Use cheap source maps.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
David Mehren
9a2dcd40d3
Rename Webpack config to official recommendation
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Sheogorath
2063eb8bdf
Fix not rendered autocomplete emojis
Currently we have some emojis that are autocompleted but won't show up
in the resulting document.

This patch adds all emojis that are pushed to Codemirror and applies
them to the markdown rendering process, so they become usable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 21:24:33 +02:00
Sheogorath
1a9df22680
Add autocomplete for highlight.js languages into codemirror
Right now we support code highlighting for rust, but it doesn't appear
in autocomplete of codemirror, because codemirror is not aware of it.

This patch lets highlightjs simply tell codemirror, what it supports and
adds this to the autocomplete list.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 11:13:52 +02:00
008ce565b8 Merge branch 'master' into DepauMD 2018-10-10 03:00:10 +02:00
Sheogorath
c7478c1694
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-09 23:08:57 +02:00
Christoph (Sheogorath) Kern
535ee36a26
Merge pull request #993 from SISheogorath/feature/useForkAwesome
Replace font-awesome with fork-awesome
2018-10-09 21:58:15 +02:00
Christoph (Sheogorath) Kern
5c4df14bbc
Merge pull request #990 from SISheogorath/fix/oauthProviderName
Make oauth2 provider name accessible
2018-10-09 21:57:37 +02:00
Christoph (Sheogorath) Kern
482a91e15d
Merge pull request #1002 from micedre/fix-issue-1001
Fix #1001: get only project user is member of (and return max of results)
2018-10-09 09:16:34 +02:00
Christoph (Sheogorath) Kern
3817d580dd
Merge pull request #1000 from micedre/fix-issue-986
Fix #986 : Visibility is now transmitted with gitlab V4 api
2018-10-09 09:14:06 +02:00
Cédric Couralet
d7987def7f Fix #1001: get only project user is member of (and return max of results)
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-10-09 07:04:04 +00:00
Cédric Couralet
702f52f07c Fix #986 : Visibility is now transmitted with gitlab V4 api
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-10-09 06:46:25 +00:00
aaf4f0ae96 Merge branch 'master' into DepauMD 2018-10-08 03:00:10 +02:00
Christoph (Sheogorath) Kern
466dc9bc21
Merge pull request #992 from SISheogorath/fix/maintainer
Fix maintainer and URL in package.json
2018-10-08 01:12:23 +02:00
Sheogorath
2ddc80fc20
slide example: Add link to slide printing instructions
The printing instructions seem to not be really clear. Linking the
reveal.js offical docs should help.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-07 15:21:29 +02:00
Christoph (Sheogorath) Kern
616dfdf543
Merge pull request #994 from xf-/patch-1
Update supported node.js version
2018-10-07 12:57:13 +02:00
0b5129d01b Merge branch 'master' into DepauMD 2018-10-07 03:00:11 +02:00
Xaver Maierhofer
fd54e3f3ac
Update supported node.js version
Support includes v9.x, but no v10.x

Signed-off-by: Xaver Maierhofer <xaver.maierhofer@xwissen.info>
2018-10-07 02:33:38 +02:00
Sheogorath
53ad4ef555
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-06 15:56:18 +02:00
Christoph (Sheogorath) Kern
02d64cd56a
Merge pull request #942 from SISheogorath/feature/openID
Add OpenID to CodiMD
2018-10-06 15:48:01 +02:00
15273cc4c5 Merge branch 'master' into DepauMD 2018-10-06 03:00:11 +02:00
Sheogorath
9f9c4089be
Add OpenID to CodiMD
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 22:43:32 +02:00
Christoph (Sheogorath) Kern
32af96aa37
Merge pull request #940 from WilliButz/fix-configurable-paths
enhance configurabiltiy of paths & make execution path-independent
2018-10-05 22:21:01 +02:00
Sheogorath
5212bbf9c4
Replace font-awesome with fork-awesome
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 21:52:08 +02:00
Sheogorath
a006f53dea
Update URL to codimd's own URL
Since we have an own URL we should use it in here, since CodiMD and
HackMD are really drifting away from each other.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:36:45 +02:00
Sheogorath
36117195fa
Add myself as maintainer
Well, since I'm currently the maintainer of CodiMD, I should maybe
mentioned in the package.json, just in case someone is willing to
contact me about it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:35:43 +02:00
deb2245bc3 Merge branch 'master' into DepauMD 2018-10-05 03:00:10 +02:00
Sheogorath
3d1d03fa87
Make oauth2 provider name accessible
Right now the feature exists but is almost not usable since the only way
to configure it is to know that it exists from reading the source code
and add it to config.json. This patch provides all needed changes so it
can be used by everyone including documentation.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 20:45:25 +02:00
Christoph (Sheogorath) Kern
f186f73373
Merge pull request #982 from SISheogorath/feature/useNoOpener
Add rel="noopener" to target="_blank" links
2018-10-04 20:08:42 +02:00
Christoph (Sheogorath) Kern
c35da4efe6
Merge pull request #988 from ccoenen/oauth2-docs
Oauth2 docs
2018-10-04 20:08:23 +02:00
Christoph (Sheogorath) Kern
ada5f51694
Merge pull request #981 from SISheogorath/fix/devMode
Add development mode for webpack in package.json
2018-10-04 20:06:32 +02:00
Christoph (Sheogorath) Kern
03a4e3c0c2
Merge pull request #987 from ccoenen/nextcloud-oauth2
How to use Nextcloud as OAuth2 Provider for CodiMD
2018-10-04 20:04:29 +02:00
Claudius Coenen
423956c44d details about OAuth2 in general. Fixes #930
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-10-04 11:37:48 +02:00
Claudius Coenen
a10f551023 How to use Nextcloud as OAuth2 Provider for CodiMD
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-10-04 11:06:33 +02:00
Sheogorath
d4a9bb3c7e
Add data: URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 03:04:36 +02:00
cc85d2d78c Merge branch 'master' into DepauMD 2018-10-04 03:00:11 +02:00
Sheogorath
75a23fe2c9
Add rel="noopener" to target="_blank" links
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.

Some more details: https://mathiasbynens.github.io/rel-noopener/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 01:49:36 +02:00
Sheogorath
a47d91dbd0
Add development mode for webpack in package.json
Seems like we have to explicitly tell the new webpack version that we
want to use the development environment. This provides us with source
maps and similar.

This patch adds the commandline option in our scripts in package.json

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:34:25 +02:00
Sheogorath
d9ba11b21a
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:31:56 +02:00
Christoph (Sheogorath) Kern
7ea2c3b55f
Merge pull request #974 from mcnesium/patch-1
fix image paths
2018-10-03 19:14:36 +02:00
Christoph (Sheogorath) Kern
ae8fa41f92
Merge pull request #958 from SISheogorath/fix/uws
Replace `uws` with `ws` package
2018-10-03 16:54:35 +02:00
Christoph (Sheogorath) Kern
edcd8a23ff
Merge pull request #932 from davidmehren/webpack-4
Upgrade to Webpack 4
2018-10-03 16:52:32 +02:00
Christoph (Sheogorath) Kern
7749a72f28
Merge pull request #968 from SISheogorath/docs/ldap-AD
Add documentation for an LDAP setup against Active Directory
2018-10-03 16:51:53 +02:00
Sheogorath
da818384af
Update version to 1.2.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 16:24:36 +02:00
Sheogorath
7b10f0bed2
Update release notes for 1.2.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 16:24:36 +02:00
Sheogorath
c402abb0a5
Revert "Remove unused dependency"
This reverts commit d2ded08f59.

Seems like the package is used for building the sqlite3 integration.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 13:23:10 +02:00
Christoph (Sheogorath) Kern
0bedc6f126
Merge pull request #979 from SISheogorath/fix/removeUnusedDependencies
Remove unused dependency
2018-10-03 13:02:15 +02:00
Sheogorath
d2ded08f59
Remove unused dependency
This dependency where installed, but it seems like they were never used.
Seems like it's a remaining piece from the the prototyping phase of the
project.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 12:42:11 +02:00
ced1193401 Merge branch 'master' into DepauMD 2018-10-03 03:00:10 +02:00
Christoph (Sheogorath) Kern
14ac20df1c
Merge pull request #977 from SISheogorath/fix/newExample
Replace youtube example video on features page
2018-10-03 00:19:04 +02:00
Christoph (Sheogorath) Kern
6bd7616792
Merge pull request #976 from SISheogorath/feature/newFooter
Some minor footer improvements
2018-10-03 00:18:40 +02:00
Sheogorath
e0e037b5e1
Replace youtube example video on features page
Since the youtube video on our feature page seems to have vanished, this
patch replaces it with an video of the blender foundation

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-02 12:55:08 +02:00
Sheogorath
a1fe5f37f6
Some minor footer improvements
Removing copyrigt sign since we are not copyrighting things.

Changing hackmd.io to codimd.org since HackMD is more and more dividing
from CodiMD and may brings up wrong expectations.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-01 12:18:12 +02:00
mcnesium
ac95c4e442 fix image paths in moved GitLab auth guide
Signed-off-by: mcnesium <git@mcnesium.com>
2018-09-30 11:09:01 +02:00
3cb4d825c1 Merge branch 'master' into DepauMD 2018-09-28 03:00:10 +02:00
Sheogorath
c03b42d5d4
Fix little bug in length limit
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-28 00:17:43 +02:00
Christoph (Sheogorath) Kern
ffc28e06f3
Merge pull request #971 from SISheogorath/fix/gitlabWarning
Set default to `v4`
2018-09-27 22:45:12 +02:00
Sheogorath
57e6d3a482
Set default to v4
Seems like we didn't fix the problem with the last patch. This should
finally fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-27 21:57:12 +02:00
Christoph (Sheogorath) Kern
55f7568985
Merge pull request #966 from SISheogorath/fix/documentLength
Fix document length limit on post
2018-09-27 20:10:50 +02:00
WilliButz
61e240192e
README: add note about configurable paths
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-27 12:08:29 +02:00
1568a5eb83 Merge branch 'master' into DepauMD 2018-09-27 03:00:10 +02:00
Claudius
bb80bc2292
removing superfluous config parameters for template files
Signed-off-by: Claudius <opensource@amenthes.de>
2018-09-26 21:01:15 +02:00
WilliButz
825ee4e66e
app.js: add missing routes for configurable paths
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 20:58:38 +02:00
WilliButz
12cd747270
imageRouter/filesystem: make callback path-independent
Images are now properly served when `config.uploadsPath`
differs from its default value.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 20:55:15 +02:00
Sheogorath
3122e351cd
Add documentation for an LDAP setup against Active Directory
Since our documentation on our LDAP configs is quite small, I add this
example for LDAP in an Active Directory environment.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-26 19:13:07 +02:00
WilliButz
556783ffad
lib/config: use path.resolve instead of path.join
While paths like `tmpPath` could previously be configured,
they were all interpreted relative to `appRootPath` because
of `path.join`.

Now the configurable paths can be canonical and therefore
independent of the `appRootPath`.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:37 +02:00
WilliButz
e48852e0e2
lib/config: add environment variable to set config file
Previously it was assumed that `config.json` would be placed in
the same directory as the rest of CodiMD without any optional override.

This allows to override the path to the `config.json` by setting
`CMD_CONFIG_FILE` to the canonical path of the desired config file.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:37 +02:00
WilliButz
bd2f7cef49
lib/models/revision.js: make independent of exec-path
Previously calling `app.js` from another directory than
the base directory of CodiMD would result in an error being
thrown because `lib/workers/dmpWorker.js` could not be found.

This change makes the function call independent of the path CodiMD
is started from.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:36 +02:00
Christoph (Sheogorath) Kern
eb885af995
Merge pull request #967 from SISheogorath/fix/follow
Add POEditor to 'follow us' statement
2018-09-26 16:20:31 +02:00
Sheogorath
353642c870
Fix document length limit on post
We recently introduced a new way to create notes using a post requeest
to the `/new` endpoint. This is not limited in size, other than pasting
a note in the editor. This patch should enforce this limit also on this
way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-26 16:08:24 +02:00
Sheogorath
2c32cf0abf
Add POEditor to 'follow us' statement
We broke the follow us before by removing Facebook and Twitter. Adding
POEditor should fix it and help to attract new translators.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-26 15:42:43 +02:00
3219e93bdd Merge branch 'master' into DepauMD 2018-09-26 03:00:10 +02:00
Sheogorath
db59bb99dc
Run db migrations on start
We should force db migrations to run on every start. This will minimize
the impact of breaking migrations in future. While it may causes some
issues with the next start since CodiMD won't start when the migrations
fail.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 19:58:55 +02:00
Christoph (Sheogorath) Kern
bdf897d31c
Merge pull request #964 from SISheogorath/fix/gitlabWarning
Omit unneeded warning if no gitlab is configured
2018-09-25 11:23:40 +02:00
f725ebd369 Merge branch 'master' into DepauMD 2018-09-25 03:00:10 +02:00
Sheogorath
7e0be69abb
Omit unneeded warning if no gitlab is configured
This patch should fix the unneeded warning of the wrong API version,
when gitlab isn't configured at all.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 00:26:40 +02:00
Christoph (Sheogorath) Kern
9e4d165663
Merge pull request #963 from SISheogorath/fix/crashPDF
Fix server crash on PDF creation
2018-09-24 20:34:29 +02:00
Sheogorath
6fdb9eea46
Fix server crash on PDF creation
`markdown-pdf` seems to fail to provide the PDFs on tmpfs. This leads
crashing codimd which expects the file to be there. This patch should
add some proper error handling when expectation and reality don't fit
together.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-24 20:25:25 +02:00
b094ffb531 Merge branch 'master' into DepauMD 2018-09-24 03:00:11 +02:00
Christoph (Sheogorath) Kern
32afa14375
Merge pull request #962 from SISheogorath/feature/indonesian
Add indonesian language to CodiMD
2018-09-23 17:57:06 +02:00
Sheogorath
e65e85fa6d
Add indonesian language to CodiMD
Big thanks @filosofikode for the translation work!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-23 17:23:16 +02:00
Sheogorath
6b80626dca
Replace uws with ws package
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-18 00:02:23 +02:00
69386c33a8 Merge branch 'master' into DepauMD 2018-09-13 03:00:13 +02:00
Sheogorath
fe977434f9
Remove dead link from README
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-12 15:40:20 +02:00
550f6ebb1f Merge branch 'master' into DepauMD 2018-09-10 00:11:17 +02:00
David Mehren
c66aa60495
Upgrade to Webpack 4 - development config
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
6056f9a392
Upgrade to Webpack 4 - remove baseUrl property
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
dcb10b0ec9
Upgrade to Webpack 4 - fix CSS import order
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
a6d3ac647b
Upgrade to Webpack 4 - fix 'export as html' chunk
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
Sheogorath
0017ddd310
Update yarn.lock 2018-09-06 15:12:37 +01:00
Sheogorath
5aec047a3e
Some minor improvements for setup script
Since we use `yarn` for our container setup and try to enforce
dependencies, we should also use yarn in the setup script.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-06 15:04:20 +01:00
Christoph (Sheogorath) Kern
dbbc1f6ac8
Merge pull request #939 from SISheogorath/fix/migrationsV2
Extend migration error handling
2018-09-06 14:50:37 +01:00
Sheogorath
f27e11adab
Fix typo in link 2018-09-06 14:42:08 +01:00
Sheogorath
f177cdfbba
Change to new codimd-container repository
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-06 14:40:37 +01:00
Christoph (Sheogorath) Kern
d28a493305
Merge pull request #929 from maxer456/mattermost-auth-guide
Add an auth provider guide for Mattermost
2018-09-06 11:53:26 +01:00
Sheogorath
81e3d7bd00
Extend migration error handling
The current error handling seems to conflict with some sequelize
versions. So we add a second version of it in our excemptions.

I'm not happy about it, but when it helps to prevent further migration
breaking, it's worth it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 16:19:35 +01:00
Christoph (Sheogorath) Kern
e1746c1229
Merge pull request #936 from SISheogorath/fix/lzstring
Switch to own, fixed, lz-string version
2018-09-05 12:26:13 +01:00
Christoph (Sheogorath) Kern
5c8eaabba0
Merge pull request #938 from SISheogorath/fix/nodeTesting
Remove tests using node version 7
2018-09-05 12:24:50 +01:00
Sheogorath
8cd2f4623d
Remove tests using node version 7
Since node 7 is EOL and may breaks some new builds, we want to get rid of it. But having tests in version 8 would be nice, right? So here we go.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 12:18:41 +01:00
Sheogorath
b028baf77f
Switch to own, fixed, lz-string version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 12:09:02 +01:00
Christoph (Sheogorath) Kern
007f252273
Merge pull request #906 from SISheogorath/fix/letterAvatarMail
Fix possible weird objects as email
2018-09-05 11:36:29 +01:00
Ondřej Slabý
6ce7b20a7f Add an auth provider guide for Mattermost
Signed-off-by: Ondřej Slabý <kron258@gmail.com>
2018-08-28 11:00:00 +02:00
Christoph (Sheogorath) Kern
72894d1b7d
Merge pull request #928 from Pingu501/bugfix/wrong-gitlab-api-version-check
BUGFIX: wrong version check for gitlab api
2018-08-23 16:27:04 +02:00
Alexander Hesse
f728fdb8ab BUGFIX: wrong version check for gitlab api
Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
2018-08-23 14:06:26 +02:00
Christoph (Sheogorath) Kern
3a857a3ab3
Merge pull request #924 from cloudron-io/cloudron
Add Cloudron as an installation method
2018-08-21 09:13:52 +02:00
Girish Ramakrishnan
aa0c4705db Add Cloudron as an installation method
Fixes #923

Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
2018-08-20 20:42:52 -07:00
18fd14949e Merge branch 'master' into DepauMD 2018-08-01 03:00:08 +02:00
Christoph (Sheogorath) Kern
c9fe236594
Merge pull request #910 from hackmdio/change-social-links
Update to replace Twitter and Facebook to Riot
2018-07-31 16:25:46 +02:00
Max Wu
40340c89f7
Update to replace Twitter and Facebook to Riot
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-07-31 22:17:06 +08:00
Christoph (Sheogorath) Kern
881ca88c51
Merge pull request #908 from micedre/gitlabV4
Add possibility to choose between version v3 or v4 for the gitlab api.
2018-07-31 10:55:08 +02:00
Cédric Couralet
66d374b128 Add possibility to choose between version v3 or v4 for the gitlab api.
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)

Default gitlab api version to v4

Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-07-31 08:36:56 +00:00
Christoph (Sheogorath) Kern
48ddcef31c
Merge pull request #894 from hcaloto/fixMigrationIssues
Add missing catch blocks for migration from 1.1.1 to 1.2.0
2018-07-31 10:26:39 +02:00
Hugo Caloto
26a14dd987 Add missing catch blocks for migration from 1.1.1 to 1.2.0
Signed-off-by: Hugo Caloto <hcaloto@gmail.com>
2018-07-31 08:19:57 +02:00
3cf3e7c6da Merge branch 'master' of https://github.com/hackmdio/codimd into DepauMD 2018-07-28 15:33:53 +02:00
Christoph (Sheogorath) Kern
93a3ce1164
Merge pull request #907 from SISheogorath/fix/historyLZString
Some minor improvements for LZString handling
2018-07-28 15:03:06 +02:00
Sheogorath
db5b86df4c
Further improvement of error handling for LZString
This does some more in depth check on the error message and minimizes
the log noise that is caused by LZString.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 15:42:58 +02:00
Christoph (Sheogorath) Kern
a6a15e09fe
Merge pull request #902 from ahihi/listen-address-options
Support 'host' & 'path' config options
2018-07-27 14:40:41 +02:00
Miranda Kastemaa
70e8df5c04 Support 'host' & 'path' config options
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
2018-07-27 15:35:29 +03:00
Sheogorath
53a846bdc5
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 14:15:45 +02:00
Sheogorath
1f85017625
Minimize number of errors in LZString parsing errors for history
Right now we still see a lot of LZString parsing errors in the logs. 
They probably come from the user history. We should minimize the number 
by add the basic length check there as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 13:59:55 +02:00
Sheogorath
187401a876
Fix possible weird objects as email
It seems like some providers return strange types for emails which cause
problems. We default to something that is definitely a string.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 13:36:22 +02:00
Sheogorath
23bd1a18bb
Add mailmap for contributors
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 13:21:52 +02:00
Christoph (Sheogorath) Kern
262974dd3d
Merge pull request #896 from maahl/default_img_upload_type
Upload images to the filesystem by default, rather than to imgur
2018-07-27 13:03:32 +02:00
Christoph (Sheogorath) Kern
d327bed653
Merge pull request #893 from w4tsn/patch-2
Fix some false titles
2018-07-27 12:59:38 +02:00
Christoph (Sheogorath) Kern
e45f8bb692 Update ja.json (POEditor.com) 2018-07-10 11:53:09 +02:00
Maxence Ahlouche
972a81aa6f Upload images to the filesystem by default, rather than to imgur
Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
2018-07-09 20:31:14 +02:00
Alexander Wellbrock
97c2330264
Fix some false titles
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
2018-07-08 20:41:46 +02:00
Christoph (Sheogorath) Kern
429257880b
Merge pull request #890 from hackmdio/fix-csp-for-speaker-notes
Replaces script src hash for speaker note to CSP directives
2018-07-05 12:54:07 +02:00
Max Wu
b7e5a82f52 Add script src hash for speaker note to CSP directives
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-07-05 18:41:27 +08:00
Christoph (Sheogorath) Kern
af26992b55
Merge pull request #886 from SISheogorath/fix/ToCHeader
Refactor generation of ToC
2018-07-04 21:13:14 +02:00
Sheogorath
df05bff82a
ToC: Some HTML improvements and style fixes
The ToC generated broken HTML with unclosed `<li>` tags. This got fixed
as well as some minor optimisation and adding list elements for the
subentries so the elements appear in the ToC while scrolling.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-04 21:09:06 +02:00
Sheogorath
cf934a4e51
Ignore h6 headers
h6 headers are used for tags in CodiMD. So we should ignore them for the
ToC generation.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-04 11:21:15 +02:00
Sheogorath
4fe0620853
Refactor generation of ToC
This replaces the existing iterative implementation of the ToC
generation with an recursive one.

This also solves the problem of skipped headers which causes wrong
leveling of them.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-04 02:36:47 +02:00
Christoph (Sheogorath) Kern
b1d1f469de
Merge pull request #883 from SISheogorath/fix/contentTypes
Fixing content types in status router
2018-07-03 22:17:36 +02:00
Christoph (Sheogorath) Kern
762cff677c
Merge pull request #884 from SISheogorath/fix/nightMode
Fix some night mode colors
2018-07-03 21:41:04 +02:00
Sheogorath
734e7b01a5
Remove some unneeded defined inline-stylings
These have no really useful point here. Let's just remove them.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-03 21:34:57 +02:00
Sheogorath
1de8160008
Fix some night mode colors
We have some issues with night mode and the font color. This should fix
this in the permission table and the delete node modal. As well as some
picture styling.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-03 21:25:45 +02:00
Sheogorath
d76ea5440a
Fixing content types in status router
As it turns out, expressjs doesn't detect the right mimetype and it
seems like I didn't bother to test this enough. So lets fix it for the
next release.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-03 20:38:52 +02:00
Christoph (Sheogorath) Kern
4e38d1836e Update it.json (POEditor.com) 2018-07-02 09:41:12 +02:00
Sheogorath
33a4b88dab
Release 1.2.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 19:38:12 +02:00
Sheogorath
2fc4e911fb
Release notes for 1.2.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 19:19:34 +02:00
Christoph (Sheogorath) Kern
7cfade712f Update de.json (POEditor.com) 2018-06-30 19:14:15 +02:00
Sheogorath
bd93269dae
Update yarn.lock 2018-06-30 17:45:26 +02:00
Sheogorath
a26c142ade
Revert "Update pg"
This reverts commit 4d4163c170.
2018-06-30 17:43:08 +02:00
Sheogorath
fe5248acbd
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 17:07:53 +02:00
Christoph (Sheogorath) Kern
501b46f304
Merge pull request #871 from SISheogorath/update/dependencies
Update dependencies
2018-06-30 17:05:59 +02:00
Sheogorath
f30cc3044a
Update randomcolor
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
4d4163c170
Update pg
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
dea62cf310
Update store
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
1812b1aaca
Update highlight.js
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
565cdc0197
Update xss protection
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
459fe2da07
Update sqlite
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
3f49aee63f
Update shortid
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
0cebeb68d7
Update passport
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
b6e1144627
Update to octicon 4.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
562985a115
Update passport-ldap
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
f51de7f3bb
Update validator
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
fd3733e7d1
Update password-gitlab2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
d8df6e4342
Update minio
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
76b2ba4954
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Christoph (Sheogorath) Kern
453cb19fff
Merge pull request #868 from SISheogorath/docs/termsAndPrivacy
Add docs for usage of terms and privacy policy
2018-06-27 23:49:11 +02:00
Sheogorath
20b75a4924
Add docs for usage of terms and privacy policy
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-27 23:44:32 +02:00
Christoph (Sheogorath) Kern
8bd85f8960
Merge pull request #866 from SISheogorath/docs/nativeSequelize
Update install instructions to cover sequelize
2018-06-26 23:24:23 +02:00
Sheogorath
3b9e29a14a
Update install instructions to cover sequelize
We instruct people to run db migrations on inital setup. We should do
that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-26 22:56:19 +02:00
Christoph (Sheogorath) Kern
6218c703a9
Merge pull request #865 from SISheogorath/fix/unicodeURLs
Fix broken unicode urls
2018-06-26 22:47:21 +02:00
Sheogorath
1c92524c08
Fix broken unicode urls
It wasn't possible to create unicode based URLs in freeurl mode, because
the noteid used for the websocket connection is double escaped. When we
decode it and let socketio-client reencode it, we get the real
shortid/noteid and can find the note in the database and open the
connection.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-26 22:25:36 +02:00
Christoph (Sheogorath) Kern
c7745f6b27
Merge pull request #863 from hackmdio/feature/slidePrint
Add Print icon to slide view
2018-06-26 21:41:18 +02:00
Christoph (Sheogorath) Kern
6634fac849
Merge pull request #850 from SISheogorath/rebrand/CodiMD
Rebrand HackMD CE to CodiMD
2018-06-26 21:38:02 +02:00
Sheogorath
04d16e4d6e
Add Print icon to slide view
It redirects the user to the print view of the document. I claim that
people should either be smart enough to use ctrl+P or ask someone who
knows how to print a webpage. I don't want to babysit our users.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 23:50:38 +02:00
Sheogorath
2184491f4a
Final replacements
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:13:46 +02:00
Sheogorath
97a08e7954
Add note about renaming to docs
It's way easier to add a note to the guides than to redo all the images,
etc. We have more important things to spend our time on, but if someone
wants to redo them, you are very welcome!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:06:32 +02:00
Sheogorath
a762928e97
Do final internal renameing
A little minor change, by moving the CodiMD version header in its own
middleware. Should simplify to determine the version number of the
Backend in future.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:05:41 +02:00
Sheogorath
23c33c0c04
Rename HackMD view to CodiMD
Even when it looks a bit weird in first place to rename all internals
step by step, it makes sense to do so, because we run into confusion
afterwards.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:40:18 +02:00
Sheogorath
b242b59db4
Rename environment variables and add legacy support.
As we are no longer HackMD the short tag `HMD` doesn't match anymore. We
move it to the matching prefix `CMD` and inform our users about the
change.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:40:18 +02:00
Sheogorath
12d11f3f3f
Add background story about the renaming
We want to communicate transparent. So we should state very clear what
CodiMD is and what makes it different from HackMD and at the same time
how we are related and that there are no bad boys involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:13 +02:00
Sheogorath
ddb52bf3c8
Remove outdated contributors file
We can remove this contributors file, since it doesn't provide any more
information than git blame does anyways.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:13 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Christoph (Sheogorath) Kern
d87505d583
Merge pull request #854 from hackmdio/feature/disableGravatar
Allow to disable gravatar
2018-06-24 01:59:06 +02:00
Christoph (Sheogorath) Kern
b8726bbe8d
Merge pull request #855 from hackmdio/fix/constants
Move config out of statics path
2018-06-24 01:58:08 +02:00
Christoph (Sheogorath) Kern
cfdfafdb79
Merge pull request #856 from hackmdio/fix/lineEndings
Fix possible line-ending issues for init note
2018-06-24 01:57:47 +02:00
Christoph (Sheogorath) Kern
ec78c4f2fc
Merge pull request #857 from hackmdio/fix/pdf-links
Fix broken images in PDF caused by misconfigred server URL
2018-06-24 01:57:26 +02:00
Christoph (Sheogorath) Kern
050146e62c
Merge pull request #858 from SISheogorath/fix/imgUpload
Fix breaking regex
2018-06-24 01:32:28 +02:00
Sheogorath
bf9400e107
Fix breaking regex
The image upload regex breaks with the new path for uploads.

This commit fixes it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 01:03:45 +02:00
Sheogorath
f69e77de42
Fix broken images in PDF caused by misconfigred server URL
As it turns out, if the serverURL can't be generated correctly, HackMD
will use relative paths in image upload. This causes broken links in
PDF.

With this commit we force absolute links during PDF creation which
hopefully fixes the problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 01:00:29 +02:00
Sheogorath
b7b621822c
Fix possible line-ending issues for init note
By uploading a malicous note currently it is possible to prevent this
note from being edited. This happens when using Windows line endings.

With this commit we remove all `\r` characters from the notes and this
way prevent this problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 00:32:50 +02:00
Sheogorath
0ed4b50098
Move config out of statics path
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 00:07:32 +02:00
Christoph (Sheogorath) Kern
7c7cc289f2
Merge pull request #853 from SISheogorath/fix/imgUpload
Fix possible error if HackMD is started with wrong workdir
2018-06-23 23:42:15 +02:00
Sheogorath
318b2d378f
Allow to disable gravatar
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.

This commit also simplifies and optimizes the avatar code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:40:55 +02:00
Sheogorath
a2608c319a
Fix possible error if HackMD is started with wrong workdir
In https://github.com/hackmdio/hackmd/issues/834 is described how
starting HackMD crashes when using the wrong working dir.

This is caused by a relative path in our upload routine. This change
should fix it and prevent future crashes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:01:01 +02:00
Christoph (Sheogorath) Kern
87824d21e8
Merge pull request #852 from SISheogorath/remove/unusedLang
Remove unused zh.json from repo
2018-06-23 21:38:31 +02:00
Sheogorath
8fe26988d1
Fix all newly introduced linting issues
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 21:27:21 +02:00
Sheogorath
47b18ada76
Remove unused zh.json from repo
Since the original idea of using a symlink didn't work anyway, we should
remove the zh.json symlink from the repo.  It doesn't provide any
benefit but alters the repo on start of HackMD.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 21:26:33 +02:00
Sheogorath
49db5bc653
Merge branch 'pr-846' 2018-06-23 21:19:44 +02:00
Sheogorath
f65d96c57b
Fix liniting and optimize some functions
First fixed some linting issues. Also optimized some functions to be
undoable with one ctrl+z.

This should also speedup some operations

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 21:18:15 +02:00
Christoph (Sheogorath) Kern
7542968dc7
Merge pull request #849 from jekrb/cover-template-string
turn concatenated string into a multi-line template string
2018-06-23 18:23:28 +02:00
Jake Burden
b98d10c79a turn concatenated string into a multi-line template string
Signed-off-by: Jake Burden <jake@doge.haus>
2018-06-22 18:08:47 -04:00
Edgar Zanella Alvarenga
a8b664fdb5 Add a toolbar to Codemirror editor
Signed-off-by: Edgar Zanella Alvarenga <e@vaz.io>
2018-06-19 16:03:56 +02:00
Christoph (Sheogorath) Kern
82c7f9d07c
Merge pull request #844 from hackmdio/docs/fix-default
Fix wrong docs about default image upload location
2018-06-18 03:42:42 +02:00
Christoph (Sheogorath) Kern
818d82559e
Merge pull request #845 from hackmdio/fix/polyfill
Move polyfill to CDN section
2018-06-18 03:42:17 +02:00
Christoph (Sheogorath) Kern
90411c9413
Merge pull request #843 from hackmdio/docs/K8s
Add K8s note in README
2018-06-18 01:26:58 +02:00
Sheogorath
ed5353d13a
Move polyfill to CDN section
We don't support it on CDN false instances, but it doesn't hurt to keep
it in for CDN-enabled instances

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-18 01:26:11 +02:00
Sheogorath
10dbd537b4
Fix wrong docs about default image upload location
We wrongly state that the default image upload location is imgur. This
is no longer true, but got lost when updating docs. This commit should
fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-17 23:38:49 +02:00
Sheogorath
6ffe8875bf
Add K8s note in README
We have an official K8s chart for helm out there but probably no one
knows about it. Let's advertise it a bit!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-17 23:38:25 +02:00
Sheogorath
4fcefebe5c
Update yarn.lock 2018-06-17 23:36:22 +02:00
Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
908d6e53e7 DepauMD branding 2018-06-17 19:26:21 +02:00
Christoph (Sheogorath) Kern
f36b10abb2
Merge pull request #837 from SISheogorath/translate/korean
Add korean translation
2018-06-07 14:52:56 +02:00
Sheogorath
56182532cb
Add korean translation
This translation was contributed via POEditor by the user Basix.

Thanks a lot for your work!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-07 14:29:01 +02:00
Christoph (Sheogorath) Kern
6f76e9940f
Merge pull request #836 from SISheogorath/fix/i18n-files
Fix i18n writing locale files in production
2018-06-07 10:29:09 +02:00
Sheogorath
b07925b849
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-05 01:43:17 +02:00
Sheogorath
634b3c9cea
Fix i18n writing locale files in production
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-05 01:40:50 +02:00
Christoph (Sheogorath) Kern
551840ad57
Merge pull request #784 from pferreir/add-oauth2-support
Add "generic" OAuth2 support
2018-06-04 15:54:47 +02:00
Christoph (Sheogorath) Kern
3f7a33df64
Merge pull request #783 from SISheogorath/docs/splitAuth
Split authentication guides into multiple documents
2018-06-01 20:18:28 +02:00
Sheogorath
3251bcbadc
Split authentication guides into multiple documents
Splitting the documentation should provide an easier access to the
documentation people searching for and result in less merge conflicts
when adding new documentation here.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-01 14:36:33 +02:00
Christoph (Sheogorath) Kern
94e015dde7
Merge pull request #833 from ahoka/callback
Fix callback validation
2018-06-01 14:31:44 +02:00
Adam Hoka
b5574466cd Fix callback validation
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 14:26:28 +02:00
Christoph (Sheogorath) Kern
2ed2a08f66
Merge pull request #782 from SISheogorath/feature/showFullTitle
Add title attribute in table of contents
2018-06-01 13:49:09 +02:00
Christoph (Sheogorath) Kern
65544f9a18
Merge pull request #675 from ahoka/master
Add Azure Blob Storage support
2018-06-01 12:35:20 +02:00
Ádám Hóka
376fcab2ca Add Azure Blob Storage support
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 10:07:52 +02:00
Christoph (Sheogorath) Kern
ef1097c58d
Merge pull request #832 from liuderchi/fix/checkbox-style-slide-mode
fix(slide): adjust checkbox size
2018-05-31 19:21:10 +02:00
liuderchi
334707e932
fix(slide): adjust checkbox size
- to override rules in css/github-extract.css with `!important` already

Signed-off-by: liuderchi <liuderchi@gmail.com>
2018-05-31 23:44:03 +08:00
Christoph (Sheogorath) Kern
12ab90020a
Merge pull request #785 from pferreir/redirect-to-login
403: Redirect user to login page if not logged in
2018-05-31 12:16:11 +02:00
Sheogorath
fce735e833
Add privacy policy example
As we use various services and integration we should provide an example
privacy policy.

It has to be adjust when using it to match your setup.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-31 11:32:11 +02:00
Sheogorath
6f8bd8fdc9
Fix missing dependency
To export the notes we need the archiver package that takes care of
creating the zip files.

Looks like I forgot this one in the initial commit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-27 15:28:46 +02:00
Sheogorath
75f28ca7f3
Add export data UI
This adds the UI for the export feature introduced in
bcbb8c67c9

It allows to download all notes from the main page in the default user
submenu.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-26 03:20:44 +02:00
Sheogorath
bcbb8c67c9
Add note export function
This function is the first step to get out data following GDPR about the
transportability of data.

Details: https://gdpr-info.eu/art-20-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-26 03:12:21 +02:00
Sheogorath
70df29790a
Add token based security feature
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.

We can add a GUI that shows it later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 18:26:06 +02:00
Sheogorath
9fd09a8dfb
Add delete user UI
This provides the UI for the delete user feature introduced in
4229084c62

Placing of the user delete button is not perfect, but can be moved to an
own user tab later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 17:11:11 +02:00
Sheogorath
e31d204d74
Fix requests for deleted users
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 16:15:18 +02:00
Sheogorath
4229084c62
Add delete function for authenticated users
Allow users to delete themselbes. This is require to be GDPR compliant.

See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 15:24:47 +02:00
Sheogorath
408ab7ae1d
Use cascaded deletes
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 14:55:18 +02:00
Sheogorath
8aa5c03213
Use hard delete instead of soft delete
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25 14:50:37 +02:00
Sheogorath
41a36e2e18
Add privacy and ToS links
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.

Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.

This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-24 18:10:36 +02:00
Sheogorath
a258719d34
Release 1.1.1-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-23 12:01:26 +02:00
Christoph (Sheogorath) Kern
9e77d88024
Merge pull request #828 from SISheogorath/feature/release-notes-1.1.1-ce
Add release notes for 1.1.1-ce
2018-05-23 00:16:48 +02:00
Sheogorath
fada8a8103
Add release notes for 1.1.1-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-22 23:17:20 +02:00
Sheogorath
7a91d01830
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-21 23:12:34 +02:00
Sheogorath
bd46230a7f
Add current requirements for node versions
Right now we can only run on node versions below 10.x thanks to scrypt
dependencies.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-21 23:08:13 +02:00
Christoph (Sheogorath) Kern
c71361467d
Merge pull request #826 from SISheogorath/upgrade/base64url
Upgrade base64url package
2018-05-17 15:37:25 +02:00
Sheogorath
af0a6b1d76
Upgrade base64url package
There was recently a possible security problem with base64url. Shouldn't
really hit us but it doesn't hurt.

Details: https://snyk.io/vuln/npm:base64url:20180511

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-17 15:19:24 +02:00
Christoph (Sheogorath) Kern
42b0965550
Merge pull request #825 from SISheogorath/remove/GoogleDrive
Removing google drive integration
2018-05-16 01:59:35 +02:00
Sheogorath
ad69c5017b
Removing google drive integration
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.

As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.

This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-16 01:34:55 +02:00
Christoph (Sheogorath) Kern
b8e7c4b97a
Merge pull request #824 from hackmdio/revert-813-fix/googleAPI
Revert "Workaround Google API problems"
2018-05-16 01:32:17 +02:00
Christoph (Sheogorath) Kern
6d44ded269
Revert "Workaround Google API problems" 2018-05-16 01:31:50 +02:00
Christoph (Sheogorath) Kern
e4e198c819
Merge pull request #813 from SISheogorath/fix/googleAPI
Workaround Google API problems
2018-05-10 00:13:23 +02:00
Sheogorath
2cc3058a44
Remove Google Upload from UI
This temporarily removes the Upload from the UI as it's broken right
now.

Needs a refactoring and can be added in again later on by undoing this
commit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-01 23:22:53 +02:00
Christoph (Sheogorath) Kern
2232905c4a
Merge pull request #811 from hackmdio/fix-saml-typo
Fix typo of "grouptAttribute" in saml auth module
2018-04-28 01:13:39 +02:00
Max Wu
e0629c7d27
Fix typo of "grouptAttribute" in saml auth module
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-04-27 21:52:05 +08:00
Christoph (Sheogorath) Kern
763479bea8
Merge pull request #803 from SISheogorath/fix/letterAvatarCSP
Move letter-avatars into own request
2018-04-17 22:29:37 +02:00
Sheogorath
69aed93282
Move letter-avatars into own request
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 19:06:59 +02:00
Sheogorath
43fa5cf57f
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 12:20:57 +02:00
Christoph (Sheogorath) Kern
2a9fe664d1
Merge pull request #805 from SISheogorath/fix/noFile
Fix possible file limit errors
2018-04-17 12:02:13 +02:00
Sheogorath
c4dba48f79
Fix possible file limit errors
As we currently may need higher nofile limits than usual/default on
various systems this commit should probide a fix for that an allow to
build HackMD without highering these limits and increase security.

Inspiration was found in a copy-webpack-plugin-issue[1] and found by
@thegcat[2]. Thanks for that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

[1]:
https://github.com/webpack-contrib/copy-webpack-plugin/issues/59#issuecomment-228563990
[2]: https://github.com/thegcat
2018-04-16 21:08:34 +02:00
Sheogorath
8a3cec73c1
Add config.json.example to npm test
This commit extends the find command to also match the example config
file.

This should validate the syntax or this file to prevent syntax errors
for future pull request.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-14 22:20:35 +02:00
Sheogorath
132b445fef
Fix example config
This commit fixes some json fromat issues in our config example that
causes errors on setup.

This change should fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-14 22:20:25 +02:00
Sheogorath
ef86bf5cba
Use API key instead of clientSecret
As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-13 09:38:59 +02:00
Christoph (Sheogorath) Kern
10121118fb
Merge pull request #797 from SISheogorath/fix/LZErrorLog
Add check for noteId length
2018-04-11 22:48:40 +02:00
Christoph (Sheogorath) Kern
387afd1791
Merge pull request #799 from SISheogorath/fix/AnonymousEditTypos
Fix typos for `allowAnonymousEdits`
2018-04-11 22:48:15 +02:00
Sheogorath
f23f403bcb
Extend README
Add hint about file descriptor limits and add the new translation
platform.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-11 09:38:56 +02:00
Sheogorath
735b806d5d
Add check for noteId length
As we know the length of an UUID we can check if the base64 string
of the provided UUID is long enough for a legacy base64 encoded nodeId
and stop processing it in legacy mode, if it's not the case.

This should make the ugly warning way less common.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-10 16:10:34 +02:00
Sheogorath
2492cf2cdf
Fix typos for allowAnonymousEdits
Looks like we lost some variables during the refactoring of the configs
to camel case.

This should fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-10 14:40:27 +02:00
Sheogorath
bdb8631a7b
Release 1.1.0-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 16:24:36 +02:00
Sheogorath
14a0f8594f
Merge branch 'feature/releaseNotes1.1.0' 2018-04-06 16:24:08 +02:00
Sheogorath
f4631b038a
Merge branch 'docs/features-1.1.0-ce' 2018-04-06 16:22:26 +02:00
Sheogorath
23b5e9e54a
Minor fixes in relase notes
Fix some spelling and style issues as well as adding the
latest changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 16:19:24 +02:00
Sheogorath
81e5ebf6d6
Add migration section to README.md
As it was requested to be more visable, this commit adds a migration
section about the introduced config style changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 02:20:34 +02:00
Christoph (Sheogorath) Kern
b97d6cebad
Merge pull request #796 from SISheogorath/feature/addMatrix
Add matrix.org / Riot link
2018-04-06 01:59:00 +02:00
Sheogorath
95f46520e3
Add matrix.org / Riot link
As an active part of the community prefers Matrix.org over Gitter, we
should link Matrix.org as a place to meet us.

As the matrix and gitter channels are interconnected. We don't loose any
message if a person decides to go for one or another.

We use an more universal way of translation to make it easier to provide
a link to various platforms.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-05 11:58:54 +02:00
Christoph (Sheogorath) Kern
5a5b3e9ddd
Merge pull request #790 from SISheogorath/fix/nightModeCSS
Fix modal and panel colors in night mode
2018-04-05 01:24:34 +02:00
Christoph (Sheogorath) Kern
96af23fa31
Merge pull request #791 from SISheogorath/fix/extendedCSPPolicies
Fix CSP for disqus and Google Analytics
2018-04-05 01:13:15 +02:00
Sheogorath
b90b215a84
Fix code blocks color in night mode
This provides more eye-friendly code boxes when night mode is active.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-05 00:58:41 +02:00
Sheogorath
f2f0369259
Provide feature changes in 1.1.0-ce
Adding some documentation for night mode and upload times. Extend the
contact section for community support.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30 20:42:55 +02:00
Sheogorath
645f38c228
Update release notes
Providing release notes for version 1.1.0-ce

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30 20:38:37 +02:00
Sheogorath
d939de17df
Fix CSP for disqus and Google Analytics
This commit should fix existing problems with Disqus and Google
Analytics enabled in the meta-yaml section of a note.

Before this commit they were blocked by the strict CSP. It's still
possible to disable the added directives using `addDisqus` and
`addGoogleAnalytics` in the `csp` config section.

They are enabled by default to prevent breaking changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30 16:33:52 +02:00
Sheogorath
291b33880c
Fix modal and panel colors in night mode
Night mode provides a generally, dark interface. This fix provides the
needed CSS to also turn modal and panels into night mode design as well.
This mainly effects the help modal.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-29 23:23:30 +02:00
Christoph (Sheogorath) Kern
a9a0577230
Merge pull request #789 from SISheogorath/fix/sessionSecretEnv
Add session data to env vars
2018-03-29 19:40:38 +02:00
Sheogorath
30b5ff0d96
Add session data to env vars
Currently the session secret can only be set by config.json or docker
secrets. This creates a problem on Heroku hosted instances that can not
set a session secret.

Since we automatically generate them on startup this results in an
logout of all users on every config change in Heroku.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-29 19:34:32 +02:00
Christoph (Sheogorath) Kern
d2cce7638a
Merge pull request #780 from SISheogorath/fix/sessionSecret
Automatically generate a session secret if default is used
2018-03-28 12:25:01 +02:00
Christoph (Sheogorath) Kern
1649a9b742
Merge pull request #786 from SISheogorath/fix/compatiblityConfig
Fix some issues with legacy config compatiblity
2018-03-27 19:38:21 +02:00
Christoph (Sheogorath) Kern
2d1dc881b8
Merge pull request #788 from mcnesium/docs/gitlab
Add documentation for setting up authentication with a self-hosted GitLab
2018-03-27 18:02:32 +02:00
mcnesium
18d2bbb5f3 Add documentation for setting up authentication with a self-hosted GitLab
Signed-off-by: mcnesium <git@mcnesium.com>
2018-03-27 17:51:59 +02:00
Pedro Ferreira
99abac343b 403: redirect user to login page if not logged in
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-27 08:53:37 +02:00
Sheogorath
10a81e7db2
Fix logical error in legacy config expression
We should check for an undefined and not just for a logical true or
false.

Example: When `usecdn` was set to false it was impossible to overwrite
the new config value because the if statement becomes false.

Thanks @davidmehren for pointing me to this issue.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 20:49:37 +02:00
Sheogorath
4eef661c15
Rename forgotten values
Looks like we forgot something during the migration. This should fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 20:15:45 +02:00
Pedro Ferreira
34df7ccce8 Use TEXT instead of STRING for tokens
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Pedro Ferreira
40b3855702 Add support for generic OAuth2 providers
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26 15:55:39 +02:00
Christoph (Sheogorath) Kern
5d57a4bb6f
Merge pull request #779 from SISheogorath/fix/cspForVideo
Allow embedding of video and audio tags
2018-03-26 14:51:09 +02:00
Christoph (Sheogorath) Kern
6a4350af2b
Merge pull request #778 from SISheogorath/fix/nightModeToggle
Fix night mode button after restore
2018-03-26 11:27:38 +02:00
Sheogorath
7681076eb3
Add title attribute in table of contents
Right now the full title of an element is may not shown as the space of
the ToC is limited. With this path it'll be shower on hover and this way
provide more useful information.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 11:20:18 +02:00
Sheogorath
3599fb79b4
Automatically generate a session secret if default is used
The session secret is used to sign and authenticate the session cookie
and this way very important for the authentication process.

By default the session secret is set to `secret` and never changes. This
commit will add a generator for a dynamic session secret if it stays
unchanged.

It prevents session hijacking this way and will warn the user about
the missing secret.

This also implies that on a restart without configured session secret
will log out all users. While it may seems annoying, it's for the users
best.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-26 00:36:28 +02:00
Sheogorath
450262c4ab
Allow embedding of video and audio tags
Adding mediaSrc to CSP so video and audio files can be embedded without
problems.

From a security perspective it should be fine to load audio and video
data without introducing a high security issue. Only from a privacy
perspective it allows another way to track users if there are data
embedded. But it doesn't introduce any new attack vector as pictures are
also allowed from everywhere.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 20:51:56 +02:00
Sheogorath
8b69013ebd
Fix night mode button after restore
The night mode toggle doesn't get the right state after restore from
local storage. This results in the need to toggle twice to disable night
mode.

This patch adds the needed class so the toggleNightMode function gets
the right state on execution.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 20:12:02 +02:00
Christoph (Sheogorath) Kern
57c47a65dd
Merge pull request #758 from SISheogorath/cleanup/config
Change config to camel case with backwards compatibility
2018-03-25 19:15:17 +02:00
Sheogorath
2411dffa2c
Change config to camel case with backwards compatibility
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Christoph (Sheogorath) Kern
ea1d35eddb
Merge pull request #775 from SISheogorath/feature/nightMode
Persist nightmode so we can re-enable it on reload
2018-03-24 14:35:48 +01:00
Sheogorath
32c578db08
Persist nightmode so we can re-enable it
Right now the night mode is possible to set by a toggle in the menu bar
but needs to be re-enabled on every document switch, reload, etc.. This
is super annoying so we should keep this state in local storage or
a cookie.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-23 19:46:38 +01:00
Christoph (Sheogorath) Kern
fa4a8418af
Merge pull request #772 from SISheogorath/fix/chromeFileError
Some fixes for inline-Attachments in Codemirror
2018-03-21 14:15:04 +01:00
Christoph (Sheogorath) Kern
6485f96659
Merge pull request #771 from SISheogorath/refactor/imageRouter
Refactoring imageRouter to modularity
2018-03-21 14:13:32 +01:00
Sheogorath
1756e76dc3
Refactoring imageRouter to modularity
This should make the imageRouter more modular and easier to extent. Also
a lot of code duplication was removed which should simplify maintenance
in future.

In the new setup we only need to provide a new module file which exports
a function called `uploadImage` and takes a filePath and a callback as
argument. The callback itself takes an error and an url as parameter.
This eliminates the need of a try-catch-block around the statement and
re-enabled the optimization in NodeJS.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-20 11:00:11 +01:00
Sheogorath
6e6a98b392
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-18 15:36:52 +01:00
Christoph (Sheogorath) Kern
5361a97188
Merge pull request #770 from SISheogorath/fix/ldapUUID
Add check for undefined UUID
2018-03-18 15:13:51 +01:00
Christoph (Sheogorath) Kern
f6df2deb84
Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64
Fix to use url-safe base64 in note url
2018-03-18 15:13:06 +01:00
Sheogorath
6219962892
Reorganize usage of getAsFile()
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-18 03:11:28 +01:00
Sheogorath
41bf7cc52f
Fix typo in vedor extension
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-18 03:10:37 +01:00
Sheogorath
638eae0dfb
Add check for undefined UUID
This check is needed at there are tons of LDAP implementations out there
and none has at least one guaranteed unique field. As we currently check
three fields and added an option to select one yourself, it's still not
said that any of these fields is set. This will now create an error
and fail the authentication instead of letting people may get access to
other people's notes which are stored under a this way deterministic
wrong userid named `LDAP-undefined`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-18 00:27:07 +01:00
Christoph (Sheogorath) Kern
6b30f66272
Merge pull request #757 from SISheogorath/fix/migration
Add missing migration for permissions
2018-03-17 21:33:02 +01:00
Christoph (Sheogorath) Kern
e2b8b92530
Merge pull request #769 from SISheogorath/fix/minioInteger
Add helper function to fix number problems
2018-03-17 21:32:03 +01:00
Sheogorath
d682695bf1
Add helper function to fix number problems
As minio causes various problem if you configure it using environment
variables and leave the port setting out, which will evaluate to NaN,
this change should fix this in a clean way for this time and helps to
support numbers in general in future.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-16 20:37:59 +01:00
Christoph (Sheogorath) Kern
9cbe03d8a8
Merge pull request #761 from SISheogorath/feature/reportURI
Add config option for report URI in CSP
2018-03-14 22:10:23 +01:00
Christoph (Sheogorath) Kern
976657dc21
Merge pull request #765 from vazontang/master
Convert  HMD_MINIO_PORT into Number type.
2018-03-14 21:33:21 +01:00
vazontang
070dd27f95
Convert HMD_MINIO_PORT into Number type.
fix hackmdio/hackmd#763

Signed-off-by: Tang TsungYi <vazontang@gmail.com>
2018-03-15 04:07:45 +08:00
Sheogorath
efa490a50f
Add config option for report URI in CSP
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-14 17:57:41 +01:00
Christoph (Sheogorath) Kern
2698aa4b5f
Merge pull request #760 from thegcat/fix/support_multiple_emails_in_ldap
Multiple emails from LDAP are already an Array
2018-03-10 20:40:59 +01:00
Max Wu
8bfe51940f Fix typo
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-11 03:00:36 +08:00
Max Wu
dfd833dbe2 Update to show log on migrate LZString type note url in history
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-11 02:55:54 +08:00
Max Wu
5e975cbe69 Fix to log instead of throwing error on parse note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-11 02:52:24 +08:00
Max Wu
c7657ae81e Fix parseNoteId order to fix some edge case
that LZString note url could be parsed by base64url note url and thus return wrong note id

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-10 16:52:24 +08:00
Max Wu
16cb842b94 Improve history migration performance
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-10 16:51:00 +08:00
Felix Schäfer
12dae4465f Multiple emails from LDAP are already an Array
Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-09 14:39:08 +01:00
Sheogorath
21be5a5517
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-07 11:30:08 +01:00
Christoph (Sheogorath) Kern
17d6fe716d
Merge pull request #756 from davidmehren/master
Remove engine.io-client dependency
2018-03-07 11:15:54 +01:00
Sheogorath
f85ba6df53
Add missing migration for permissions
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-06 16:31:41 +01:00
David Mehren
7904558292
Remove engine.io-client dependency and fix webpack config
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-03-06 14:45:14 +01:00
Christoph (Sheogorath) Kern
66d8d3180a
Merge pull request #755 from thegcat/fix/remove_unused_ldap_options
Remove unused LDAP option `tokenSecret`

fixes #754
2018-03-06 14:22:50 +01:00
Felix Schäfer
6094c61871 Remove unused LDAP option tokenSecret
hackmdio/hackmd#754

Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-05 14:06:05 +01:00
Christoph (Sheogorath) Kern
eb46378fc5
Merge pull request #753 from senk/patch-1
Fix small typo
2018-03-05 10:25:31 +01:00
Robin Naundorf
e547664727 Fix small typo
Signed-off-by: Robin Naundorf <r.naundorf@fh-muenster.de>
2018-03-05 09:06:37 +01:00
Christoph (Sheogorath) Kern
96c9096d50
Merge pull request #750 from fooker/master
Use ldap.usernameField over hardcoded uid fields
2018-03-03 23:56:01 +01:00
Max Wu
d08c9522c0 Update to migrate note url in the history of browser storage and cookie
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-03 16:26:19 +08:00
Dustin Frisch
d6ee10d176
Introduce ldap.useridField
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-03-01 23:51:47 +01:00
Max Wu
fe429e9ac1 Update to use buffer in encode/decode note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-27 20:57:31 +08:00
Christoph (Sheogorath) Kern
b0ce3d0230
Merge pull request #744 from hackmdio/add-more-html5-tags
Support more html5 tags and styles
2018-02-26 19:41:53 +01:00
Max Wu
ea118c2ec8 Update styles of details, summary and figure
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 21:05:13 +08:00
Max Wu
95e9f96aa0 Update to allow rp tag for ruby
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 20:55:10 +08:00
Max Wu
711a11ce23 Remove manual allow details tag since default already allow it
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 20:54:57 +08:00
Max Wu
44298baa93 Add migration for LZString compressed note id in history
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:46:59 +08:00
Max Wu
baa0418fb5 Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Christoph (Sheogorath) Kern
912cce2b40
Merge pull request #740 from SISheogorath/feature/moreHTML5
Extend HTML5 support by whitelisting various tags
2018-02-25 21:50:11 +01:00
Sheogorath
5d347d583d
Extend HTML5 support by whitelisting various tags
HTML5 provides a wide feature set of useful elements. Since Markdown
usually supports HTML it should be able to use these HTML5 tags as well.
As they were requested by some users and they where checked for being
safe, whitelisting them isn't a problem. To make the experience the same
as on GitHub when it comes to the basic look and feel of the rendered
markdown, some CSS was added to make the summary and the details tag
look like on GitHub.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-25 14:54:21 +01:00
Christoph (Sheogorath) Kern
f642a11599
Merge pull request #739 from SISheogorath/fix/sublime-esc
Allow the usage of the esc-key by codemirror
2018-02-25 14:25:26 +01:00
Sheogorath
9c77e9d7f0
Allow the usage of the esc-key by codemirror
This change allows all input modes of codemirror to use the information
from an input esc-key and make this way vim and sublime more
functional. To prevent this change from breaking the return from the
fullscreen mode, it catches the esc-key in this case. Hopefully this is
an acceptable solution.

As before the vim-mode is handled different in fulltext-mode as it is
esc-key heavy.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-24 21:14:47 +01:00
Christoph (Sheogorath) Kern
6bcc72e090
Merge pull request #735 from SISheogorath/fix/jsonlint
Use jq instead of jsonlint
2018-02-19 20:00:59 +01:00
Sheogorath
faa839ed3a
Use jq instead of jsonlint
As the jsonlint package from NPM causes problems and looks unmaintained,
it'll be replaced with `jq` a well maintained project which allows to
search through JSON files in a `grep`-like style, but knowing the JSON
structure.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-19 19:50:01 +01:00
Christoph (Sheogorath) Kern
298d3d62bb
Merge pull request #730 from Zearin/patch-1
Update README.md
2018-02-19 11:32:13 +01:00
Zearin
b8e019c6b0 Rerun doctoc
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
2018-02-17 13:08:05 -05:00
Zearin
b0f524e55e Update README.md
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
2018-02-17 12:51:48 -05:00
Christoph (Sheogorath) Kern
e4783837ef
Merge pull request #728 from hackmdio/fix-show-error-in-parseNoteId
Fix to show 500 message when got error in parseNoteId
2018-02-17 17:32:26 +01:00
Max Wu
15ef54c2dc Fix to show 500 message when got error in parseNoteId
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17 00:57:00 +08:00
Christoph (Sheogorath) Kern
e793738833
Merge pull request #725 from SISheogorath/fix/referrerPolicy
Add referrer policy
2018-02-12 22:23:19 +01:00
Sheogorath
714504618c
Add referrer policy
This commit adds a referrer policy to all requests.

The usage of `same-origin` allows HackMD to still interpret all requests
and this way not break anything. But it prevents 3rd party scripts,
pictures and more to get informations that may lead to not secured note.

It has to be mentioned that this maybe breaks some features of the
Google Analytics embedding. This has to be tested.

Fixes #724

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-12 01:59:48 +01:00
Max Wu
bb5e021f20 Fix field type to prevent data truncation of authorship (#721)
* Fix field type to prevent data truncation of authorship
2018-02-09 14:27:06 +01:00
Christoph (Sheogorath) Kern
dfa0851d8f
Add matrix.org badge to README.md
Matrix.org is an interesting platform for collaboration and community building. 

Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more.

Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias.

Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
2018-02-08 15:27:07 +01:00
Christoph (Sheogorath) Kern
d7c66ea49b
Merge pull request #718 from takmatsu/master
Fix typo of DB migration script
2018-02-08 14:53:20 +01:00
Takeaki Matsumoto
a9973cabc4 Fix typo of DB migration script
Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
2018-02-08 10:15:05 +09:00
Christoph (Sheogorath) Kern
f3358b49f5
Merge pull request #716 from stbuehler/fix-referer
don't require referer to find note id in socket.io connections (fixes #623)
2018-02-05 14:50:47 +01:00
Stefan Bühler
c4f8fb78ee don't require referer to find note id in socket.io connections (fixes #623)
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
2018-02-05 14:26:42 +01:00
Christoph (Sheogorath) Kern
2024262200
Merge pull request #714 from SISheogorath/fix/uncaughtException
Fix uncaught exception for non-existent user
2018-01-31 20:48:59 +01:00
Sheogorath
1a4800e21a
Update Heroku button
The button needs a parameter to work, that provides the git repository
that is used for the deployment. This commit corrects the link and this
way fixes the provisioning as it's not working with the wrong/default
buildpacks.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-31 14:00:49 +01:00
Sheogorath
6b97dd7aac
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-31 01:16:52 +01:00
Sheogorath
eddf8a3a33
Fix uncaught exception for non-existent user
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 21:53:36 +01:00
Christoph (Sheogorath) Kern
e5edd1a124
Merge pull request #713 from SISheogorath/update/socketio
Update socket.io to version 2.0.4
2018-01-30 21:43:31 +01:00
Sheogorath
a01b4a843c
Update socket.io to version 2.0.4
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 19:44:32 +01:00
Sheogorath
a40dcdd222
Prevent "wrong type"-issue
The argument is may interpreted as number which causes the "pass"
parameter of the user creation to fail. Probably the same applies to the
mail address. But mail addresses are by definition not allowed to start
by a number (iirc) which makes it less a problem. This is mainly a quick
fix. Should be refactored a bit in future.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 22:41:12 +01:00
Sheogorath
e055f270b4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 22:37:02 +01:00
Christoph (Sheogorath) Kern
80950f806b
Merge pull request #707 from Nebukadneza/add_cmdline_usermanager
Add simple user-management tool for emailsignin
2018-01-29 22:35:20 +01:00
Sheogorath
be02aed1c0
Update badges in README.md
The docker badges have to be updated since we now provide official image
like tags. So `latest-alpine` became `alpine`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 22:01:31 +01:00
Dario Ernst
31f1db4100 Make travis run shellcheck only on shellscripts
There are only a few scripts in bin/, but not all might be shell. At
least for the moment, it seems reasonable to explicitely enumerate all
shell-scripts in bin/ for shellcheck …

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-29 19:49:04 +01:00
Dario Ernst
9e0359e079 Add simple user-management tool for emailsignin …
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-29 19:49:04 +01:00
Sheogorath
4c08afbbb5
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 16:38:32 +01:00
Christoph (Sheogorath) Kern
adc781f7e3
Merge pull request #704 from SISheogorath/fix/ldapProviderName
Fix ldap provider name in template
2018-01-29 15:59:27 +01:00
Christoph (Sheogorath) Kern
e18e05541c
Merge pull request #705 from SISheogorath/fix/camelcaseConfig
Remove camel case from `imageuploadtype` in config
2018-01-29 15:53:14 +01:00
Christoph (Sheogorath) Kern
d8766bbc08
Merge pull request #710 from hackmdio/feature/upgradeRevealJS
Upgrade reveal.js to 3.6.0 and useCDN option for CSS include
2018-01-29 15:19:23 +01:00
Wu Cheng-Han
3c473e60a6 Upgrade reveal.js to 3.6.0 and useCDN option for CSS include 2018-01-29 13:09:52 +08:00
Sheogorath
bd92010dd2
Remove camel case from imageuploadtype in config
This removes the only camel cased option of the config options
**we** added to the config.json.

In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.

Fixes #315

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath
e44751b3f1
Fix ldap provider name in template
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 10:46:22 +01:00
236 changed files with 18058 additions and 10193 deletions

View file

@ -1,6 +1,11 @@
{ {
"presets": [ "presets": [
"es2015" ["env", {
"targets": {
"node": "8",
"uglify": true
}
}]
], ],
"plugins": [ "plugins": [
"transform-runtime" "transform-runtime"

View file

@ -17,3 +17,9 @@ trim_trailing_whitespace = false
[{.travis.yml,npm-shrinkwrap.json,package.json}] [{.travis.yml,npm-shrinkwrap.json,package.json}]
indent_style = space indent_style = space
indent_size = 2 indent_size = 2
[locales/*.json]
# this is the exact style poeditor.com exports, so this should prevent churn.
insert_final_newline = false
indent_style = space
indent_size = 4

3
.eslintignore Normal file
View file

@ -0,0 +1,3 @@
lib/ot
public/vendor
public/build

22
.eslintrc.js Normal file
View file

@ -0,0 +1,22 @@
module.exports = {
"root": true,
"extends": "standard",
"env": {
"node": true
},
"rules": {
// at some point all of these should return to their default "error" state
// but right now, this is not a good choice, because too many places are
// wrong.
"import/first": ["warn"],
"indent": ["warn"],
"no-console": ["warn"],
"no-multiple-empty-lines": ["warn"],
"no-multi-spaces": ["warn"],
"object-curly-spacing": ["warn"],
"one-var": ["warn"],
"quotes": ["warn"],
"semi": ["warn"],
"space-infix-ops": ["warn"]
}
};

1
.gitignore vendored
View file

@ -8,7 +8,6 @@ composer.lock
.idea/ .idea/
Thumbs.db Thumbs.db
npm-debug.log npm-debug.log
hackmd_io
newrelic_agent.log newrelic_agent.log
logs/ logs/
tmp/ tmp/

14
.mailmap Normal file
View file

@ -0,0 +1,14 @@
Max Wu <jackymaxj@gmail.com> Wu Cheng-Han <jacky_cute0808@hotmail.com>
Max Wu <jackymaxj@gmail.com> Cheng-Han, Wu <jackymaxj@gmail.com>
Max Wu <jackymaxj@gmail.com> jackycute <jackymaxj@gmail.com>
Max Wu <jackymaxj@gmail.com> Wu, Cheng-Han <jackymaxj@gmail.com>
Max Wu <jackymaxj@gmail.com> jackycute <jacky_cute0808@hotmail.com>
Sheogorath <sheogorath@shivering-isles.com> Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Raccoon <raccoon@hackmd.io> Raccoon Li <a60814billy@gmail.com>
Raccoon <raccoon@hackmd.io> Raccoon <a60814billy@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org> Peter Dave Hello <PeterDaveHello@users.noreply.github.com>
Claudius Coenen <github@amenthes.de> Claudius Coenen <opensource@amenthes.de>

View file

@ -1,38 +1,40 @@
language: node_js language: node_js
dist: trusty dist: xenial
cache: yarn cache: yarn
env:
global:
- CXX=g++-4.8
- YARN_VERSION=1.3.2
jobs: jobs:
include: include:
- env: task=npm-test - stage: Static Tests
name: eslint
node_js: node_js:
- 6 - 10
before_install: script:
- curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version "$YARN_VERSION" - yarn run eslint
- export PATH="$HOME/.yarn/bin:$PATH" - name: ShellCheck
- env: task=npm-test script:
- shellcheck bin/heroku bin/setup
language: generic
- name: json-lint
addons:
apt:
packages:
- jq
script:
- yarn run jsonlint
language: generic
- stage: Dynamic Tests
name: Node.js 8
node_js: node_js:
- 7 - 8
before_install:
- curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version "$YARN_VERSION"
- export PATH="$HOME/.yarn/bin:$PATH"
- env: task=ShellCheck
script: script:
- shellcheck bin/* - yarn run mocha-suite
language: generic - name: Node.js 10
- env: task=doctoc node_js:
install: npm install doctoc - 10
script: script:
- cp README.md README.md.orig - yarn run mocha-suite
- npm run doctoc - name: Node.js 12
- diff -q README.md README.md.orig node_js:
language: generic - 12
- env: task=json-lint
install: npm install jsonlint
script: script:
- npm run jsonlint - yarn run mocha-suite
language: generic

7
CHANGELOG.md Normal file
View file

@ -0,0 +1,7 @@
# CHANGELOG
Please refer to the release notes published under
[`public/docs/release-notes.md`](public/docs/release-notes.md).
These are also available on each CodiMD instance under
https://[domain-name]/release-notes

37
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,37 @@
Contributor Code of Conduct
===
As contributors and maintainers of this project, and in the interest of fostering an open and
welcoming community, we pledge to respect all people who contribute through reporting issues,
posting feature requests, updating documentation, submitting pull requests or patches, and other
activities.
We are committed to making participation in this project a harassment-free experience for everyone,
regardless of level of experience, gender, gender identity and expression, sexual orientation,
disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery
* Personal attacks
* Trolling or insulting/derogatory comments
* Public or private harassment
* Publishing other's private information, such as physical or electronic addresses, without explicit
permission
* Other unethical or unprofessional conduct.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits,
code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By
adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently
applying these principles to every aspect of managing this project. Project maintainers who do not
follow or enforce the Code of Conduct may be permanently removed from the project team.
This code of conduct applies both within project spaces and in public spaces when an individual is
representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an
issue or contacting one or more of the project maintainers.
This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org),
version 1.2.0, available at
[http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)

View file

@ -3,7 +3,8 @@
When contributing to this repository, please first discuss the change you wish to make via issue, When contributing to this repository, please first discuss the change you wish to make via issue,
email, or any other method with the owners of this repository before making a change. email, or any other method with the owners of this repository before making a change.
Please note we have a code of conduct, please follow it in all your interactions with the project. Please note we have a [code of conduct](CODE_OF_CONDUCT.md), please follow it in all your
interactions with the project.
## Pull Request Process ## Pull Request Process
1. Ensure you signed all your commits with Developer Certificate of Origin (DCO). 1. Ensure you signed all your commits with Developer Certificate of Origin (DCO).
@ -16,50 +17,13 @@ Please note we have a code of conduct, please follow it in all your interactions
5. You may merge the Pull Request in once you have the sign-off of two other developers, or if you 5. You may merge the Pull Request in once you have the sign-off of two other developers, or if you
do not have permission to do that, you may request the second reviewer to merge it for you. do not have permission to do that, you may request the second reviewer to merge it for you.
## Contributor Code of Conduct ## Sign your work
As contributors and maintainers of this project, and in the interest of fostering an open and
welcoming community, we pledge to respect all people who contribute through reporting issues,
posting feature requests, updating documentation, submitting pull requests or patches, and other
activities.
We are committed to making participation in this project a harassment-free experience for everyone,
regardless of level of experience, gender, gender identity and expression, sexual orientation,
disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery
* Personal attacks
* Trolling or insulting/derogatory comments
* Public or private harassment
* Publishing other's private information, such as physical or electronic addresses, without explicit
permission
* Other unethical or unprofessional conduct.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits,
code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By
adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently
applying these principles to every aspect of managing this project. Project maintainers who do not
follow or enforce the Code of Conduct may be permanently removed from the project team.
This code of conduct applies both within project spaces and in public spaces when an individual is
representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an
issue or contacting one or more of the project maintainers.
This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org),
version 1.2.0, available at
[http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
### Sign your work
We use the Developer Certificate of Origin (DCO) as a additional safeguard We use the Developer Certificate of Origin (DCO) as a additional safeguard
for the HackMD project. This is a well established and widely used for the CodiMD project. This is a well established and widely used
mechanism to assure contributors have confirmed their right to license mechanism to assure contributors have confirmed their right to license
their contribution under the project's license. their contribution under the project's license.
Please read [contribute/developer-certificate-of-origin][dcofile]. Please read [docs/legal/developer-certificate-of-origin.txt][dcofile].
If you can certify it, then just add a line to every git commit message: If you can certify it, then just add a line to every git commit message:
```` ````

View file

@ -1,902 +0,0 @@
=== .babelrc
Yukai Huang <yukaihuangtw@gmail.com>
=== .editorconfig
bananaappletw <bananaappletw@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== .gitignore
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== .sequelizerc.example
Yukai Huang <yukaihuangtw@gmail.com>
=== .travis.yml
bananaappletw <bananaappletw@gmail.com>
BoHong Li <a60814billy@gmail.com>
Max Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
=== AUTHORS
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== CONTRIBUTING.md
Max Wu <jackymaxj@gmail.com>
=== LICENSE
Cheng-Han, Wu <jackymaxj@gmail.com>
jackycute <jacky_cute0808@hotmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== README.md
alecdwm <alec@owls.io>
bananaappletw <bananaappletw@gmail.com>
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Florian Rhiem <florian.rhiem@gmail.com>
jackycute <jackymaxj@gmail.com>
Jannik Lorenz <dev@janniklorenz.de>
Jason Croft <jcroft@velocity.org>
Johannes Weißl <jargon@molb.org>
Jun SAKATA <jun.bj141400@gmail.com>
Laura Kyle <laura.kyle91@gmail.com>
Max Wu <jackymaxj@gmail.com>
neopostmodern <clemens@neopostmodern.com>
NV <nvsofts@gmail.com>
Sheogorath <sheogorath@shivering-isles.com>
The Gitter Badger <badger@gitter.im>
Wonder Chang <iwonder.tw@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
蒼時弦也 <elct9620@frost.tw>
=== app.js
alecdwm <alec@owls.io>
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
James Stephenson <c4p7.fl1n7@gmail.com>
Jan Kunzmann <jan-github@phobia.de>
Jason Croft <jcroft@velocity.org>
Jordan Matelsky <j6k4m8@gmail.com>
knjcode <knjcode@gmail.com>
LluisArevalo <thorin119@gmail.com>
Max Wu <jackymaxj@gmail.com>
NV <nvsofts@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Raccoon Li <a60814billy@gmail.com>
robert <ahmerov.rt@molodost.bz>
Sheogorath <sheogorath@shivering-isles.com>
S.Noda <noda@fenrir.co.jp>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== app.json
bananaappletw <bananaappletw@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== bin/heroku
bananaappletw <bananaappletw@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== bin/setup
Sheogorath <sheogorath@shivering-isles.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== config.json.example
alecdwm <alec@owls.io>
bananaappletw <bananaappletw@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/images/s3-image-upload/bucket-policy-editor.png
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/images/s3-image-upload/bucket-property.png
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/images/s3-image-upload/create-bucket.png
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/images/s3-image-upload/custom-policy.png
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/images/s3-image-upload/iam-user.png
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/images/s3-image-upload/review-policy.png
Yukai Huang <yukaihuangtw@gmail.com>
=== docs/guides/s3-image-upload.md
Johannes Weißl <jargon@molb.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== lib/config/default.js
BoHong Li <a60814billy@gmail.com>
=== lib/config/defaultSSL.js
BoHong Li <a60814billy@gmail.com>
=== lib/config/dockerSecret.js
BoHong Li <a60814billy@gmail.com>
=== lib/config/enum.js
BoHong Li <a60814billy@gmail.com>
=== lib/config/environment.js
BoHong Li <a60814billy@gmail.com>
Raccoon Li <a60814billy@gmail.com>
=== lib/config/index.js
BoHong Li <a60814billy@gmail.com>
tkykm <tkykm@users.noreply.github.com>
=== lib/config/oldEnvironment.js
BoHong Li <a60814billy@gmail.com>
Raccoon Li <a60814billy@gmail.com>
=== lib/config/utils.js
Raccoon Li <a60814billy@gmail.com>
=== lib/history.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/letter-avatars.js
alecdwm <alec@owls.io>
BoHong Li <a60814billy@gmail.com>
=== lib/logger.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/migrations/20150504155329-create-users.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20150508114741-create-notes.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20150515125813-create-temp.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20150702001020-update-to-0_3_1.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20150915153700-change-notes-title-to-text.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20160112220142-note-add-lastchange.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20160420180355-note-add-alias.js
BoHong Li <a60814billy@gmail.com>
=== lib/migrations/20160515114000-user-add-tokens.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
=== lib/migrations/20160607060246-support-revision.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/migrations/20160703062241-support-authorship.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/migrations/20161009040430-support-delete-note.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/migrations/20161201050312-support-email-signin.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/models/author.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/models/index.js
bananaappletw <bananaappletw@gmail.com>
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== lib/models/note.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
NV <nvsofts@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
蒼時弦也 <elct9620@frost.tw>
=== lib/models/revision.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/models/temp.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
=== lib/models/user.js
alecdwm <alec@owls.io>
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Jason Croft <jcroft@velocity.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/client.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/editor-socketio-server.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/index.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/selection.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/server.js
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/simple-text-operation.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/text-operation.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/ot/wrapped-operation.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== lib/realtime.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Florian Rhiem <florian.rhiem@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
蒼時弦也 <elct9620@frost.tw>
=== lib/response.js
alecdwm <alec@owls.io>
BoHong Li <a60814billy@gmail.com>
butlerx <butlerx@notthe.cloud>
Cheng-Han, Wu <jackymaxj@gmail.com>
Florian Rhiem <florian.rhiem@gmail.com>
Ikumi Shimizu <193s@users.noreply.github.com>
Jannik Lorenz <dev@janniklorenz.de>
Jason Croft <jcroft@velocity.org>
Sheogorath <sheogorath@shivering-isles.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
蒼時弦也 <elct9620@frost.tw>
=== lib/utils.js
BoHong Li <a60814billy@gmail.com>
butlerx <butlerx@notthe.cloud>
LluisArevalo <thorin119@gmail.com>
=== lib/web/auth/dropbox/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/email/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/facebook/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/github/index.js
BoHong Li <a60814billy@gmail.com>
Max Wu <jackymaxj@gmail.com>
=== lib/web/auth/gitlab/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/google/index.js
BoHong Li <a60814billy@gmail.com>
Kaiyu Shi <skyisno.1@gmail.com>
=== lib/web/auth/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/ldap/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/twitter/index.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/auth/utils.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/baseRouter.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/historyRouter.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/imageRouter.js
BoHong Li <a60814billy@gmail.com>
Kotaro Yamamoto <kota.crk@gmail.com>
Raccoon Li <a60814billy@gmail.com>
=== lib/web/middleware/checkURIValid.js
BoHong Li <a60814billy@gmail.com>
Max Wu <jackymaxj@gmail.com>
=== lib/web/middleware/redirectWithoutTrailingSlashes.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/middleware/tooBusy.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/noteRouter.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/statusRouter.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/userRouter.js
BoHong Li <a60814billy@gmail.com>
=== lib/web/utils.js
BoHong Li <a60814billy@gmail.com>
=== lib/workers/dmpWorker.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== locales/ca.json
Xavier Marques <xaviermarques4f@gmail.com>
=== locales/da.json
Patrick Andersen <patrick@bacha.dk>
=== locales/de.json
Jannik Lorenz <dev@janniklorenz.de>
Philipp Zumstein <zuphilip@users.noreply.github.com>
Simon Joda Stößer <SimJoSt@users.noreply.github.com>
=== locales/el.json
Stratos Gerakakis <stratosgear@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
zachariast <zachariastraianos@gmail.com>
=== locales/en.json
alecdwm <alec@owls.io>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== locales/eo.json
James Stephenson <c4p7.fl1n7@gmail.com>
=== locales/es.json
Pablo Guerrero <pablo.guerrero@sap.com>
Sergio Valverde <svg153@users.noreply.github.com>
=== locales/fr.json
Colin Maudry <colin@maudry.com>
Ho33e5 <ho33e5@gmail.com>
=== locales/hi.json
Paras <paraschadha2052@gmail.com>
=== locales/hr.json
ivanorsolic <ivanorsolic@users.noreply.github.com>
=== locales/it.json
GhiMax <ghina8@gmail.com>
=== locales/ja.json
tkqubo <tk.qubo@gmail.com>
=== locales/nl.json
Martijnpold <martijntje7@gmail.com>
Tom Wyckhuys <tomwyckhuys@gmail.com>
=== locales/pl.json
Bartlomiej Szala <fenix440@gmail.com>
Jakub Sygnowski <sygnowski@gmail.com>
=== locales/pt.json
Marcelo Alencar <marceloalves@ufpa.br>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== locales/ru.json
Himura Kazuto <Himura2la@users.noreply.github.com>
p0v1n0m <p0v1n0m@gmail.com>
=== locales/sv.json
Lars Karlsson <lars@kajes.se>
Patrick Andersen <patrick@bacha.dk>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== locales/tr.json
Ömer Erdinç Yağmurlu <omeryagmurlu@gmail.com>
=== locales/uk.json
Dmytro Kytsmen <dmitrokytsmen@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== locales/zh.json
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== package.json
alecdwm <alec@owls.io>
bananaappletw <bananaappletw@gmail.com>
BoHong Li <a60814billy@gmail.com>
Bryan Davis <bd808@wikimedia.org>
Cheng-Han, Wu <jackymaxj@gmail.com>
Fabien Meghazi <agr@amigrave.com>
greenkeeperio-bot <support@greenkeeper.io>
Jason Croft <jcroft@velocity.org>
Max Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Peter Dave Hello <PeterDaveHello@users.noreply.github.com>
Sheogorath <sheogorath@shivering-isles.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/apple-touch-icon.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/bootstrap-social.css
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/center.css
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/cover.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Jason Croft <jcroft@velocity.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/extra.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/font.css
Yukai Huang <yukaihuangtw@gmail.com>
=== public/css/github-extract.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/google-font.css
Yukai Huang <yukaihuangtw@gmail.com>
=== public/css/index.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Jason Croft <jcroft@velocity.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/markdown.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/mermaid.css
Cheng-Han, Wu <jackymaxj@gmail.com>
=== public/css/site.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/css/slide-preview.css
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/css/slide.css
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/default.md
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/docs/features.md
Cheng-Han, Wu <jackymaxj@gmail.com>
Max Wu <jackymaxj@gmail.com>
Pablo Guerrero <pablo.guerrero@gmail.com>
Sheogorath <sheogorath@shivering-isles.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/docs/release-notes.md
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/docs/slide-example.md
butlerx <butlerx@notthe.cloud>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/docs/yaml-metadata.md
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/favicon.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/fonts/SourceCodePro-Black.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Black.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Black.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Bold.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Bold.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Bold.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-ExtraLight.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-ExtraLight.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-ExtraLight.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Light.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Light.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Light.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Medium.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Medium.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Medium.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Regular.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Regular.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Regular.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Semibold.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Semibold.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceCodePro-Semibold.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Black.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Black.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Black.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-BlackItalic.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-BlackItalic.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-BlackItalic.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Bold.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Bold.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Bold.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-BoldItalic.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-BoldItalic.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-BoldItalic.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-ExtraLight.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-ExtraLight.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-ExtraLight.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-ExtraLightItalic.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-ExtraLightItalic.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-ExtraLightItalic.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Italic.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Italic.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Italic.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Light.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Light.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Light.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-LightItalic.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-LightItalic.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-LightItalic.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Regular.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Regular.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Regular.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Semibold.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Semibold.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-Semibold.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-SemiboldItalic.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-SemiboldItalic.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSansPro-SemiboldItalic.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Bold.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Bold.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Bold.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Regular.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Regular.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Regular.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Semibold.eot
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Semibold.ttf
Peter Dave Hello <hsu@peterdavehello.org>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/fonts/SourceSerifPro-Semibold.woff
Yukai Huang <yukaihuangtw@gmail.com>
=== public/hackmd-icon-1024.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/js/cover.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Jason Croft <jcroft@velocity.org>
NV <nvsofts@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/extra.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
NV <nvsofts@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/google-drive-picker.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Max Wu <jackymaxj@gmail.com>
=== public/js/google-drive-upload.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/js/history.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/htmlExport.js
BoHong Li <a60814billy@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/index.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Jason Croft <jcroft@velocity.org>
Laura Kyle <laura.kyle91@gmail.com>
NV <nvsofts@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
Zankio <xxoojoeooxx1@gmail.com>
蒼時弦也 <elct9620@frost.tw>
=== public/js/lib/appState.js
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/common/constant.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/js/lib/common/login.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/config/index.js
BoHong Li <a60814billy@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/editor/config.js
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/editor/index.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/editor/statusbar.html
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/editor/ui-elements.js
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/editor/utils.js
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/modeType.js
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/lib/syncscroll.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/locale.js
BoHong Li <a60814billy@gmail.com>
Peter Dave Hello <PeterDaveHello@users.noreply.github.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/pretty.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/render.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/js/reveal-markdown.js
BoHong Li <a60814billy@gmail.com>
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/js/slide.js
BoHong Li <a60814billy@gmail.com>
Max Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/screenshot.png
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/uploads/.gitkeep
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/vendor/abcjs_basic_3.1.1-min.js
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/bootstrap/tooltip.min.css
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/bootstrap/tooltip.min.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/codemirror-spell-checker/en_US.aff
Cheng-Han, Wu <jackymaxj@gmail.com>
=== public/vendor/codemirror-spell-checker/en_US.dic
Cheng-Han, Wu <jackymaxj@gmail.com>
=== public/vendor/codemirror-spell-checker/spell-checker.min.css
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/codemirror-spell-checker/spell-checker.min.js
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/vendor/inlineAttachment/codemirror.inline-attachment.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/inlineAttachment/inline-attachment.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-textcomplete/jquery.textcomplete.js
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_flat_0_aaaaaa_40x100.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_flat_75_ffffff_40x100.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_glass_55_fbf9ee_1x400.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_glass_65_ffffff_1x400.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_glass_75_dadada_1x400.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_glass_75_e6e6e6_1x400.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_glass_95_fef1ec_1x400.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-bg_highlight-soft_75_cccccc_1x100.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-icons_222222_256x240.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-icons_2e83ff_256x240.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-icons_454545_256x240.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-icons_888888_256x240.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/images/ui-icons_cd0a0a_256x240.png
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/jquery-ui.min.css
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/jquery-ui/jquery-ui.min.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/md-toc.js
BoHong Li <a60814billy@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/ajax-adapter.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/client.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/codemirror-adapter.js
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/compress.sh
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/editor-client.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/ot.min.js
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/selection.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/socketio-adapter.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/text-operation.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/undo-manager.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/ot/wrapped-operation.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/showup/showup.css
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/vendor/showup/showup.js
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/error.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/hackmd.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/hackmd/body.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Florian Rhiem <florian.rhiem@gmail.com>
Ian Dees <ian.dees@gmail.com>
Jason Croft <jcroft@velocity.org>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
蒼時弦也 <elct9620@frost.tw>
=== public/views/hackmd/foot.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Jannik Lorenz <dev@janniklorenz.de>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/hackmd/footer.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/hackmd/head.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/hackmd/header.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Jannik Lorenz <dev@janniklorenz.de>
Jason Croft <jcroft@velocity.org>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
=== public/views/html.hbs
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/includes/header.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/includes/scripts.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/index.ejs
alecdwm <alec@owls.io>
Cheng-Han, Wu <jackymaxj@gmail.com>
Florian Rhiem <florian.rhiem@gmail.com>
James Stephenson <c4p7.fl1n7@gmail.com>
Jannik Lorenz <dev@janniklorenz.de>
Jason Croft <jcroft@velocity.org>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/index/body.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/index/foot.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/index/footer.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/index/head.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
xnum <s000032001@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/index/header.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/pretty.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== public/views/shared/disqus.ejs
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/shared/ga.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/shared/help-modal.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/shared/polyfill.ejs
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/shared/refresh-modal.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/shared/revision-modal.ejs
Cheng-Han, Wu <jackymaxj@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/shared/signin-modal.ejs
alecdwm <alec@owls.io>
Cheng-Han, Wu <jackymaxj@gmail.com>
Jason Croft <jcroft@velocity.org>
neopostmodern <clemens@neopostmodern.com>
Sheogorath <sheogorath@shivering-isles.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== public/views/slide.ejs
butlerx <butlerx@notthe.cloud>
Cheng-Han, Wu <jackymaxj@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== tmp/.keep
Wu Cheng-Han <jacky_cute0808@hotmail.com>
=== webpack.config.js
BoHong Li <a60814billy@gmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== webpack.production.js
BoHong Li <a60814billy@gmail.com>
geekyd <singhsince94@gmail.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== webpackBaseConfig.js
BoHong Li <a60814billy@gmail.com>
Peter Dave Hello <hsu@peterdavehello.org>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>
=== yarn.lock
BoHong Li <a60814billy@gmail.com>
Christian Schuhmann <madebyherzblut@users.noreply.github.com>
Wu Cheng-Han <jacky_cute0808@hotmail.com>
Yukai Huang <yukaihuangtw@gmail.com>

11
LICENSE
View file

@ -629,8 +629,15 @@ to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found. the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.> CodiMD - Realtime collaborative markdown notes on all platforms.
Copyright (C) <year> <name of author> Copyright (C) 2019 Christoph (Sheogorath) Kern
Copyright (C) 2019 Claudius Coenen
Copyright (C) 2019 Max Wu
Copyright (C) 2017 Yukai Huang
And more can be found on https://github.com/codimd/server/graphs/contributors
Or in the local AUTHORS file
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by it under the terms of the GNU Affero General Public License as published by

368
README.md
View file

@ -1,45 +1,72 @@
HackMD Community Edition CodiMD
=== ===
[![Standard - JavaScript Style Guide][standardjs-image]][standardjs-url] [![#CodiMD on matrix.org][matrix.org-image]][matrix.org-url]
[![Join the chat at https://gitter.im/hackmdio/hackmd][gitter-image]][gitter-url]
[![build status][travis-image]][travis-url] [![build status][travis-image]][travis-url]
[![version][github-version-badge]][github-release-page] [![version][github-version-badge]][github-release-page]
[![Help Contribute to Open Source][codetriage-image]][codetriage-url] [![POEditor][poeditor-image]][poeditor-url]
[![Mastodon][social-mastodon-image]][social-mastodon]
HackMD lets you create realtime collaborative markdown notes on all platforms. CodiMD lets you create real-time collaborative markdown notes. You can test-drive
Inspired by Hackpad, with more focus on speed and flexibility. it by visiting our [CodiMD demo server][codimd-demo].
Still in the early stage, feel free to fork or contribute to HackMD.
Thanks for using! :smile: It is inspired by Hackpad, Etherpad and similar collaborative editors. This
project originated with the team at [HackMD](https://hackmd.io) and now forked
into its own organisation. [A longer writeup can be read in the history doc](docs/history.md).
<!-- START doctoc generated TOC please keep comment here to allow auto update --> [![CodiMD 1.3.2 with its feature demonstration page open](docs/images/CodiMD-1.3.2-features.png)][codimd-demo-features]
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
# Table of Contents
- [Browsers Requirement](#browsers-requirement)
- [Installation](#installation)
- [Getting started (Native install)](#getting-started-native-install)
- [Prerequisite](#prerequisite)
- [Instructions](#instructions)
- [Heroku Deployment](#heroku-deployment)
- [HackMD by docker container](#hackmd-by-docker-container)
- [Upgrade](#upgrade)
- [Native setup](#native-setup)
- [Configuration](#configuration)
- [Environment variables (will overwrite other server configs)](#environment-variables-will-overwrite-other-server-configs)
- [Application settings `config.json`](#application-settings-configjson)
- [Third-party integration api key settings](#third-party-integration-api-key-settings)
- [Third-party integration oauth callback urls](#third-party-integration-oauth-callback-urls)
- [Developer Notes](#developer-notes)
- [Structure](#structure)
- [Operational Transformation](#operational-transformation)
- [License](#license)
<!-- END doctoc generated TOC please keep comment here to allow auto update --> ## Community and Contributions
# Browsers Requirement We welcome contributions! There's a lot to do: If you would like to report bugs,
the [issue tracker][github-issue-tracker] is the right place. If you can help
translating, find us on [POEditor][poeditor-url]. To get started developing,
take a look at the [docs/dev](docs/dev) directory. In any case: come talk to us,
we'll be delighted to help you with the first steps.
To stay up to date with our work or get support it's recommended to join our
[Matrix channel][matrix.org-url], stop by our [community forums][codimd-community]
or subscribe to the [release feed][github-release-feed]. We also engage in
regular [community calls][codimd-community-calls] ([RSS](https://community.codimd.org/t/codimd-community-call/19.rss)) which you are very welcome to join.
## Installation / Upgrading
You can run CodiMD in a number of ways, and we created setup instructions for
all of these:
* [Docker](docs/setup/docker.md)
* [Kubernetes](docs/setup/kubernetes.md)
* [Cloudron](docs/setup/cloudron.md)
* [LinuxServer.io (multi-arch docker)](docs/setup/docker-linuxserver.md)
* [Heroku](docs/setup/heroku.md)
* [Manual setup](docs/setup/manual-setup.md)
If you do not wish to run your own setup, you can find a commercial offering at
https://hackmd.io. This is not the same codebase as this one, but it is a very
similar project.
## Configuration
Theres two main ways to configure your CodiMD instance:
[Config file](docs/configuration-config-file.md) or
[environment variables](docs/configuration-env-vars.md). You can choose what
works best for you.
CodiMD can integrate with
* facebook, twitter, github, gitlab, mattermost, dropbox, google, ldap, saml and [oauth2](docs/guides/auth/oauth.md) **for login**
* imgur, s3, minio, azure **for image/attachment storage** (files can also be local!)
* dropbox **for export and import**
More info about that can be found in the configuration docs above.
## Browser support
To use CodiMD, your browser should match or exceed these versions:
- ![Chrome](http://browserbadge.com/chrome/47/18px) Chrome >= 47, Chrome for Android >= 47 - ![Chrome](http://browserbadge.com/chrome/47/18px) Chrome >= 47, Chrome for Android >= 47
- ![Safari](http://browserbadge.com/safari/9/18px) Safari >= 9, iOS Safari >= 8.4 - ![Safari](http://browserbadge.com/safari/9/18px) Safari >= 9, iOS Safari >= 8.4
@ -48,267 +75,30 @@ Thanks for using! :smile:
- ![Opera](http://browserbadge.com/opera/34/18px) Opera >= 34, Opera Mini not supported - ![Opera](http://browserbadge.com/opera/34/18px) Opera >= 34, Opera Mini not supported
- Android Browser >= 4.4 - Android Browser >= 4.4
# Installation
## Getting started (Native install) ## Related Tools
### Prerequisite
- Node.js 6.x or up (test up to 7.5.0)
- Database (PostgreSQL, MySQL, MariaDB, SQLite, MSSQL) use charset `utf8`
- npm (and its dependencies, especially [uWebSockets](https://github.com/uWebSockets/uWebSockets#nodejs-developers), [node-gyp](https://github.com/nodejs/node-gyp#installation))
- For **building** HackMD we recommend to use a machine with at least **2GB** RAM
### Instructions
1. Download a release and unzip or clone into a directory
2. Enter the directory and type `bin/setup`, which will install npm dependencies and create configs. The setup script is written in Bash, you would need bash as a prerequisite.
3. Setup the configs, see more below
4. Setup environment variables which will overwrite the configs
5. Build front-end bundle by `npm run build` (use `npm run dev` if you are in development)
6. Run the server as you like (node, forever, pm2)
## Heroku Deployment
You can quickly setup a sample heroku hackmd application by clicking the button below.
[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
## HackMD by docker container
[![Try in PWD](https://cdn.rawgit.com/play-with-docker/stacks/cff22438/assets/images/button.png)](http://play-with-docker.com?stack=https://github.com/hackmdio/docker-hackmd/raw/master/docker-compose.yml&stack_name=hackmd)
**Debian-based version:**
[![latest](https://images.microbadger.com/badges/version/hackmdio/hackmd.svg)](https://microbadger.com/images/hackmdio/hackmd "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/hackmdio/hackmd.svg)](https://microbadger.com/images/hackmdio/hackmd "Get your own image badge on microbadger.com")
**Alpine-based version:**
[![latest-alpine](https://images.microbadger.com/badges/version/hackmdio/hackmd:latest-alpine.svg)](https://microbadger.com/images/hackmdio/hackmd:latest-alpine "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/hackmdio/hackmd:latest-alpine.svg)](https://microbadger.com/images/hackmdio/hackmd:latest-alpine "Get your own image badge on microbadger.com")
The easiest way to setup HackMD using docker are using the following three commands:
```console
git clone https://github.com/hackmdio/docker-hackmd.git
cd docker-hackmd
docker-compose up
```
Read more about it in the [docker repository…](https://github.com/hackmdio/docker-hackmd)
# Upgrade
## Native setup
If you are upgrading HackMD from an older version, follow these steps:
1. Fully stop your old server first (important)
2. `git pull` or do whatever that updates the files
3. `npm install` to update dependencies
4. Build front-end bundle by `npm run build` (use `npm run dev` if you are in development)
5. Modify the file named `.sequelizerc`, change the value of the variable `url` with your db connection string
For example: `postgres://username:password@localhost:5432/hackmd`
6. Run `node_modules/.bin/sequelize db:migrate`, this step will migrate your db to the latest schema
7. Start your whole new server!
* [migration-to-0.5.0](https://github.com/hackmdio/migration-to-0.5.0)
We don't use LZString to compress socket.io data and DB data after version 0.5.0.
Please run the migration tool if you're upgrading from the old version.
* [migration-to-0.4.0](https://github.com/hackmdio/migration-to-0.4.0)
We've dropped MongoDB after version 0.4.0.
So here is the migration tool for you to transfer the old DB data to the new DB.
This tool is also used for official service.
# Configuration
There are some configs you need to change in the files below
```
./config.json ----application settings
```
## Environment variables (will overwrite other server configs)
| variables | example values | description |
| --------- | ------ | ----------- |
| NODE_ENV | `production` or `development` | set current environment (will apply corresponding settings in the `config.json`) |
| DEBUG | `true` or `false` | set debug mode, show more logs |
| HMD_DOMAIN | `hackmd.io` | domain name |
| HMD_URL_PATH | `hackmd` | sub url path, like `www.example.com/<URL_PATH>` |
| HMD_PORT | `80` | web app port |
| HMD_ALLOW_ORIGIN | `localhost, hackmd.io` | domain name whitelist (use comma to separate) |
| HMD_PROTOCOL_USESSL | `true` or `false` | set to use ssl protocol for resources path (only applied when domain is set) |
| HMD_URL_ADDPORT | `true` or `false` | set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set) |
| HMD_USECDN | `true` or `false` | set to use CDN resources or not (default is `true`) |
| HMD_ALLOW_ANONYMOUS | `true` or `false` | set to allow anonymous usage (default is `true`) |
| HMD_ALLOW_ANONYMOUS_EDITS | `true` or `false` | if `allowanonymous` is `true`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) |
| HMD_ALLOW_FREEURL | `true` or `false` | set to allow new note by accessing not exist note url |
| HMD_DEFAULT_PERMISSION | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) |
| HMD_DB_URL | `mysql://localhost:3306/database` | set the db url |
| HMD_FACEBOOK_CLIENTID | no example | Facebook API client id |
| HMD_FACEBOOK_CLIENTSECRET | no example | Facebook API client secret |
| HMD_TWITTER_CONSUMERKEY | no example | Twitter API consumer key |
| HMD_TWITTER_CONSUMERSECRET | no example | Twitter API consumer secret |
| HMD_GITHUB_CLIENTID | no example | GitHub API client id |
| HMD_GITHUB_CLIENTSECRET | no example | GitHub API client secret |
| HMD_GITLAB_SCOPE | `read_user` or `api` | GitLab API requested scope (default is `api`) (gitlab snippet import/export need `api` scope) |
| HMD_GITLAB_BASEURL | no example | GitLab authentication endpoint, set to use other endpoint than GitLab.com (optional) |
| HMD_GITLAB_CLIENTID | no example | GitLab API client id |
| HMD_GITLAB_CLIENTSECRET | no example | GitLab API client secret |
| HMD_MATTERMOST_BASEURL | no example | Mattermost authentication endpoint |
| HMD_MATTERMOST_CLIENTID | no example | Mattermost API client id |
| HMD_MATTERMOST_CLIENTSECRET | no example | Mattermost API client secret |
| HMD_DROPBOX_CLIENTID | no example | Dropbox API client id |
| HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
| HMD_GOOGLE_CLIENTID | no example | Google API client id |
| HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
| HMD_LDAP_URL | `ldap://example.com` | url of LDAP server |
| HMD_LDAP_BINDDN | no example | bindDn for LDAP access |
| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access |
| HMD_LDAP_TOKENSECRET | `supersecretkey` | secret used for generating access/refresh tokens |
| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
| HMD_LDAP_SEARCHATTRIBUTES | `displayName, mail` | LDAP attributes to search with (use comma to separate) |
| HMD_LDAP_USERNAMEFIELD | `uid` | The LDAP field which is used as the username on HackMD |
| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
| HMD_SAML_IDPSSOURL | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](docs/guides/auth.md#saml-onelogin). |
| HMD_SAML_IDPCERT | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
| HMD_SAML_ISSUER | no example | identity of the service provider (optional, default: serverurl)" |
| HMD_SAML_IDENTIFIERFORMAT | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
| HMD_SAML_GROUPATTRIBUTE | `memberOf` | attribute name for group list (optional) |
| HMD_SAML_REQUIREDGROUPS | `Hackmd-users` | group names that allowed (use vertical bar to separate) (optional) |
| HMD_SAML_EXTERNALGROUPS | `Temporary-staff` | group names that not allowed (use vertical bar to separate) (optional) |
| HMD_SAML_ATTRIBUTE_ID | `sAMAccountName` | attribute map for `id` (optional, default: NameID of SAML response) |
| HMD_SAML_ATTRIBUTE_USERNAME | `mailNickname` | attribute map for `username` (optional, default: NameID of SAML response) |
| HMD_SAML_ATTRIBUTE_EMAIL | `mail` | attribute map for `email` (optional, default: NameID of SAML response if `HMD_SAML_IDENTIFIERFORMAT` is default) |
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
| HMD_EMAIL | `true` or `false` | set to allow email signin |
| HMD_ALLOW_PDF_EXPORT | `true` or `false` | Enable or disable PDF exports |
| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
| HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3`, `minio` or `filesystem` | Where to upload image. For S3, see our Image Upload Guides for [S3](docs/guides/s3-image-upload.md) or [Minio](docs/guides/minio-image-upload.md) |
| HMD_S3_ACCESS_KEY_ID | no example | AWS access key id |
| HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key |
| HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
| HMD_S3_BUCKET | no example | AWS S3 bucket name |
| HMD_MINIO_ACCESS_KEY | no example | Minio access key |
| HMD_MINIO_SECRET_KEY | no example | Minio secret key |
| HMD_MINIO_ENDPOINT | `minio.example.org` | Address of your Minio endpoint/instance |
| HMD_MINIO_PORT | `9000` | Port that is used for your minio instance |
| HMD_MINIO_SECURE | `true` | If set to true HTTPS is used for minio |
| HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
| HMD_HSTS_INCLUDE_SUBDOMAINS | `true` | set to include subdomains in HSTS (default is `true`) |
| HMD_HSTS_MAX_AGE | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
| HMD_HSTS_PRELOAD | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
| HMD_CSP_ENABLE | `true` | whether to enable Content Security Policy (directives cannot be configured with environment variables) |
## Application settings `config.json`
| variables | example values | description |
| --------- | ------ | ----------- |
| debug | `true` or `false` | set debug mode, show more logs |
| domain | `localhost` | domain name |
| urlpath | `hackmd` | sub url path, like `www.example.com/<urlpath>` |
| port | `80` | web app port |
| alloworigin | `['localhost']` | domain name whitelist |
| usessl | `true` or `false` | set to use ssl server (if true will auto turn on `protocolusessl`) |
| hsts | `{"enable": true, "maxAgeSeconds": 31536000, "includeSubdomains": true, "preload": true}` | [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) options to use with HTTPS (default is the example value, max age is a year) |
| csp | `{"enable": true, "directives": {"scriptSrc": "trustworthy-scripts.example.com"}, "upgradeInsecureRequests": "auto", "addDefaults": true}` | Configures [Content Security Policy](https://helmetjs.github.io/docs/csp/). Directives are passed to Helmet - see [their documentation](https://helmetjs.github.io/docs/csp/) for more information on the format. Some defaults are added to the configured values so that the application doesn't break. To disable this behaviour, set `addDefaults` to `false`. Further, if `usecdn` is on, some CDN locations are allowed too. By default (`auto`), insecure (HTTP) requests are upgraded to HTTPS via CSP if `usessl` is on. To change this behaviour, set `upgradeInsecureRequests` to either `true` or `false`. |
| protocolusessl | `true` or `false` | set to use ssl protocol for resources path (only applied when domain is set) |
| urladdport | `true` or `false` | set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set) |
| usecdn | `true` or `false` | set to use CDN resources or not (default is `true`) |
| allowanonymous | `true` or `false` | set to allow anonymous usage (default is `true`) |
| allowanonymousedits | `true` or `false` | if `allowanonymous` is `true`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) |
| allowfreeurl | `true` or `false` | set to allow new note by accessing not exist note url |
| defaultpermission | `freely`, `editable`, `limited`, `locked`, `protected` or `private` | set notes default permission (only applied on signed users) |
| dburl | `mysql://localhost:3306/database` | set the db url, if set this variable then below db config won't be applied |
| db | `{ "dialect": "sqlite", "storage": "./db.hackmd.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) |
| sslkeypath | `./cert/client.key` | ssl key path (only need when you set usessl) |
| sslcertpath | `./cert/hackmd_io.crt` | ssl cert path (only need when you set usessl) |
| sslcapath | `['./cert/COMODORSAAddTrustCA.crt']` | ssl ca chain (only need when you set usessl) |
| dhparampath | `./cert/dhparam.pem` | ssl dhparam path (only need when you set usessl) |
| tmppath | `./tmp/` | temp directory path |
| defaultnotepath | `./public/default.md` | default note file path |
| docspath | `./public/docs` | docs directory path |
| indexpath | `./public/views/index.ejs` | index template file path |
| hackmdpath | `./public/views/hackmd.ejs` | hackmd template file path |
| errorpath | `./public/views/error.ejs` | error template file path |
| prettypath | `./public/views/pretty.ejs` | pretty template file path |
| slidepath | `./public/views/slide.hbs` | slide template file path |
| sessionname | `connect.sid` | cookie session name |
| sessionsecret | `secret` | cookie session secret |
| sessionlife | `14 * 24 * 60 * 60 * 1000` | cookie session life |
| staticcachetime | `1 * 24 * 60 * 60 * 1000` | static file cache time |
| heartbeatinterval | `5000` | socket.io heartbeat interval |
| heartbeattimeout | `10000` | socket.io heartbeat timeout |
| documentmaxlength | `100000` | note max length |
| email | `true` or `false` | set to allow email signin |
| allowemailregister | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
| imageUploadType | `imgur`(default), `s3`, `minio` or `filesystem` | Where to upload image
| minio | `{ "accessKey": "YOUR_MINIO_ACCESS_KEY", "secretKey": "YOUR_MINIO_SECRET_KEY", "endpoint": "YOUR_MINIO_HOST", port: 9000, secure: true }` | When `imageUploadType` is set to `minio`, you need to set this key. Also checkout our [Minio Image Upload Guide](docs/guides/minio-image-upload.md) |
| s3 | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION" }` | When `imageUploadType` be set to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) |
| s3bucket | `YOUR_S3_BUCKET_NAME` | bucket name when `imageUploadType` is set to `s3` or `minio` |
## Third-party integration api key settings
| service | settings location | description |
| ------- | --------- | ----------- |
| facebook, twitter, github, gitlab, mattermost, dropbox, google, ldap, saml | environment variables or `config.json` | for signin |
| imgur, s3, minio | environment variables or `config.json` | for image upload |
| google drive(`google/apiKey`, `google/clientID`), dropbox(`dropbox/appKey`) | `config.json` | for export and import |
## Third-party integration oauth callback urls
| service | callback url (after the server url) |
| ------- | --------- |
| facebook | `/auth/facebook/callback` |
| twitter | `/auth/twitter/callback` |
| github | `/auth/github/callback` |
| gitlab | `/auth/gitlab/callback` |
| mattermost | `/auth/mattermost/callback` |
| dropbox | `/auth/dropbox/callback` |
| google | `/auth/google/callback` |
| saml | `/auth/saml/callback` |
# Developer Notes
## Structure
```text
hackmd/
├── tmp/ --- temporary files
├── docs/ --- document files
├── lib/ --- server libraries
└── public/ --- client files
├── css/ --- css styles
├── js/ --- js scripts
├── vendor/ --- vendor includes
└── views/ --- view templates
```
## Operational Transformation
From 0.3.2, we started supporting operational transformation.
It makes concurrent editing safe and will not break up other users' operations.
Additionally, now can show other clients' selections.
See more at [http://operational-transformation.github.io/](http://operational-transformation.github.io/)
Our community has created related tools, we'd like to highlight [codimd-cli](https://github.com/codimd/cli)
which lets you use CodiMD from the comfort of your command line.
# License # License
**License under AGPL.** Licensed under AGPLv3. For our list of contributors, see [AUTHORS](AUTHORS).
[gitter-image]: https://badges.gitter.im/Join%20Chat.svg [matrix.org-image]: https://img.shields.io/badge/Matrix.org-%23CodiMD@matrix.org-green.svg
[gitter-url]: https://gitter.im/hackmdio/hackmd?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge [matrix.org-url]: https://riot.im/app/#/room/#codimd:matrix.org
[travis-image]: https://travis-ci.org/hackmdio/hackmd.svg?branch=master [travis-image]: https://travis-ci.org/codimd/server.svg?branch=master
[travis-url]: https://travis-ci.org/hackmdio/hackmd [travis-url]: https://travis-ci.org/codimd/server
[github-version-badge]: https://img.shields.io/github/release/hackmdio/hackmd.svg [github-version-badge]: https://img.shields.io/github/release/codimd/server.svg
[github-release-page]: https://github.com/hackmdio/hackmd/releases [github-release-page]: https://github.com/codimd/server/releases
[standardjs-image]: https://cdn.rawgit.com/feross/standard/master/badge.svg [github-release-feed]: https://github.com/codimd/server/releases.atom
[standardjs-url]: https://github.com/feross/standard [github-issue-tracker]: https://github.com/codimd/server/issues/
[codetriage-image]: https://www.codetriage.com/hackmdio/hackmd/badges/users.svg [poeditor-image]: https://img.shields.io/badge/POEditor-translate-blue.svg
[codetriage-url]: https://www.codetriage.com/hackmdio/hackmd [poeditor-url]: https://poeditor.com/join/project/1OpGjF2Jir
[codimd-demo]: https://demo.codimd.org
[codimd-demo-features]: https://demo.codimd.org/features
[codimd-community]: https://community.codimd.org
[codimd-community-calls]: https://community.codimd.org/t/codimd-community-call/19
[social-mastodon]: https://social.codimd.org/mastodon
[social-mastodon-image]: https://img.shields.io/badge/social-mastodon-3c99dc.svg

125
app.js
View file

@ -26,41 +26,23 @@ var response = require('./lib/response')
var models = require('./lib/models') var models = require('./lib/models')
var csp = require('./lib/csp') var csp = require('./lib/csp')
// generate front-end constants by template
var constpath = path.join(__dirname, './public/js/lib/common/constant.ejs')
var data = {
domain: config.domain,
urlpath: config.urlpath,
debug: config.debug,
version: config.version,
GOOGLE_API_KEY: config.google.clientSecret,
GOOGLE_CLIENT_ID: config.google.clientID,
DROPBOX_APP_KEY: config.dropbox.appKey,
allowedUploadMimeTypes: config.allowedUploadMimeTypes
}
ejs.renderFile(constpath, data, {}, function (err, str) {
if (err) throw new Error(err)
fs.writeFileSync(path.join(__dirname, './public/build/constant.js'), str)
})
// server setup // server setup
var app = express() var app = express()
var server = null var server = null
if (config.usessl) { if (config.useSSL) {
var ca = (function () { var ca = (function () {
var i, len, results var i, len, results
results = [] results = []
for (i = 0, len = config.sslcapath.length; i < len; i++) { for (i = 0, len = config.sslCAPath.length; i < len; i++) {
results.push(fs.readFileSync(config.sslcapath[i], 'utf8')) results.push(fs.readFileSync(config.sslCAPath[i], 'utf8'))
} }
return results return results
})() })()
var options = { var options = {
key: fs.readFileSync(config.sslkeypath, 'utf8'), key: fs.readFileSync(config.sslKeyPath, 'utf8'),
cert: fs.readFileSync(config.sslcertpath, 'utf8'), cert: fs.readFileSync(config.sslCertPath, 'utf8'),
ca: ca, ca: ca,
dhparam: fs.readFileSync(config.dhparampath, 'utf8'), dhparam: fs.readFileSync(config.dhParamPath, 'utf8'),
requestCert: false, requestCert: false,
rejectUnauthorized: false rejectUnauthorized: false
} }
@ -71,12 +53,12 @@ if (config.usessl) {
// logger // logger
app.use(morgan('combined', { app.use(morgan('combined', {
'stream': logger 'stream': logger.stream
})) }))
// socket io // socket io
var io = require('socket.io')(server) var io = require('socket.io')(server)
io.engine.ws = new (require('uws').Server)({ io.engine.ws = new (require('ws').Server)({
noServer: true, noServer: true,
perMessageDeflate: false perMessageDeflate: false
}) })
@ -101,15 +83,22 @@ app.use(compression())
// use hsts to tell https users stick to this // use hsts to tell https users stick to this
if (config.hsts.enable) { if (config.hsts.enable) {
app.use(helmet.hsts({ app.use(helmet.hsts({
maxAge: config.hsts.maxAgeSeconds * 1000, maxAge: config.hsts.maxAgeSeconds,
includeSubdomains: config.hsts.includeSubdomains, includeSubdomains: config.hsts.includeSubdomains,
preload: config.hsts.preload preload: config.hsts.preload
})) }))
} else if (config.usessl) { } else if (config.useSSL) {
logger.info('Consider enabling HSTS for extra security:') logger.info('Consider enabling HSTS for extra security:')
logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security') logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security')
} }
// Add referrer policy to improve privacy
app.use(
helmet.referrerPolicy({
policy: 'same-origin'
})
)
// Generate a random nonce per request, for CSP with inline scripts // Generate a random nonce per request, for CSP with inline scripts
app.use(csp.addNonceToLocals) app.use(csp.addNonceToLocals)
@ -124,9 +113,11 @@ if (config.csp.enable) {
} }
i18n.configure({ i18n.configure({
locales: ['en', 'zh', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da'], locales: ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id', 'sr', 'vi'],
cookie: 'locale', cookie: 'locale',
directory: path.join(__dirname, '/locales') indent: ' ', // this is the style poeditor.com exports it, this creates less churn
directory: path.join(__dirname, '/locales'),
updateFiles: config.updateI18nFiles
}) })
app.use(cookieParser()) app.use(cookieParser())
@ -135,17 +126,20 @@ app.use(i18n.init)
// routes without sessions // routes without sessions
// static files // static files
app.use('/', express.static(path.join(__dirname, '/public'), { maxAge: config.staticcachetime })) app.use('/', express.static(path.join(__dirname, '/public'), { maxAge: config.staticCacheTime, index: false }))
app.use('/docs', express.static(path.resolve(__dirname, config.docsPath), { maxAge: config.staticCacheTime }))
app.use('/uploads', express.static(path.resolve(__dirname, config.uploadsPath), { maxAge: config.staticCacheTime }))
app.use('/default.md', express.static(path.resolve(__dirname, config.defaultNotePath), { maxAge: config.staticCacheTime }))
// session // session
app.use(session({ app.use(session({
name: config.sessionname, name: config.sessionName,
secret: config.sessionsecret, secret: config.sessionSecret,
resave: false, // don't save session if unmodified resave: false, // don't save session if unmodified
saveUninitialized: true, // always create session to ensure the origin saveUninitialized: true, // always create session to ensure the origin
rolling: true, // reset maxAge on every response rolling: true, // reset maxAge on every response
cookie: { cookie: {
maxAge: config.sessionlife maxAge: config.sessionLife
}, },
store: sessionStore store: sessionStore
})) }))
@ -173,14 +167,44 @@ app.use(passport.session())
app.use(require('./lib/web/middleware/checkURIValid')) app.use(require('./lib/web/middleware/checkURIValid'))
// redirect url without trailing slashes // redirect url without trailing slashes
app.use(require('./lib/web/middleware/redirectWithoutTrailingSlashes')) app.use(require('./lib/web/middleware/redirectWithoutTrailingSlashes'))
app.use(require('./lib/web/middleware/codiMDVersion'))
// routes need sessions // routes need sessions
// template files // template files
app.set('views', path.join(__dirname, '/public/views')) app.set('views', config.viewPath)
// set render engine // set render engine
app.engine('ejs', ejs.renderFile) app.engine('ejs', ejs.renderFile)
// set view engine // set view engine
app.set('view engine', 'ejs') app.set('view engine', 'ejs')
// set generally available variables for all views
app.locals.useCDN = config.useCDN
app.locals.serverURL = config.serverURL
app.locals.sourceURL = config.sourceURL
app.locals.allowAnonymous = config.allowAnonymous
app.locals.allowAnonymousEdits = config.allowAnonymousEdits
app.locals.allowPDFExport = config.allowPDFExport
app.locals.authProviders = {
facebook: config.isFacebookEnable,
twitter: config.isTwitterEnable,
github: config.isGitHubEnable,
gitlab: config.isGitLabEnable,
mattermost: config.isMattermostEnable,
dropbox: config.isDropboxEnable,
google: config.isGoogleEnable,
ldap: config.isLDAPEnable,
ldapProviderName: config.ldap.providerName,
saml: config.isSAMLEnable,
oauth2: config.isOAuth2Enable,
oauth2ProviderName: config.oauth2.providerName,
openID: config.isOpenIDEnable,
email: config.isEmailEnable,
allowEmailRegister: config.allowEmailRegister
}
// Export/Import menu items
app.locals.enableDropBoxSave = config.isDropboxEnable
app.locals.enableGitHubGist = config.isGitHubEnable
app.locals.enableGitlabSnippets = config.isGitlabSnippetsEnable
app.use(require('./lib/web/baseRouter')) app.use(require('./lib/web/baseRouter'))
app.use(require('./lib/web/statusRouter')) app.use(require('./lib/web/statusRouter'))
@ -200,25 +224,35 @@ io.use(realtime.secure)
// socket.io auth // socket.io auth
io.use(passportSocketIo.authorize({ io.use(passportSocketIo.authorize({
cookieParser: cookieParser, cookieParser: cookieParser,
key: config.sessionname, key: config.sessionName,
secret: config.sessionsecret, secret: config.sessionSecret,
store: sessionStore, store: sessionStore,
success: realtime.onAuthorizeSuccess, success: realtime.onAuthorizeSuccess,
fail: realtime.onAuthorizeFail fail: realtime.onAuthorizeFail
})) }))
// socket.io heartbeat // socket.io heartbeat
io.set('heartbeat interval', config.heartbeatinterval) io.set('heartbeat interval', config.heartbeatInterval)
io.set('heartbeat timeout', config.heartbeattimeout) io.set('heartbeat timeout', config.heartbeatTimeout)
// socket.io connection // socket.io connection
io.sockets.on('connection', realtime.connection) io.sockets.on('connection', realtime.connection)
// listen // listen
function startListen () { function startListen () {
server.listen(config.port, function () { var address
var schema = config.usessl ? 'HTTPS' : 'HTTP' var listenCallback = function () {
logger.info('%s Server listening at port %d', schema, config.port) var schema = config.useSSL ? 'HTTPS' : 'HTTP'
logger.info('%s Server listening at %s', schema, address)
realtime.maintenance = false realtime.maintenance = false
}) }
// use unix domain socket if 'path' is specified
if (config.path) {
address = config.path
server.listen(config.path, listenCallback)
} else {
address = config.host + ':' + config.port
server.listen(config.port, config.host, listenCallback)
}
} }
// sync db then start listen // sync db then start listen
@ -244,7 +278,7 @@ process.on('uncaughtException', function (err) {
// install exit handler // install exit handler
function handleTermSignals () { function handleTermSignals () {
logger.info('hackmd has been killed by signal, try to exit gracefully...') logger.info('CodiMD has been killed by signal, try to exit gracefully...')
realtime.maintenance = true realtime.maintenance = true
// disconnect all socket.io clients // disconnect all socket.io clients
Object.keys(io.sockets.sockets).forEach(function (key) { Object.keys(io.sockets.sockets).forEach(function (key) {
@ -255,6 +289,9 @@ function handleTermSignals () {
socket.disconnect(true) socket.disconnect(true)
}, 0) }, 0)
}) })
if (config.path) {
fs.unlink(config.path)
}
var checkCleanTimer = setInterval(function () { var checkCleanTimer = setInterval(function () {
if (realtime.isReady()) { if (realtime.isReady()) {
models.Revision.checkAllNotesRevision(function (err, notes) { models.Revision.checkAllNotesRevision(function (err, notes) {

View file

@ -1,20 +1,16 @@
{ {
"name": "HackMD", "name": "CodiMD",
"description": "Realtime collaborative markdown notes on all platforms", "description": "Realtime collaborative markdown notes on all platforms",
"keywords": [ "keywords": [
"Collaborative", "Collaborative",
"Markdown", "Markdown",
"Notes" "Notes"
], ],
"website": "https://hackmd.io", "website": "https://codimd.org",
"repository": "https://github.com/hackmdio/hackmd", "repository": "https://github.com/codimd/server",
"logo": "https://github.com/hackmdio/hackmd/raw/master/public/hackmd-icon-1024.png", "logo": "https://github.com/codimd/server/raw/master/public/codimd-icon-1024.png",
"success_url": "/", "success_url": "/",
"env": { "env": {
"BUILD_ASSETS": {
"description": "Our build script variable",
"value": "true"
},
"NPM_CONFIG_PRODUCTION": { "NPM_CONFIG_PRODUCTION": {
"description": "Let npm also install development build tool", "description": "Let npm also install development build tool",
"value": "false" "value": "false"
@ -23,137 +19,129 @@
"description": "Specify database type. See sequelize available databases. Default using postgres", "description": "Specify database type. See sequelize available databases. Default using postgres",
"value": "postgres" "value": "postgres"
}, },
"HMD_HSTS_ENABLE": { "CMD_SESSION_SECRET": {
"description": "Secret used to secure session cookies.",
"required": false
},
"CMD_HSTS_ENABLE": {
"description": "whether to also use HSTS if HTTPS is enabled", "description": "whether to also use HSTS if HTTPS is enabled",
"required": false "required": false
}, },
"HMD_HSTS_MAX_AGE": { "CMD_HSTS_MAX_AGE": {
"description": "max duration, in seconds, to tell clients to keep HSTS status", "description": "max duration, in seconds, to tell clients to keep HSTS status",
"required": false "required": false
}, },
"HMD_HSTS_INCLUDE_SUBDOMAINS": { "CMD_HSTS_INCLUDE_SUBDOMAINS": {
"description": "whether to tell clients to also regard subdomains as HSTS hosts", "description": "whether to tell clients to also regard subdomains as HSTS hosts",
"required": false "required": false
}, },
"HMD_HSTS_PRELOAD": { "CMD_HSTS_PRELOAD": {
"description": "whether to allow at all adding of the site to HSTS preloads (e.g. in browsers)", "description": "whether to allow at all adding of the site to HSTS preloads (e.g. in browsers)",
"required": false "required": false
}, },
"HMD_DOMAIN": { "CMD_DOMAIN": {
"description": "domain name", "description": "domain name",
"required": false "required": false
}, },
"HMD_URL_PATH": { "CMD_URL_PATH": {
"description": "sub url path, like `www.example.com/<URL_PATH>`", "description": "sub url path, like `www.example.com/<URL_PATH>`",
"required": false "required": false
}, },
"HMD_ALLOW_ORIGIN": { "CMD_ALLOW_ORIGIN": {
"description": "domain name whitelist (use comma to separate)", "description": "domain name whitelist (use comma to separate)",
"required": false, "required": false,
"value": "localhost" "value": "localhost"
}, },
"HMD_PROTOCOL_USESSL": { "CMD_PROTOCOL_USESSL": {
"description": "set to use ssl protocol for resources path (only applied when domain is set)", "description": "set to use ssl protocol for resources path (only applied when domain is set)",
"required": false "required": false
}, },
"HMD_URL_ADDPORT": { "CMD_URL_ADDPORT": {
"description": "set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set)", "description": "set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set)",
"required": false "required": false
}, },
"HMD_FACEBOOK_CLIENTID": { "CMD_FACEBOOK_CLIENTID": {
"description": "Facebook API client id", "description": "Facebook API client id",
"required": false "required": false
}, },
"HMD_FACEBOOK_CLIENTSECRET": { "CMD_FACEBOOK_CLIENTSECRET": {
"description": "Facebook API client secret", "description": "Facebook API client secret",
"required": false "required": false
}, },
"HMD_TWITTER_CONSUMERKEY": { "CMD_TWITTER_CONSUMERKEY": {
"description": "Twitter API consumer key", "description": "Twitter API consumer key",
"required": false "required": false
}, },
"HMD_TWITTER_CONSUMERSECRET": { "CMD_TWITTER_CONSUMERSECRET": {
"description": "Twitter API consumer secret", "description": "Twitter API consumer secret",
"required": false "required": false
}, },
"HMD_GITHUB_CLIENTID": { "CMD_GITHUB_CLIENTID": {
"description": "GitHub API client id", "description": "GitHub API client id",
"required": false "required": false
}, },
"HMD_GITHUB_CLIENTSECRET": { "CMD_GITHUB_CLIENTSECRET": {
"description": "GitHub API client secret", "description": "GitHub API client secret",
"required": false "required": false
}, },
"HMD_GITLAB_BASEURL": { "CMD_GITLAB_BASEURL": {
"description": "GitLab authentication endpoint, set to use other endpoint than GitLab.com (optional)", "description": "GitLab authentication endpoint, set to use other endpoint than GitLab.com (optional)",
"required": false "required": false
}, },
"HMD_GITLAB_CLIENTID": { "CMD_GITLAB_CLIENTID": {
"description": "GitLab API client id", "description": "GitLab API client id",
"required": false "required": false
}, },
"HMD_GITLAB_CLIENTSECRET": { "CMD_GITLAB_CLIENTSECRET": {
"description": "GitLab API client secret", "description": "GitLab API client secret",
"required": false "required": false
}, },
"HMD_GITLAB_SCOPE": { "CMD_GITLAB_SCOPE": {
"description": "GitLab API client scope (optional)", "description": "GitLab API client scope (optional)",
"required": false "required": false
}, },
"HMD_MATTERMOST_BASEURL": { "CMD_MATTERMOST_BASEURL": {
"description": "Mattermost authentication endpoint", "description": "Mattermost authentication endpoint",
"required": false "required": false
}, },
"HMD_MATTERMOST_CLIENTID": { "CMD_MATTERMOST_CLIENTID": {
"description": "Mattermost API client id", "description": "Mattermost API client id",
"required": false "required": false
}, },
"HMD_MATTERMOST_CLIENTSECRET": { "CMD_MATTERMOST_CLIENTSECRET": {
"description": "Mattermost API client secret", "description": "Mattermost API client secret",
"required": false "required": false
}, },
"HMD_DROPBOX_CLIENTID": { "CMD_DROPBOX_CLIENTID": {
"description": "Dropbox API client id", "description": "Dropbox API client id",
"required": false "required": false
}, },
"HMD_DROPBOX_CLIENTSECRET": { "CMD_DROPBOX_CLIENTSECRET": {
"description": "Dropbox API client secret", "description": "Dropbox API client secret",
"required": false "required": false
}, },
"HMD_DROPBOX_APP_KEY": { "CMD_DROPBOX_APP_KEY": {
"description": "Dropbox app key (for import/export)", "description": "Dropbox app key (for import/export)",
"required": false "required": false
}, },
"HMD_GOOGLE_CLIENTID": { "CMD_GOOGLE_CLIENTID": {
"description": "Google API client id", "description": "Google API client id",
"required": false "required": false
}, },
"HMD_GOOGLE_CLIENTSECRET": { "CMD_GOOGLE_CLIENTSECRET": {
"description": "Google API client secret", "description": "Google API client secret",
"required": false "required": false
}, },
"HMD_GOOGLE_API_KEY": { "CMD_IMGUR_CLIENTID": {
"description": "Google API key (for import/export)",
"required": false
},
"HMD_IMGUR_CLIENTID": {
"description": "Imgur API client id", "description": "Imgur API client id",
"required": false "required": false
}, },
"HMD_ALLOW_PDF_EXPORT": { "CMD_ALLOW_PDF_EXPORT": {
"description": "Enable or disable PDF exports", "description": "Enable or disable PDF exports",
"required": false "required": false
} }
}, },
"addons": [ "addons": [
"heroku-postgresql" "heroku-postgresql"
],
"buildpacks": [
{
"url": "https://github.com/alex88/heroku-buildpack-vips"
},
{
"url": "https://github.com/heroku/heroku-buildpack-nodejs"
}
] ]
} }

View file

@ -2,9 +2,7 @@
set -e set -e
if [ "$BUILD_ASSETS" = true ]; then cat << EOF > .sequelizerc
# setup config files
cat << EOF > .sequelizerc
var path = require('path'); var path = require('path');
module.exports = { module.exports = {
@ -17,7 +15,7 @@ module.exports = {
EOF EOF
cat << EOF > config.json cat << EOF > config.json
{ {
"production": { "production": {
@ -25,7 +23,3 @@ EOF
} }
EOF EOF
# build app
npm run build
fi

119
bin/manage_users Executable file
View file

@ -0,0 +1,119 @@
#!/usr/bin/env node
// First configure the logger so it does not spam the console
const logger = require("../lib/logger");
logger.transports.forEach((transport) => transport.level = "warning")
const models = require("../lib/models/");
const readline = require("readline-sync");
const minimist = require("minimist");
function showUsage(tips) {
console.log(`${tips}
Command-line utility to create users for email-signin.
Usage: bin/manage_users [--pass password] (--add | --del) user-email
Options:
--add Add user with the specified user-email
--del Delete user with specified user-email
--reset Reset user password with specified user-email
--pass Use password from cmdline rather than prompting
`);
process.exit(1);
}
function getPass(argv, action) {
// Find whether we use cmdline or prompt password
if(typeof argv["pass"] !== 'string') {
return readline.question(`Password for ${argv[action]}:`, {hideEchoBack: true});
}
console.log("Using password from commandline...");
return argv["pass"];
}
// Using an async function to be able to use await inside
async function createUser(argv) {
const existing_user = await models.User.findOne({where: {email: argv["add"]}});
// Cannot create already-existing users
if(existing_user != undefined) {
console.log(`User with e-mail ${existing_user.email} already exists! Aborting ...`);
process.exit(1);
}
const pass = getPass(argv, "add");
// Lets try to create, and check success
const ref = await models.User.create({email: argv["add"], password: pass});
if(ref == undefined) {
console.log(`Could not create user with email ${argv["add"]}`);
process.exit(1);
} else
console.log(`Created user with email ${argv["add"]}`);
}
// Using an async function to be able to use await inside
async function deleteUser(argv) {
// Cannot delete non-existing users
const existing_user = await models.User.findOne({where: {email: argv["del"]}});
if(existing_user === undefined) {
console.log(`User with e-mail ${argv["del"]} does not exist, cannot delete`);
process.exit(1);
}
// Sadly .destroy() does not return any success value with all
// backends. See sequelize #4124
await existing_user.destroy();
console.log(`Deleted user ${argv["del"]} ...`);
}
// Using an async function to be able to use await inside
async function resetUser(argv) {
const existing_user = await models.User.findOne({where: {email: argv["reset"]}});
// Cannot reset non-existing users
if(existing_user == undefined) {
console.log(`User with e-mail ${argv["reset"]} does not exist, cannot reset`);
process.exit(1);
}
const pass = getPass(argv, "reset");
// set password and save
existing_user.password = pass;
await existing_user.save();
console.log(`User with email ${argv["reset"]} password has been reset`);
}
const options = {
add: createUser,
del: deleteUser,
reset: resetUser,
};
// Perform commandline-parsing
const argv = minimist(process.argv.slice(2));
const keys = Object.keys(options);
const opts = keys.filter((key) => argv[key] !== undefined);
const action = opts[0];
// Check for options missing
if (opts.length === 0) {
showUsage(`You did not specify either ${keys.map((key) => `--${key}`).join(' or ')}!`);
}
// Check if both are specified
if (opts.length > 1) {
showUsage(`You cannot ${action.join(' and ')} at the same time!`);
}
// Check if not string
if (typeof argv[action] !== 'string') {
showUsage(`You must follow an email after --${action}`);
}
// Call respective processing functions
options[action](argv).then(function() {
process.exit(0);
});

View file

@ -8,11 +8,12 @@ if [ -d .git ]; then
cd "$(git rev-parse --show-toplevel)" cd "$(git rev-parse --show-toplevel)"
fi fi
if ! type npm > /dev/null if ! type yarn > /dev/null
then then
cat << EOF cat << EOF
npm is not installed, please install Node.js and npm. yarn is not installed, please install Node.js, npm and yarn.
Read more on Node.js official website: https://nodejs.org Read more on Node.js official website: https://nodejs.org
And for yarn package manager at: https://yarnpkg.com/en/
Setup will not be run Setup will not be run
EOF EOF
exit 0 exit 0
@ -27,17 +28,17 @@ if [ ! -f .sequelizerc ]; then
cp .sequelizerc.example .sequelizerc cp .sequelizerc.example .sequelizerc
fi fi
echo "install npm packages" echo "install packages"
BUILD_ASSETS=false npm install yarn install --pure-lockfile
yarn install --production=false --pure-lockfile
cat << EOF cat << EOF
Edit the following config file to setup hackmd server and client. Edit the following config file to setup CodiMD server and client.
Read more info at https://github.com/hackmdio/hackmd#configuration-files Read more info at https://github.com/codimd/server#configuration-files
* config.json -- server config * config.json -- CodiMD config
* public/js/config.js -- client config
* .sequelizerc -- db config * .sequelizerc -- db config
EOF EOF

View file

@ -6,33 +6,37 @@
} }
}, },
"development": { "development": {
"loglevel": "debug",
"hsts": { "hsts": {
"enable": false "enable": false
}, },
"db": { "db": {
"dialect": "sqlite", "dialect": "sqlite",
"storage": "./db.hackmd.sqlite" "storage": "./db.codimd.sqlite"
} }
}, },
"production": { "production": {
"domain": "localhost", "domain": "localhost",
"loglevel": "info",
"hsts": { "hsts": {
"enable": true, "enable": true,
"maxAgeSeconds": "31536000", "maxAgeSeconds": 31536000,
"includeSubdomains": true, "includeSubdomains": true,
"preload": true "preload": true
}, },
csp: { "csp": {
"enable": true, "enable": true,
"directives": { "directives": {
}, },
"upgradeInsecureRequests": "auto" "upgradeInsecureRequests": "auto",
"addDefaults": true "addDefaults": true,
"addDisqus": true,
"addGoogleAnalytics": true
}, },
"db": { "db": {
"username": "", "username": "",
"password": "", "password": "",
"database": "hackmd", "database": "codimd",
"host": "localhost", "host": "localhost",
"port": "5432", "port": "5432",
"dialect": "postgres" "dialect": "postgres"
@ -53,7 +57,8 @@
"baseURL": "change this", "baseURL": "change this",
"clientID": "change this", "clientID": "change this",
"clientSecret": "change this", "clientSecret": "change this",
"scope": "use 'read_user' scope for auth user only or remove this property if you need gitlab snippet import/export support (will result to be default scope 'api')" "scope": "use 'read_user' scope for auth user only or remove this property if you need gitlab snippet import/export support (will result to be default scope 'api')",
"version": "use 'v4' if gitlab version > 11, 'v3' otherwise. Default to 'v4'"
}, },
"mattermost": { "mattermost": {
"baseURL": "change this", "baseURL": "change this",
@ -74,11 +79,11 @@
"url": "ldap://change_this", "url": "ldap://change_this",
"bindDn": null, "bindDn": null,
"bindCredentials": null, "bindCredentials": null,
"tokenSecret": "change this",
"searchBase": "change this", "searchBase": "change this",
"searchFilter": "change this", "searchFilter": "change this",
"searchAttributes": ["change this"], "searchAttributes": ["change this"],
"usernameField": "change this e.g. uid", "usernameField": "change this e.g. cn",
"useridField": "change this e.g. uid",
"tlsOptions": { "tlsOptions": {
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback" "changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
} }
@ -88,6 +93,7 @@
"idpCert": "change: certificate file path of IdP in PEM format", "idpCert": "change: certificate file path of IdP in PEM format",
"issuer": "change or delete: identity of the service provider (default: serverurl)", "issuer": "change or delete: identity of the service provider (default: serverurl)",
"identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')", "identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')",
"disableRequestedAuthnContext": "change or delete: true to allow any authentication method, false restricts to password authentication method (default: false)",
"groupAttribute": "change or delete: attribute name for group list (ex: memberOf)", "groupAttribute": "change or delete: attribute name for group list (ex: memberOf)",
"requiredGroups": [ "change or delete: group names that allowed" ], "requiredGroups": [ "change or delete: group names that allowed" ],
"externalGroups": [ "change or delete: group names that not allowed" ], "externalGroups": [ "change or delete: group names that not allowed" ],
@ -112,6 +118,11 @@
"secretAccessKey": "change this", "secretAccessKey": "change this",
"region": "change this" "region": "change this"
}, },
"s3bucket": "change this" "s3bucket": "change this",
"azure":
{
"connectionString": "change this",
"container": "change this"
}
} }
} }

View file

@ -0,0 +1,154 @@
Configuration Using Config file
===
You can choose to configure CodiMD with either a config file or with
[environment variables](configuration-env-vars.md). The config file is processed
in [`lib/config/index.js`](../lib/config/index.js) - so this is the first
place to look if anything is missing not obvious from this document. The
default values are defined in [`lib/config/default.js`](../lib/config/default.js),
in case you wonder if you even need to override it.
Environment variables take precedence over configurations from the config files.
To get started, it is a good idea to take the `config.json.example` and copy it
to `config.json` before filling in your own details.
## Node.JS
| variables | example values | description |
| --------- | ------ | ----------- |
| `debug` | `true` or `false` | set debug mode, show more logs |
## CodiMD basics
| variables | example values | description |
| --------- | ------ | ----------- |
| `allowPDFExport` | `true` | Whether or not PDF export is offered. |
| `db` | `{ "dialect": "sqlite", "storage": "./db.codimd.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) |
| `dbURL` | `mysql://localhost:3306/database` | set the db URL; if set, then db config (below) won't be applied |
| `forbiddenNoteIDs` | `['robots.txt']` | disallow creation of notes, even if `allowFreeUrl` is `true` |
| `loglevel` | `info` | Defines what kind of logs are provided to stdout. |
| `imageUploadType` | `imgur`, `s3`, `minio`, `azure`, `lutim` or `filesystem`(default) | Where to upload images. For S3, see our Image Upload Guides for [S3](guides/s3-image-upload.md) or [Minio](guides/minio-image-upload.md)|
| `sourceURL` | `https://github.com/codimd/server/tree/<current commit>` | Provides the link to the source code of CodiMD on the entry page (Please, make sure you change this when you run a modified version) |
| `staticCacheTime` | `1 * 24 * 60 * 60 * 1000` | static file cache time |
| `tooBusyLag` | `70` | CPU time for one eventloop tick until node throttles connections. (milliseconds) |
| `heartbeatInterval` | `5000` | socket.io heartbeat interval |
| `heartbeatTimeout` | `10000` | socket.io heartbeat timeout |
| `documentMaxLength` | `100000` | note max length |
## CodiMD paths stuff
these are rarely used for various reasons.
| variables | example values | description |
| --------- | ------ | ----------- |
| `defaultNotePath` | `./public/default.md` | default note file path<sup>1</sup>, empty notes will be created with this template. |
| `dhParamPath` | `./cert/dhparam.pem` | SSL dhparam path<sup>1</sup> (only need when you set `useSSL`) |
| `sslCAPath` | `['./cert/COMODORSAAddTrustCA.crt']` | SSL ca chain<sup>1</sup> (only need when you set `useSSL`) |
| `sslCertPath` | `./cert/codimd_io.crt` | SSL cert path<sup>1</sup> (only need when you set `useSSL`) |
| `sslKeyPath` | `./cert/client.key` | SSL key path<sup>1</sup> (only need when you set `useSSL`) |
| `tmpPath` | `./tmp/` | temp directory path<sup>1</sup> |
| `docsPath` | `./public/docs` | docs directory path<sup>1</sup> |
| `viewPath` | `./public/views` | template directory path<sup>1</sup> |
| `uploadsPath` | `./public/uploads` | uploads directory<sup>1</sup> - needs to be persistent when you use imageUploadType `filesystem` |
## CodiMD Location
| variables | example values | description |
| --------- | ------ | ----------- |
| `domain` | `localhost` | domain name |
| `urlPath` | `codimd` | sub URL path, like `www.example.com/<urlpath>` |
| `host` | `localhost` | interface/ip to listen on |
| `port` | `80` | port to listen on |
| `path` | `/var/run/codimd.sock` | path to UNIX domain socket to listen on (if specified, `host` and `port` are ignored) |
| `protocolUseSSL` | `true` or `false` | set to use SSL protocol for resources path (only applied when domain is set) |
| `useSSL` | `true` or `false` | set to use SSL server (if `true`, will auto turn on `protocolUseSSL`) |
| `urlAddPort` | `true` or `false` | set to add port on callback URL (ports `80` or `443` won't be applied) (only applied when domain is set) |
| `allowOrigin` | `['localhost']` | domain name whitelist |
## CSP and HSTS
| variables | example values | description |
| --------- | ------ | ----------- |
| `hsts` | `{"enable": true, "maxAgeSeconds": 31536000, "includeSubdomains": true, "preload": true}` | [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) options to use with HTTPS (default is the example value, max age is a year) |
| `csp` | `{"enable": true, "directives": {"scriptSrc": "trustworthy-scripts.example.com"}, "upgradeInsecureRequests": "auto", "addDefaults": true}` | Configures [Content Security Policy](https://helmetjs.github.io/docs/csp/). Directives are passed to Helmet - see [their documentation](https://helmetjs.github.io/docs/csp/) for more information on the format. Some defaults are added to the configured values so that the application doesn't break. To disable this behaviour, set `addDefaults` to `false`. Further, if `usecdn` is on, some CDN locations are allowed too. By default (`auto`), insecure (HTTP) requests are upgraded to HTTPS via CSP if `useSSL` is on. To change this behaviour, set `upgradeInsecureRequests` to either `true` or `false`. |
## Privacy and External Requests
| variables | example values | description |
| --------- | ------ | ----------- |
| `allowGravatar` | `true` or `false` | set to `false` to disable gravatar as profile picture source on your instance |
| `useCDN` | `true` or `false` | set to use CDN resources or not (default is `true`) |
## Users and Privileges
| variables | example values | description |
| --------- | ------ | ----------- |
| `allowAnonymous` | `true` or `false` | set to allow anonymous usage (default is `true`) |
| `allowAnonymousEdits` | `true` or `false` | if `allowAnonymous` is `true`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) |
| `allowFreeURL` | `true` or `false` | set to allow new note creation by accessing a nonexistent note URL |
| `defaultPermission` | `freely`, `editable`, `limited`, `locked`, `protected` or `private` | set notes default permission (only applied on signed users) |
| `sessionName` | `connect.sid` | cookie session name |
| `sessionLife` | `14 * 24 * 60 * 60 * 1000` | cookie session life |
| `sessionSecret` | `secret` | cookie session secret | If none is set, one will randomly generated on each startup, meaning all your users will be logged out. |
## Login methods
Most of these have never been documented for the config.json, feel free to expand these
### Email (local account)
| variables | example values | description |
| --------- | ------ | ----------- |
| `email` | `true` or `false` | set to allow email signin |
| `allowEmailRegister` | `true` or `false` | set to allow email register (only applied when email is set, default is `true`. Note `bin/manage_users` might help you if registration is `false`.) |
### Dropbox Login
### Facebook Login
### GitHub Login
### GitLab Login
### Google Login
### LDAP Login
### Mattermost Login
### OAuth2 Login
| variables | example values | description |
| --------- | ------ | ----------- |
| `oauth2` | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details!|
### SAML Login
### Twitter Login
## Upload Storage
Most of these have never been documented for the config.json, feel free to expand these
### Amazon S3
| variables | example values | description |
| --------- | ------ | ----------- |
| `s3` | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION" }` | When `imageuploadtype` be set to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](guides/s3-image-upload.md) |
| `s3bucket` | `YOUR_S3_BUCKET_NAME` | bucket name when `imageUploadType` is set to `s3` or `minio` |
### Azure Blob Storage
### imgur
### Minio
| variables | example values | description |
| --------- | ------ | ----------- |
| `minio` | `{ "accessKey": "YOUR_MINIO_ACCESS_KEY", "secretKey": "YOUR_MINIO_SECRET_KEY", "endpoint": "YOUR_MINIO_HOST", port: 9000, secure: true }` | When `imageUploadType` is set to `minio`, you need to set this key. Also check out our [Minio Image Upload Guide](guides/minio-image-upload.md) |
### Lutim
| variables | example values | description |
| --------- | ------ | ----------- |
|`lutim`| `{"url": "YOUR_LUTIM_URL"}`| When `imageUploadType` is set to `lutim`, you can setup the lutim url|
<sup>1</sup>: relative paths are based on CodiMD's base directory

View file

@ -0,0 +1,256 @@
Configuration Using Environment variables
===
You can choose to configure CodiMD with either a
[config file](configuration-config-file.md) or with environment variables.
Environment variables are processed in
[`lib/config/environment.js`](../lib/config/environment.js) - so this is the first
place to look if anything is missing not obvious from this document. The
default values are defined in [`lib/config/default.js`](../lib/config/default.js),
in case you wonder if you even need to override it.
Environment variables take precedence over configurations from the config files.
They generally start with `CMD_` for our own options, but we also list
node-specific options you can configure this way.
## Node.JS
| variable | example value | description |
| -------- | ------------- | ----------- |
| `NODE_ENV` | `production` or `development` | set current environment (will apply corresponding settings in the `config.json`) |
| `DEBUG` | `true` or `false` | set debug mode; show more logs |
## CodiMD basics
defaultNotePath can't be set from env-vars
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_ALLOW_PDF_EXPORT` | `true` or `false` | Enable or disable PDF exports |
| `CMD_CONFIG_FILE` | `/path/to/config.json` | optional override for the path to CodiMD's config file |
| `CMD_DB_URL` | `mysql://localhost:3306/database` | set the database URL |
| `CMD_LOGLEVEL` | `info`, `debug` ... | Defines what kind of logs are provided to stdout. |
| `CMD_FORBIDDEN_NOTE_IDS` | `'robots.txt'` | disallow creation of notes, even if `CMD_ALLOW_FREEURL` is `true` |
| `CMD_IMAGE_UPLOAD_TYPE` | `imgur`, `s3`, `minio`, `lutim` or `filesystem` | Where to upload images. For S3, see our Image Upload Guides for [S3](guides/s3-image-upload.md) or [Minio](guides/minio-image-upload.md), also there's a whole section on their respective env vars below. |
| `CMD_SOURCE_URL` | `https://github.com/codimd/server/tree/<current commit>` | Provides the link to the source code of CodiMD on the entry page (Please, make sure you change this when you run a modified version) |
| `CMD_TOOBUSY_LAG` | `70` | CPU time for one eventloop tick until node throttles connections. (milliseconds) |
## CodiMD Location
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_DOMAIN` | `codimd.org` | domain name |
| `CMD_URL_PATH` | `codimd` | If CodiMD is run from a subdirectory like `www.example.com/<urlpath>` |
| `CMD_HOST` | `localhost` | interface/ip to listen on |
| `CMD_PORT` | `80` | port to listen on |
| `CMD_PATH` | `/var/run/codimd.sock` | path to UNIX domain socket to listen on (if specified, `CMD_HOST` and `CMD_PORT` are ignored) |
| `CMD_PROTOCOL_USESSL` | `true` or `false` | set to use SSL protocol for resources path (only applied when domain is set) |
| `CMD_URL_ADDPORT` | `true` or `false` | set to add port on callback URL (ports `80` or `443` won't be applied) (only applied when domain is set) |
| `CMD_ALLOW_ORIGIN` | `localhost, codimd.org` | domain name whitelist (use comma to separate) |
## CSP and HSTS
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_CSP_ENABLE` | `true` | whether to enable Content Security Policy (directives cannot be configured with environment variables) |
| `CMD_CSP_REPORTURI` | `https://<someid>.report-uri.com/r/d/csp/enforce` | Allows to add a URL for CSP reports in case of violations |
| `CMD_HSTS_ENABLE` | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
| `CMD_HSTS_INCLUDE_SUBDOMAINS` | `true` | set to include subdomains in HSTS (default is `true`) |
| `CMD_HSTS_MAX_AGE` | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
| `CMD_HSTS_PRELOAD` | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
## Privacy and External Requests
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_ALLOW_GRAVATAR` | `true` or `false` | set to `false` to disable gravatar as profile picture source on your instance |
| `CMD_USECDN` | `true` or `false` | set to use CDN resources or not|
## Users and Privileges
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_ALLOW_ANONYMOUS` | `true` or `false` | set to allow anonymous usage (default is `true`) |
| `CMD_ALLOW_ANONYMOUS_EDITS` | `true` or `false` | if `allowAnonymous` is `true`, allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`) |
| `CMD_ALLOW_FREEURL` | `true` or `false` | set to allow new note creation by accessing a nonexistent note URL |
| `CMD_DEFAULT_PERMISSION` | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) |
| `CMD_SESSION_LIFE` | `1209600000` | Session life time. (milliseconds) |
| `CMD_SESSION_SECRET` | no example | Secret used to sign the session cookie. If none is set, one will randomly generated on each startup, meaning all your users will be logged out. |
## Login methods
### Email (local account)
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_EMAIL` | `true` or `false` | set to allow email signin |
| `CMD_ALLOW_EMAIL_REGISTER` | `true` or `false` | set to allow email register (only applied when email is set, default is `true`. Note `bin/manage_users` might help you if registration is `false`.) |
### Dropbox Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_DROPBOX_CLIENTID` | no example | Dropbox API client id |
| `CMD_DROPBOX_CLIENTSECRET` | no example | Dropbox API client secret |
### Facebook Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_FACEBOOK_CLIENTID` | no example | Facebook API client id |
| `CMD_FACEBOOK_CLIENTSECRET` | no example | Facebook API client secret |
### GitHub Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_GITHUB_CLIENTID` | no example | GitHub API client id |
| `CMD_GITHUB_CLIENTSECRET` | no example | GitHub API client secret |
### GitLab Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_GITLAB_SCOPE` | `read_user` or `api` | GitLab API requested scope (default is `api`) (GitLab snippet import/export need `api` scope) |
| `CMD_GITLAB_BASEURL` | no example | GitLab authentication endpoint, set to use other endpoint than GitLab.com (optional) |
| `CMD_GITLAB_CLIENTID` | no example | GitLab API client id |
| `CMD_GITLAB_CLIENTSECRET` | no example | GitLab API client secret |
| `CMD_GITLAB_VERSION` | no example | GitLab API version (v3 or v4) |
### Google Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_GOOGLE_CLIENTID` | no example | Google API client id |
| `CMD_GOOGLE_CLIENTSECRET` | no example | Google API client secret |
### LDAP Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_LDAP_URL` | `ldap://example.com` | URL of LDAP server |
| `CMD_LDAP_BINDDN` | no example | bindDn for LDAP access |
| `CMD_LDAP_BINDCREDENTIALS` | no example | bindCredentials for LDAP access |
| `CMD_LDAP_SEARCHBASE` | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
| `CMD_LDAP_SEARCHFILTER` | `(uid={{username}})` | LDAP filter to search with |
| `CMD_LDAP_SEARCHATTRIBUTES` | `displayName, mail` | LDAP attributes to search with (use comma to separate) |
| `CMD_LDAP_USERIDFIELD` | `uidNumber` or `uid` or `sAMAccountName` | The LDAP field which is used uniquely identify a user on CodiMD |
| `CMD_LDAP_USERNAMEFIELD` | Fallback to userid | The LDAP field which is used as the username on CodiMD |
| `CMD_LDAP_TLS_CA` | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
| `CMD_LDAP_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the LDAP provider |
### Mattermost Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_MATTERMOST_BASEURL` | no example | Mattermost authentication endpoint for versions below 5.0. For Mattermost version 5.0 and above, see [guide](guides/auth/mattermost-self-hosted.md). |
| `CMD_MATTERMOST_CLIENTID` | no example | Mattermost API client id |
| `CMD_MATTERMOST_CLIENTSECRET` | no example | Mattermost API client secret |
### OAuth2 Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_OAUTH2_USER_PROFILE_URL` | `https://example.com` | where retrieve information about a user after succesful login. Needs to output JSON. (no default value) Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details on all of the `CMD_OAUTH2...` options. |
| `CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR` | `name` | where to find the username in the JSON from the user profile URL. (no default value)|
| `CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR` | `display-name` | where to find the display-name in the JSON from the user profile URL. (no default value) |
| `CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR` | `email` | where to find the email address in the JSON from the user profile URL. (no default value) |
| `CMD_OAUTH2_TOKEN_URL` | `https://example.com` | sometimes called token endpoint, please refer to the documentation of your OAuth2 provider (no default value) |
| `CMD_OAUTH2_AUTHORIZATION_URL` | `https://example.com` | authorization URL of your provider, please refer to the documentation of your OAuth2 provider (no default value) |
| `CMD_OAUTH2_CLIENT_ID` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) |
| `CMD_OAUTH2_CLIENT_SECRET` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) |
| `CMD_OAUTH2_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the oAuth2 provider |
### SAML Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_SAML_IDPSSOURL` | `https://idp.example.com/sso` | authentication endpoint of IdP. for details, see [guide](guides/auth/saml-onelogin.md). |
| `CMD_SAML_IDPCERT` | `/path/to/cert.pem` | certificate file path of IdP in PEM format |
| `CMD_SAML_ISSUER` | no example | identity of the service provider (optional, default: serverurl)" |
| `CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT` | `true` or `false` | true to allow any authentication method, false restricts to password authentication (PasswordProtectedTransport) method (default: false) |
| `CMD_SAML_IDENTIFIERFORMAT` | no example | name identifier format (optional, default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) |
| `CMD_SAML_GROUPATTRIBUTE` | `memberOf` | attribute name for group list (optional) |
| `CMD_SAML_REQUIREDGROUPS` | `codimd-users` | group names that allowed (use vertical bar to separate) (optional) |
| `CMD_SAML_EXTERNALGROUPS` | `Temporary-staff` | group names that not allowed (use vertical bar to separate) (optional) |
| `CMD_SAML_ATTRIBUTE_ID` | `sAMAccountName` | attribute map for `id` (optional, default: NameID of SAML response) |
| `CMD_SAML_ATTRIBUTE_USERNAME` | `mailNickname` | attribute map for `username` (optional, default: NameID of SAML response) |
| `CMD_SAML_ATTRIBUTE_EMAIL` | `mail` | attribute map for `email` (optional, default: NameID of SAML response if `CMD_SAML_IDENTIFIERFORMAT` is default) |
### Twitter Login
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_TWITTER_CONSUMERKEY` | no example | Twitter API consumer key |
| `CMD_TWITTER_CONSUMERSECRET` | no example | Twitter API consumer secret |
## Upload Storage
These are only relevant when they are also configured in sync with their
`CMD_IMAGE_UPLOAD_TYPE`. Also keep in mind, that `filesystem` is available, so
you don't have to use either of these.
### Amazon S3
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_S3_ACCESS_KEY_ID` | no example | AWS access key id |
| `CMD_S3_SECRET_ACCESS_KEY` | no example | AWS secret key |
| `CMD_S3_REGION` | `ap-northeast-1` | AWS S3 region |
| `CMD_S3_BUCKET` | no example | AWS S3 bucket name |
### Azure Blob Storage
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_AZURE_CONNECTION_STRING` | no example | Azure Blob Storage connection string |
| `CMD_AZURE_CONTAINER` | no example | Azure Blob Storage container name (automatically created if non existent) |
### imgur
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_IMGUR_CLIENTID` | no example | Imgur API client id |
### Minio
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_MINIO_ACCESS_KEY` | no example | Minio access key |
| `CMD_MINIO_SECRET_KEY` | no example | Minio secret key |
| `CMD_MINIO_ENDPOINT` | `minio.example.org` | Address of your Minio endpoint/instance |
| `CMD_MINIO_PORT` | `9000` | Port that is used for your Minio instance |
| `CMD_MINIO_SECURE` | `true` | If set to `true` HTTPS is used for Minio |
### Lutim
| variable | example value | description |
| -------- | ------------- | ----------- |
| `CMD_LUTIM_URL` | `https://framapic.org/` | When `CMD_IMAGE_UPLOAD_TYPE` is set to `lutim`, you can setup the lutim url |
**Note:** *Due to the rename process we renamed all `HMD_`-prefix variables to be `CMD_`-prefixed. The old ones continue to work.*
**Note:** *relative paths are based on CodiMD's base directory*

View file

@ -0,0 +1,57 @@
Developer Notes
===
## Preparing for running the code
**Notice:** *There's [specialised instructions for docker](../setup/docker.md) or [heroku](../setup/heroku.md), if you prefer running code this way!*
1. Clone the repository with `git clone https://github.com/codimd/server.git codimd-server`
(cloning is the preferred way, but you can also download and unzip a release)
2. Enter the directory and run `bin/setup`, which will install npm dependencies
and create configs. The setup script is written in Bash, you would need bash
as a prerequisite.
3. Setup the [config file](../configuration-config-file.md) or set up
[environment variables](../configuration-env-vars.md).
## Running the Code
Now that everything is in place, we can start CodiMD:
4. `npm run build` will build the frontend bundle. It uses webpack to do that.
5. Run the server with `node app.js`
## Running the Code with Auto-Reload
The commands above are fine for production, but you're a developer and surely
you want to change things. You would need to restart both commands whenever you
change something. Luckily, you can run these commands that will automatically
rebuild the frontend or restart the server if necessary.
The commands will stay active in your terminal, so you will need multiple tabs
to run both at the same time.
4. Use `npm run dev` if you want webpack to continuously rebuild the frontend
code.
5. To auto-reload the server, the easiest method is to install [nodemon](https://www.npmjs.com/package/nodemon)
and run `nodemon --watch app.js --watch lib --watch locales app.js`.
## Structure
The repository contains two parts: a server (backend) and a client (frontend).
most of the server code is in `/lib` and most of the client code is in `public`.
```text
codimd-server/
├── docs/ --- documentation
├── lib/ --- server code
├── test/ --- test suite
└── public/ --- client code
├── css/ --- css styles
├── docs/ --- default documents
├── js/ --- js scripts
├── vendor/ --- vendor includes
└── views/ --- view templates
```

14
docs/dev/ot.md Normal file
View file

@ -0,0 +1,14 @@
Operational Transformation
===
From 0.3.2, we started supporting operational transformation.
It makes concurrent editing safe and will not break up other users' operations.
Additionally, now can show other clients' selections.
See more at [https://operational-transformation.github.io/](https://operational-transformation.github.io/)
And even more in this 2010 article series:
* https://drive.googleblog.com/2010/09/whats-different-about-new-google-docs_21.html
* https://drive.googleblog.com/2010/09/whats-different-about-new-google-docs_22.html
* https://drive.googleblog.com/2010/09/whats-different-about-new-google-docs.html

33
docs/dev/webpack.md Normal file
View file

@ -0,0 +1,33 @@
Webpack
===
Webpack is a JavaScript build system for frontend code. You can find out all
about it on [the webpack website](https://webpack.js.org/).
Here's how we're using it:
## `webpack.common.js`
This file contains all common definition for chunks and plugins, that are needed by the whole app.
**TODO:** Document which entry points are used for what.
## `webpack.htmlexport.js`
Separate config for the "save as html" feature.
Packs all CSS from `public/js/htmlExport.js` to `build/html.min.css`.
This file is then downloaded by client-side JS and used to create the HTML.
See `exportToHTML()` in `public/js/extra.js`.
## `webpack.dev.js`
The development config uses both common configs, enables development mode and enables "cheap" source maps (lines only).
If you need more detailed source maps while developing, you might want to use the `source-maps` option.
See https://webpack.js.org/configuration/devtool/ for details.
## `webpack.prod.js`
The production config uses both common configs and enables production mode.
This automatically enables various optimizations (e.g. UglifyJS). See https://webpack.js.org/concepts/mode/ for details.
For the global app config, the name of the emitted chunks is changed to include the content hash.
See https://webpack.js.org/guides/caching/ on why this is a good idea.
For the HTML export config, CSS minification is enabled.

View file

@ -1,212 +0,0 @@
# Guide - Authentication
### Twitter
1. Sign-in or sign-up for a Twitter account
2. Go to the Twitter Application management page [here](https://apps.twitter.com/)
3. Click on the **Create New App** button to create a new Twitter app:
![create-twitter-app](images/auth/create-twitter-app.png)
4. Fill out the create application form, check the developer agreement box, and click **Create Your Twitter Application**
![register-twitter-application](images/auth/register-twitter-application.png)
*Note: you may have to register your phone number with Twitter to create a Twitter application*
To do this Click your profile icon --> Settings and privacy --> Mobile --> Select Country/region --> Enter phone number --> Click Continue
5. After you receive confirmation that the Twitter application was created, click **Keys and Access Tokens**
![twitter-app-confirmation](images/auth/twitter-app-confirmation.png)
6. Obtain your Twitter Consumer Key and Consumer Secret
![twitter-app-keys](images/auth/twitter-app-keys.png)
7. Add your Consumer Key and Consumer Secret to your config.json file or pass them as environment variables:
* config.json:
````javascript
{
"production": {
"twitter": {
"consumerKey": "esTCJFXXXXXXXXXXXXXXXXXXX",
"consumerSecret": "zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
}
}
````
* environment variables:
````
HMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX
HMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
````
### GitHub
1. Sign-in or sign-up for a GitHub account
2. Navigate to developer settings in your GitHub account [here](https://github.com/settings/developers) and select the "OAuth Apps" tab
3. Click on the **New OAuth App** button, to create a new OAuth App:
![create-oauth-app](images/auth/create-oauth-app.png)
4. Fill out the new OAuth application registration form, and click **Register Application**
![register-oauth-application-form](images/auth/register-oauth-application-form.png)
*Note: The callback URL is <your-hackmd-url>/auth/github/callback*
5. After successfully registering the application, you'll receive the Client ID and Client Secret for the application
![application-page](images/auth/application-page.png)
6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables
* config.json:
````javascript
{
"production": {
"github": {
"clientID": "3747d30eaccXXXXXXXXX",
"clientSecret": "2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX"
}
}
}
````
* environment variables:
````
HMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX
HMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX
````
### SAML (OneLogin)
1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks)
2. Go to the administration page.
3. Select the **APPS** menu and click on the **Add Apps**.
![onelogin-add-app](images/auth/onelogin-add-app.png)
4. Find "SAML Test Connector (SP)" for template of settings and select it.
![onelogin-select-template](images/auth/onelogin-select-template.png)
5. Edit display name and icons for OneLogin dashboard as you want, and click **SAVE**.
![onelogin-edit-app-name](images/auth/onelogin-edit-app-name.png)
6. After that other tabs will appear, click the **Configuration**, and fill out the below items, and click **SAVE**.
* RelayState: The base URL of your hackmd, which is issuer. (last slash is not needed)
* ACS (Consumer) URL Validator: The callback URL of your hackmd. (serverurl + /auth/saml/callback)
* ACS (Consumer) URL: same as above.
* Login URL: login URL(SAML requester) of your hackmd. (serverurl + /auth/saml)
![onelogin-edit-sp-metadata](images/auth/onelogin-edit-sp-metadata.png)
7. The registration is completed. Next, click **SSO** and copy or download the items below.
* X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A)
* SAML 2.0 Endpoint (HTTP): Copy the URL ....(B)
![onelogin-copy-idp-metadata](images/auth/onelogin-copy-idp-metadata.png)
8. In your hackmd server, create IdP certificate file from (A)
9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables.
* config.json:
````javascript
{
"production": {
"saml": {
"idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******",
"idpCert": "/path/to/idp_cert.pem"
}
}
}
````
* environment variables
````
HMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/******
HMD_SAML_IDPCERT=/path/to/idp_cert.pem
````
10. Try sign-in with SAML from your hackmd sign-in button or OneLogin dashboard (like the screenshot below).
![onelogin-use-dashboard](images/auth/onelogin-use-dashboard.png)
### SAML (Other cases)
The basic procedure is the same as the case of OneLogin which is mentioned above. If you want to match your IdP, you can use more configurations as below.
* If your IdP accepts metadata XML of the service provider to ease configuraion, use this url to download metadata XML.
* {{your-serverurl}}/auth/saml/metadata
* _Note: If not accessable from IdP, download to local once and upload to IdP._
* Change the value of `issuer`, `identifierFormat` to match your IdP.
* `issuer`: A unique id to identify the application to the IdP, which is the base URL of your HackMD as default
* `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below.
* urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default)
* urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
* config.json:
````javascript
{
"production": {
"saml": {
/* omitted */
"issuer": "myhackmd"
"identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
}
}
}
````
* environment variables
````
HMD_SAML_ISSUER=myhackmd
HMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
````
* Change mapping of attribute names to customize the displaying user name and email address to match your IdP.
* `attribute`: A dictionary to map attribute names
* `attribute.id`: A primary key of user table for your HackMD
* `attribute.username`: Attribute name of displaying user name on HackMD
* `attribute.email`: Attribute name of email address, which will be also used for Gravatar
* _Note: Default value of all attributes is NameID of SAML response, which is email address if `idfentifierFormat` is default._
* config.json:
````javascript
{
"production": {
"saml": {
/* omitted */
"attribute": {
"id": "sAMAccountName",
"username": "displayName",
"email": "mail"
}
}
}
}
````
* environment variables
````
HMD_SAML_ATTRIBUTE_ID=sAMAccountName
HMD_SAML_ATTRIBUTE_USERNAME=nickName
HMD_SAML_ATTRIBUTE_EMAIL=mail
````
* If you want to controll permission by group membership, add group attribute name and required group (allowed) or external group (not allowed).
* `groupAttribute`: An attribute name of group membership
* `requiredGroups`: Group names array for allowed access to HackMD. Use vertical bar to separate for environment variables.
* `externalGroups`: Group names array for not allowed access to HackMD. Use vertical bar to separate for environment variables.
* _Note: Evaluates `externalGroups` first_
* config.json:
````javascript
{
"production": {
"saml": {
/* omitted */
"groupAttribute": "memberOf",
"requiredGroups": [ "hackmd-users", "board-members" ],
"externalGroups": [ "temporary-staff" ]
}
}
}
````
* environment variables
````
HMD_SAML_GROUPATTRIBUTE=memberOf
HMD_SAML_REQUIREDGROUPS=hackmd-users|board-members
HMD_SAML_EXTERNALGROUPS=temporary-staff
````

View file

@ -0,0 +1,35 @@
Authentication guide - GitHub
===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
1. Sign-in or sign-up for a GitHub account
2. Navigate to developer settings in your GitHub account [here](https://github.com/settings/developers) and select the "OAuth Apps" tab
3. Click on the **New OAuth App** button, to create a new OAuth App:
![create-oauth-app](../../images/auth/create-oauth-app.png)
4. Fill out the new OAuth application registration form, and click **Register Application**
![register-oauth-application-form](../../images/auth/register-oauth-application-form.png)
**Note:** *The callback URL is <your-codimd-url>/auth/github/callback*
5. After successfully registering the application, you'll receive the Client ID and Client Secret for the application
![application-page](../../images/auth/application-page.png)
6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables
* `config.json`:
```js
{
"production": {
"github": {
"clientID": "3747d30eaccXXXXXXXXX",
"clientSecret": "2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX"
}
}
}
```
* environment variables:
```sh
CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX
CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX
````

View file

@ -0,0 +1,32 @@
GitLab (self-hosted)
===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
1. Sign in to your GitLab
2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required)
3. Click **New application** to create a new application and fill out the registration form:
![New GitLab application](../../images/auth/gitlab-new-application.png)
4. Click **Submit**
5. In the list of applications select **HackMD**. Leave that site open to copy the application ID and secret in the next step.
![Application: HackMD](../../images/auth/gitlab-application-details.png)
6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:`
```
- HMD_DOMAIN=your.codimd.domain
- HMD_URL_ADDPORT=443
- HMD_PROTOCOL_USESSL=true
- HMD_GITLAB_BASEURL=https://your.gitlab.domain
- HMD_GITLAB_CLIENTID=23462a34example99XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- HMD_GITLAB_CLIENTSECRET=5532e9dexamplXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
7. Run `docker-compose up -d` to apply your settings.
8. Sign in to your CodiMD using your GitLab ID:
![Sign in via GitLab](../../images/auth/gitlab-sign-in.png)

View file

@ -0,0 +1,50 @@
Keycloak/Red Hat SSO (self-hosted)
===
## Prerequisites
This guide assumes you have run and configured Keycloak. If you'd like to meet this prerequisite quickly, it can be achieved by running a `jboss/keycloak` container and attaching it to your network. Set the environment variables KEYCLOAK_USER and `KEYCLOAK_PASSWORD`, and expose port 8080.
Where HTTPS is specified throughout, use HTTP instead. You may also have to specify the exposed port, 8080.
## Steps
1. Sign in to the administration portal for your Keycloak instance at https://keycloak.example.com/auth/admin/master/console
You may note that a separate realm is specified throughout this tutorial. It is best practice not to use the master realm, as it normally contains the realm-management client that federates access using the policies and permissions you can create.
2. Navigate to the client management page at `https://keycloak.example.com/auth/admin/master/console/#/realms/your-realm/clients` (admin permissions required)
3. Click **Create** to create a new client and fill out the registration form. You should set the Root URL to the fully qualified public URL of your CodiMD instance.
4. Click **Save**
5. Set the **Access Type** of the client to `confidential`. This will make your client require a client secret upon authentication.
---
### Additional steps to circumvent generic OAuth2 issue:
1. Select Client Scopes from the sidebar, and begin to create a new client scope using the Create button.
2. Ensure that the **Name** field is set to `id`.
3. Create a new mapper under the Mappers tab. This should reference the User Property `id`. `Claim JSON Type` should be String and all switches below should be enabled. Save the mapper.
4. Go to the client you set up in the previous steps using the Clients page, then choose the Client Scopes tab. Apply the scope you've created. This should mitigate errors as seen in [codimd/server#56](https://github.com/codimd/server/issues/56), as the `/userinfo` endpoint should now bring back the user's ID under the `id` key as well as `sub`.
---
6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:`
```
CMD_OAUTH2_USER_PROFILE_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/userinfo
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
CMD_OAUTH2_TOKEN_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/token
CMD_OAUTH2_AUTHORIZATION_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/auth
CMD_OAUTH2_CLIENT_ID=<your client ID>
CMD_OAUTH2_CLIENT_SECRET=<your client secret, which you can find under the Credentials tab for your client>
CMD_OAUTH2_PROVIDERNAME=Keycloak
CMD_DOMAIN=<codimd.example.com>
CMD_PROTOCOL_USESSL=true
CMD_URL_ADDPORT=false
```
7. Run `docker-compose up -d` to apply your settings.
8. Sign in to your CodiMD using your Keycloak ID

View file

@ -0,0 +1,41 @@
AD LDAP auth
===
To setup your CodiMD instance with Active Directory you need the following configs:
```
CMD_LDAP_URL=ldap://internal.example.com
CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com
CMD_LDAP_BINDCREDENTIALS=<super secret password>
CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com
CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))
CMD_LDAP_USERIDFIELD=sAMAccountName
CMD_LDAP_PROVIDERNAME=Example Inc AD
```
`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.*
`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows).
*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))`
`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself.
`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page.
Same in json:
```json
"ldap": {
"url": "ldap://internal.example.com",
"bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com",
"bindCredentials": "<super secret password>",
"searchBase": "dc=internal,dc=example,dc=com",
"searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))",
"useridField": "sAMAccountName",
},
```
More details and example: https://www.npmjs.com/package/passport-ldapauth

View file

@ -0,0 +1,54 @@
Authentication guide - Mattermost (self-hosted)
===
**Note:** *The Mattermost setup portion of this document is just a quick guide. See the [official documentation](https://docs.mattermost.com/developer/oauth-2-0-applications.html) for more details.*
This guide uses the generic OAuth2 module for compatibility with Mattermost version 5.0 and above.
1. Sign-in with an administrator account to your Mattermost instance
2. Make sure **OAuth 2.0 Service Provider** is enabled in the Main Menu (menu button next to your username in the top left corner) --> System Console --> Custom Integrations menu, which you can find at `https://your.mattermost.domain/admin_console/integrations/custom`
![mattermost-enable-oauth2](../../images/auth/mattermost-enable-oauth2.png)
3. Navigate to the OAuth integration settings through Main Menu --> Integrations --> OAuth 2.0 Applications, at `https://your.mattermost.domain/yourteam/integrations/oauth2-apps`
4. Click on the **Add OAuth 2.0 Application** button to add a new OAuth application
![mattermost-oauth-app-add](../../images/auth/mattermost-oauth-app-add.png)
5. Fill out the form and click **Save**
![mattermost-oauth-app-form](../../images/auth/mattermost-oauth-app-form.png)
*Note: The callback URL is \<your-codimd-url\>/auth/oauth2/callback*
6. After saving the application, you'll receive the Client ID and Client Secret
![mattermost-oauth-app-done](../../images/auth/mattermost-oauth-app-done.png)
7. Add the Client ID and Client Secret to your config.json file or pass them as environment variables
* `config.json`:
```javascript
{
"production": {
"oauth2": {
"baseURL": "https://your.mattermost.domain",
"userProfileURL": "https://your.mattermost.domain/api/v4/users/me",
"userProfileUsernameAttr": "id",
"userProfileDisplayNameAttr": "username",
"userProfileEmailAttr": "email",
"tokenURL": "https://your.mattermost.domain/oauth/access_token",
"authorizationURL": "https://your.mattermost.domain/oauth/authorize",
"clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX",
"clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX"
}
}
}
```
* environment variables:
```sh
CMD_OAUTH2_BASEURL=https://your.mattermost.domain
CMD_OAUTH2_USER_PROFILE_URL=https://your.mattermost.domain/api/v4/users/me
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=id
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=username
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
CMD_OAUTH2_TOKEN_URL=https://your.mattermost.domain/oauth/access_token
CMD_OAUTH2_AUTHORIZATION_URL=https://your.mattermost.domain/oauth/authorize
CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX
CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX
```

View file

@ -0,0 +1,52 @@
Authentication guide - Nextcloud (self-hosted)
===
*This has been constructed using the [Nextcloud OAuth2 Documentation](https://docs.nextcloud.com/server/14/admin_manual/configuration_server/oauth2.html?highlight=oauth2) combined with [this issue comment on the nextcloud bugtracker](https://github.com/nextcloud/server/issues/5694#issuecomment-314761326).*
This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 and above (this guide has been tested successfully with Nextcloud 14).
1. Sign-in with an administrator account to your Nextcloud server
2. Navigate to the OAuth integration settings: Profile Icon (top right) --> Settings
Then choose Security Settings from the *Administration* part of the list - Don't confuse this with Personal Security Settings, where you would change your personal password!
At the top there's OAuth 2.0-Clients.
![Where to find OAuth2 in Nextcloud](../../images/auth/nextcloud-oauth2-1-settings.png)
3. Add your CodiMD instance by giving it a *name* (perhaps CodiMD, but could be anything) and a *Redirection-URI*. The Redirection-URI will be `\<your-codimd-url\>/auth/oauth2/callback`. Click <kbd>Add</kbd>.
![Adding a client to Nextcloud](../../images/auth/nextcloud-oauth2-2-client-add.png)
4. You'll now see a line containing a *client identifier* and a *Secret*.
![Successfully added OAuth2-client](../../images/auth/nextcloud-oauth2-3-clientid-secret.png)
5. That's it for Nextcloud, the rest is configured in your CodiMD `config.json` or via the `CMD_` environment variables!
6. Add the Client ID and Client Secret to your `config.json` file or pass them as environment variables. Make sure you also replace `<your-nextcloud-domain>` with the right domain name.
* `config.json`:
```javascript
{
"production": {
"oauth2": {
"clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX",
"clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX",
"authorizationURL": "https://<your-nextcloud-domain>/apps/oauth2/authorize",
"tokenURL": "https://<your-nextcloud-domain>/apps/oauth2/api/v1/token",
"userProfileURL": "https://<your-nextcloud-domain>/ocs/v2.php/cloud/user?format=json",
"userProfileUsernameAttr": "ocs.data.id",
"userProfileDisplayNameAttr": "ocs.data.display-name",
"userProfileEmailAttr": "ocs.data.email"
}
}
}
```
* environment variables:
```sh
CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX
CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX
CMD_OAUTH2_AUTHORIZATION_URL=https://<your-nextcloud-domain>/apps/oauth2/authorize
CMD_OAUTH2_TOKEN_URL=https://<your-nextcloud-domain>/apps/oauth2/api/v1/token
CMD_OAUTH2_USER_PROFILE_URL=https://<your-nextcloud-domain>/ocs/v2.php/cloud/user?format=json
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
```

12
docs/guides/auth/oauth.md Normal file
View file

@ -0,0 +1,12 @@
# OAuth general information
| service | callback URL (after the server URL) |
| ------- | --------- |
| facebook | `/auth/facebook/callback` |
| twitter | `/auth/twitter/callback` |
| github | `/auth/github/callback` |
| gitlab | `/auth/gitlab/callback` |
| mattermost | `/auth/mattermost/callback` |
| dropbox | `/auth/dropbox/callback` |
| google | `/auth/google/callback` |
| saml | `/auth/saml/callback` |

View file

@ -0,0 +1,48 @@
Authentication guide - SAML (OneLogin)
===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks)
2. Go to the administration page.
3. Select the **APPS** menu and click on the **Add Apps**.
![onelogin-add-app](../../images/auth/onelogin-add-app.png)
4. Find "SAML Test Connector (SP)" for template of settings and select it.
![onelogin-select-template](../../images/auth/onelogin-select-template.png)
5. Edit display name and icons for OneLogin dashboard as you want, and click **SAVE**.
![onelogin-edit-app-name](../../images/auth/onelogin-edit-app-name.png)
6. After that other tabs will appear, click the **Configuration**, and fill out the below items, and click **SAVE**.
* RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed)
* ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback)
* ACS (Consumer) URL: same as above.
* Login URL: login URL(SAML requester) of your CopiMD. (serverurl + /auth/saml)
![onelogin-edit-sp-metadata](../../images/auth/onelogin-edit-sp-metadata.png)
7. The registration is completed. Next, click **SSO** and copy or download the items below.
* X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A)
* SAML 2.0 Endpoint (HTTP): Copy the URL ....(B)
![onelogin-copy-idp-metadata](../../images/auth/onelogin-copy-idp-metadata.png)
8. In your CodiMD server, create IdP certificate file from (A)
9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables.
* `config.json`:
```javascript
{
"production": {
"saml": {
"idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******",
"idpCert": "/path/to/idp_cert.pem"
}
}
}
```
* environment variables
```sh
CMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/******
CMD_SAML_IDPCERT=/path/to/idp_cert.pem
```
10. Try sign-in with SAML from your CodiMD sign-in button or OneLogin dashboard (like the screenshot below).
![onelogin-use-dashboard](../../images/auth/onelogin-use-dashboard.png)

85
docs/guides/auth/saml.md Normal file
View file

@ -0,0 +1,85 @@
Authentication guide - SAML
===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below.
* If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML.
* {{your-serverurl}}/auth/saml/metadata
* _Note: If not accessible from IdP, download to local once and upload to IdP._
* Change the value of `issuer`, `identifierFormat` to match your IdP.
* `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default
* `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below.
* urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default)
* urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
* `config.json`:
```javascript
{
"production": {
"saml": {
/* omitted */
"issuer": "mycodimd"
"identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
}
}
}
```
* environment variables
```
CMD_SAML_ISSUER=mycodimd
CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
```
* Change mapping of attribute names to customize the displaying user name and email address to match your IdP.
* `attribute`: A dictionary to map attribute names
* `attribute.id`: A primary key of user table for your CodiMD
* `attribute.username`: Attribute name of displaying user name on CodiMD
* `attribute.email`: Attribute name of email address, which will be also used for Gravatar
* _Note: Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default._
* `config.json`:
```javascript
{
"production": {
"saml": {
/* omitted */
"attribute": {
"id": "sAMAccountName",
"username": "displayName",
"email": "mail"
}
}
}
}
```
* environment variables
```sh
CMD_SAML_ATTRIBUTE_ID=sAMAccountName
CMD_SAML_ATTRIBUTE_USERNAME=nickName
CMD_SAML_ATTRIBUTE_EMAIL=mail
```
* If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed).
* `groupAttribute`: An attribute name of group membership
* `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables.
* `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables.
* _Note: Evaluates `externalGroups` first_
* `config.json`:
```javascript
{
"production": {
"saml": {
/* omitted */
"groupAttribute": "memberOf",
"requiredGroups": [ "codimd-users", "board-members" ],
"externalGroups": [ "temporary-staff" ]
}
}
}
```
* environment variables
```sh
CMD_SAML_GROUPATTRIBUTE=memberOf
CMD_SAML_REQUIREDGROUPS=codimd-users|board-members
CMD_SAML_EXTERNALGROUPS=temporary-staff
```

View file

@ -0,0 +1,40 @@
Authentication guide - Twitter
===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
1. Sign-in or sign-up for a Twitter account
2. Go to the Twitter Application management page [here](https://apps.twitter.com/)
3. Click on the **Create New App** button to create a new Twitter app:
![create-twitter-app](../../images/auth/create-twitter-app.png)
4. Fill out the create application form, check the developer agreement box, and click **Create Your Twitter Application**
![register-twitter-application](../../images/auth/register-twitter-application.png)
*Note: you may have to register your phone number with Twitter to create a Twitter application*
To do this Click your profile icon --> Settings and privacy --> Mobile --> Select Country/region --> Enter phone number --> Click Continue
5. After you receive confirmation that the Twitter application was created, click **Keys and Access Tokens**
![twitter-app-confirmation](../../images/auth/twitter-app-confirmation.png)
6. Obtain your Twitter Consumer Key and Consumer Secret
![twitter-app-keys](../../images/auth/twitter-app-keys.png)
7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables:
* `config.json`:
```javascript
{
"production": {
"twitter": {
"consumerKey": "esTCJFXXXXXXXXXXXXXXXXXXX",
"consumerSecret": "zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
}
}
```
* environment variables:
```sh
CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX
CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```

View file

@ -0,0 +1,131 @@
Pad migration guide from etherpad-lite
===
The goal of this migration is to do a "dumb" import from all the pads in Etherpad, to notes in
CodiMD. In particular, the url locations of the pads in Etherpad will be lost. Furthermore, any
metadata in Etherpad, such as revisions, author data and also formatted text will not be migrated
to CodiMD (only the plain text contents).
Note that this guide is not really meant as a support guide. I migrated my own Etherpad to CodiMD,
and it turned out to be quite easy in my opinion. In this guide I share my experience. Stuff may
require some creativity to work properly in your case. When I wrote this guide, I was using
[Etherpad 1.7.0] and [CodiMD 1.2.1]. Good luck!
[Etherpad 1.7.0]: https://github.com/ether/etherpad-lite/tree/1.7.0
[CodiMD 1.2.1]: https://github.com/codimd/server/tree/1.2.1
## 0. Requirements
- `curl`
- running Etherpad server
- running CodiMD server
- [codimd-cli]
[codimd-cli]: https://github.com/codimd/cli/blob/master/bin/codimd
## 1. Retrieve the list of pads
First, compose a list of all the pads that you want to have migrated from your Etherpad. Other than
the admin interface, Etherpad does not have a dedicated function to dump a list of all the pads.
However, the Etherpad wiki explains how to list all the pads by [talking directly to the
database][howtolistallpads].
You will end up with a file containing a pad name on each line:
```
date-ideas
groceries
london
weddingchecklist
(...)
```
[howtolistallpads]: https://github.com/ether/etherpad-lite/wiki/How-to-list-all-pads/49701ecdcbe07aea7ad27ffa23aed0d99c2e17db
## 2. Run the migration
Download [codimd-cli] and put the script in the same directory as the file containing the pad names.
Add to this directory the file listed below, I called it `migrate-etherpad.sh`. Modify at least the
configuration settings `ETHERPAD_SERVER` and `CODIMD_SERVER`.
```shell
#!/bin/sh
# migrate-etherpad.sh
#
# Description: Migrate pads from etherpad to codimd
# Author: Daan Sprenkels <hello@dsprenkels.com>
# This script uses the codimd command line script[1] to import a list of pads from
# [1]: https://github.com/codimd/cli/blob/master/bin/codimd
# The base url to where etherpad is hosted
ETHERPAD_SERVER="https://etherpad.example.com"
# The base url where codimd is hosted
CODIMD_SERVER="https://codimd.example.com"
# Write a list of pads and the urls which they were migrated to
REDIRECTS_FILE="redirects.txt"
# Fail if not called correctly
if (( $# != 1 )); then
echo "Usage: $0 PAD_NAMES_FILE"
exit 2
fi
# Do the migration
for PAD_NAME in $1; do
# Download the pad
PAD_FILE="$(mktemp)"
curl "$ETHERPAD_SERVER/p/$PAD_NAME/export/txt" >"$PAD_FILE"
# Import the pad into codimd
OUTPUT="$(./codimd import "$PAD_FILE")"
echo "$PAD_NAME -> $OUTPUT" >>"$REDIRECTS_FILE"
done
```
Call this file like this:
```shell
./migrate-etherpad.sh pad_names.txt
```
This will download all the pads in `pad_names.txt` and put them on CodiMD. They will get assigned
random ids, so you won't be able to find them. The script will save the mappings to a file though
(in my case `redirects.txt`). You can use this file to redirect your users when they visit your
etherpad using a `301 Permanent Redirect` status code (see the next section).
## 3. Setup redirects (optional)
I got a `redirects.txt` file that looked a bit like this:
```
date-ideas -> Found. Redirecting to https://codimd.example.com/mPt0KfiKSBOTQ3mNcdfn
groceries -> Found. Redirecting to https://codimd.example.com/UukqgwLfhYyUUtARlcJ2_y
london -> Found. Redirecting to https://codimd.example.com/_d3wa-BE8t4Swv5w7O2_9R
weddingchecklist -> Found. Redirecting to https://codimd.example.com/XcQGqlBjl0u40wfT0N8TzQ
(...)
```
Using some `sed` magic, I changed it to an nginx config snippet:
```
location = /p/date-ideas {
return 301 https://codimd.example.com/mPt0M1KfiKSBOTQ3mNcdfn;
}
location = /p/groceries {
return 301 https://codimd.example.com/UukqgwLfhYyUUtARlcJ2_y;
}
location = /p/london {
return 301 https://codimd.example.com/_d3wa-BE8t4Swv5w7O2_9R;
}
location = /p/weddingchecklist {
return 301 https://codimd.example.com/XcQGqlBjl0u40wfT0N8TzQ;
}
```
I put this file into my `etherpad.example.com` nginx config, such that all the users would be
redirected accordingly.

View file

@ -0,0 +1,56 @@
Migrations and Notable Changes
===
## Migrating to 1.4.0
We dropped support for node 6 with this version. If you have any trouble running this version, please double check that you are running at least node 8!
## Migrating to 1.3.2
This is not a breaking change, but to stay up to date with the community
repository, you may need to update a few urls. This is not a breaking change.
See more at [issue #10](https://github.com/codimd/server/issues/10)
**Native setup using git:**
Change the upstream remote using `git remote set-url origin https://github.com/codimd/server.git`.
**Docker:**
When you use our [container repository](https://github.com/codimd/container)
(which was previously `codimd-container`) all you can simply run `git pull` and
your `docker-compose.yml` will be updated.
When you setup things yourself, make sure you use the new image:
[`quay.io/codimd/server`](https://quay.io/repository/codimd/server?tab=tags).
**Heroku:**
All you need to do is [disconnect GitHub](https://devcenter.heroku.com/articles/github-integration#disconnecting-from-github)
and [reconnect it](https://devcenter.heroku.com/articles/github-integration#enabling-github-integration)
with this new repository.
Or you can use our Heroku button and redeploy your instance and link the old
database again.
## Migrating to 1.1.0
We deprecated the older lower case config style and moved on to camel case style. Please have a look at the current `config.json.example` and check the warnings on startup.
*Notice: This is not a breaking change right now but will be in the future*
## Migrating to 0.5.0
[migration-to-0.5.0 migration tool](https://github.com/hackmdio/migration-to-0.5.0)
We don't use LZString to compress socket.io data and DB data after version 0.5.0.
Please run the migration tool if you're upgrading from the old version.
## Migrating to 0.4.0
[migration-to-0.4.0 migration tool](https://github.com/hackmdio/migration-to-0.4.0)
We've dropped MongoDB after version 0.4.0.
So here is the migration tool for you to transfer the old DB data to the new DB.
This tool is also used for official service.

View file

@ -1,13 +1,15 @@
Minio Guide for HackMD Minio Guide for CodiMD
=== ===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
1. First of all you need to setup Minio itself. 1. First of all you need to setup Minio itself.
Please refer to the [official Minio docs](https://docs.minio.io/) for an Please refer to the [official Minio docs](https://docs.minio.io/) for an
production setup. production setup.
For checking it out and development purposes a non-persistent setup is enough: For checking it out and development purposes a non-persistent setup is enough:
```console ```sh
docker run --name test-minio --rm -d -p 9000:9000 minio/minio server /data docker run --name test-minio --rm -d -p 9000:9000 minio/minio server /data
``` ```
@ -16,29 +18,29 @@ Minio Guide for HackMD
2. Next step is to get the credentials form the container: 2. Next step is to get the credentials form the container:
``` ```sh
docker logs test-minio docker logs test-minio
``` ```
![docker logs](images/minio-image-upload/docker-logs.png) ![docker logs](../images/minio-image-upload/docker-logs.png)
3. Open http://localhost:9000 and login with the shown credentials. 3. Open http://localhost:9000 and login with the shown credentials.
![minio default view](images/minio-image-upload/default-view.png) ![minio default view](../images/minio-image-upload/default-view.png)
4. Create a bucket for HackMD 4. Create a bucket for CodiMD
![minio create bucket](images/minio-image-upload/create-bucket.png) ![minio create bucket](../images/minio-image-upload/create-bucket.png)
5. Add a policy for the prefix `uploads` and make it read-only. 5. Add a policy for the prefix `uploads` and make it read-only.
![minio edit policy](images/minio-image-upload/open-edit-policy.png) ![minio edit policy](../images/minio-image-upload/open-edit-policy.png)
*Open policy editor* *Open policy editor*
![minio policy adding](images/minio-image-upload/create-policy.png) ![minio policy adding](../images/minio-image-upload/create-policy.png)
*Add policy for uploads* *Add policy for uploads*
6. Set credentials and configs for Minio in HackMD's `config.json` 6. Set credentials and configs for Minio in CodiMD's `config.json`
```JSON ```JSON
"minio": { "minio": {
@ -56,13 +58,13 @@ Minio Guide for HackMD
7. Set bucket name 7. Set bucket name
```JSON ```JSON
"s3bucket": "hackmd" "s3bucket": "codimd"
``` ```
8. Set upload type. 8. Set upload type.
```JSON ```JSON
"imageUploadType": "minio" "imageuploadtype": "minio"
``` ```
9. Review your config. 9. Review your config.
@ -77,7 +79,7 @@ Minio Guide for HackMD
"port": 9000, "port": 9000,
"secure": false "secure": false
}, },
"s3bucket": "hackmd", "s3bucket": "codimd",
"imageUploadType": "minio" "imageuploadtype": "minio"
} }
``` ```

View file

@ -0,0 +1,17 @@
Setup your terms of use
===
To setup your terms of use, you need to provide a document called `terms-of-use.md` which contains them. Of course written in Markdown.
It has to be provided under `./public/docs/` and will be automatically turned into a CodiMD document. It will also automatically updated as soon as you change the document on disk.
As soon as the file exists a link will show up in the bottom part along with the release notes and link to them.
Setup your privacy policy
===
To add a privacy policy you can use the same technique as for the terms of use. The main difference is that the document is called `privacy.md`.
See our example file `./public/docs/privacy.md.example` container some useful hints for writing your own privacy policy.
As with the terms of use, a link to the privacy notices will show up in the area where the release notes are provided on the index page.

View file

@ -1,16 +1,19 @@
# Guide - Setup HackMD S3 image upload Guide - Setup CodiMD S3 image upload
===
**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*
1. Go to [AWS S3 console](https://console.aws.amazon.com/s3/home) and create a new bucket. 1. Go to [AWS S3 console](https://console.aws.amazon.com/s3/home) and create a new bucket.
![create-bucket](images/s3-image-upload/create-bucket.png) ![create-bucket](../images/s3-image-upload/create-bucket.png)
2. Click on bucket, select **Properties** on the side panel, and find **Permission** section. Click **Edit bucket policy**. 2. Click on bucket, select **Properties** on the side panel, and find **Permission** section. Click **Edit bucket policy**.
![bucket-property](images/s3-image-upload/bucket-property.png) ![bucket-property](../images/s3-image-upload/bucket-property.png)
3. Enter the following policy, replace `bucket_name` with your bucket name: 3. Enter the following policy, replace `bucket_name` with your bucket name:
![bucket-policy-editor](images/s3-image-upload/bucket-policy-editor.png) ![bucket-policy-editor](../images/s3-image-upload/bucket-policy-editor.png)
```json ```json
{ {
@ -30,15 +33,15 @@
5. Enter user page, select **Permission** tab, look at **Inline Policies** section, and click **Create User Policy** 5. Enter user page, select **Permission** tab, look at **Inline Policies** section, and click **Create User Policy**
![iam-user](images/s3-image-upload/iam-user.png) ![iam-user](../images/s3-image-upload/iam-user.png)
6. Select **Custom Policy** 6. Select **Custom Policy**
![custom-policy](images/s3-image-upload/custom-policy.png) ![custom-policy](../images/s3-image-upload/custom-policy.png)
7. Enter the following policy, replace `bucket_name` with your bucket name: 7. Enter the following policy, replace `bucket_name` with your bucket name:
![review-policy](images/s3-image-upload/review-policy.png) ![review-policy](../images/s3-image-upload/review-policy.png)
```json ```json
{ {
@ -63,7 +66,7 @@
{ {
"production": { "production": {
... ...
"imageUploadType": "s3", "imageuploadtype": "s3",
"s3": { "s3": {
"accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "accessKeyId": "YOUR_S3_ACCESS_KEY_ID",
"secretAccessKey": "YOUR_S3_ACCESS_KEY", "secretAccessKey": "YOUR_S3_ACCESS_KEY",
@ -74,7 +77,7 @@
} }
``` ```
9. In additional to edit `config.json` directly, you could also try [environment variable](https://github.com/hackmdio/hackmd#environment-variables-will-overwrite-other-server-configs). 9. In additional to edit `config.json` directly, you could also try [environment variables](../configuration-env-vars.md).
## Related Tools ## Related Tools

40
docs/history.md Normal file
View file

@ -0,0 +1,40 @@
History of CodiMD
===
## It started with HackMD
HackMD is the origin of this project, which was mostly developed by Max Wu and
Yukai Huang. Originally, this was open source under MIT license, but was
[relicensed in October 2017 to be AGPLv3](https://github.com/hackmdio/codimd/pull/578).
At the same time, [hackmd.io](https://hackmd.io) was founded to offer a
commercial version of HackMD.
The AGPLv3-version was developed and released by the community, this was for a
while referred to as "HackMD community edition".
*For more on the splitting of the projects, please refer to [A note to our community (2017-10-11)](https://hackmd.io/c/community-news/https%3A%2F%2Fhackmd.io%2Fs%2Fr1_4j9_hZ).*
## HackMD CE became CodiMD
In June 2018, CodiMD was renamed from its former name "HackMD" and continued to
be developed under AGPLv3 by the community. We decided to change the name to
break the confusion between HackMD (enterprise offering) and CodiMD (community
project), as people mistook it for an open core development model.
*For the whole renaming story, see the [issue where the renaming was discussed](https://github.com/hackmdio/hackmd/issues/720).*
## CodiMD went independent
In March 2019, a discussion over licensing, governance and the future of CodiMD
lead to the formation of a distinct GitHub organization. Up to that point, the
community project resided in the organization of hackmdio but was for the most
part self-organized.
During that debate, we did not reach an agreement that would have allowed us to
move the repository, so we simply forked it. We still welcome the HackMD team
as part of our community, especially since a large portion of this code base
originated with them.
*For the debate that lead to this step, please refer to the [governance debate](https://github.com/hackmdio/hackmd/issues/1170) and [the announcement of the new repository](https://github.com/codimd/server/issues/10).*

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

View file

Before

Width:  |  Height:  |  Size: 120 KiB

After

Width:  |  Height:  |  Size: 120 KiB

View file

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

View file

Before

Width:  |  Height:  |  Size: 113 KiB

After

Width:  |  Height:  |  Size: 113 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 31 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 46 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

View file

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

View file

Before

Width:  |  Height:  |  Size: 234 KiB

After

Width:  |  Height:  |  Size: 234 KiB

View file

Before

Width:  |  Height:  |  Size: 120 KiB

After

Width:  |  Height:  |  Size: 120 KiB

View file

Before

Width:  |  Height:  |  Size: 180 KiB

After

Width:  |  Height:  |  Size: 180 KiB

View file

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 72 KiB

View file

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

View file

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 60 KiB

View file

Before

Width:  |  Height:  |  Size: 198 KiB

After

Width:  |  Height:  |  Size: 198 KiB

View file

Before

Width:  |  Height:  |  Size: 187 KiB

After

Width:  |  Height:  |  Size: 187 KiB

View file

Before

Width:  |  Height:  |  Size: 159 KiB

After

Width:  |  Height:  |  Size: 159 KiB

View file

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

View file

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 21 KiB

View file

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

View file

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 72 KiB

View file

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

View file

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 53 KiB

View file

Before

Width:  |  Height:  |  Size: 70 KiB

After

Width:  |  Height:  |  Size: 70 KiB

View file

Before

Width:  |  Height:  |  Size: 69 KiB

After

Width:  |  Height:  |  Size: 69 KiB

View file

Before

Width:  |  Height:  |  Size: 54 KiB

After

Width:  |  Height:  |  Size: 54 KiB

View file

Before

Width:  |  Height:  |  Size: 89 KiB

After

Width:  |  Height:  |  Size: 89 KiB

View file

Before

Width:  |  Height:  |  Size: 98 KiB

After

Width:  |  Height:  |  Size: 98 KiB

6
docs/setup/cloudron.md Normal file
View file

@ -0,0 +1,6 @@
Cloudron
===
Install CodiMD on [Cloudron](https://cloudron.io):
[![Install](https://cloudron.io/img/button.svg)](https://cloudron.io/button.html?app=io.hackmd.cloudronapp)

View file

@ -0,0 +1,14 @@
LinuxServer.io CodiMD Image
===
[![LinuxServer.io Discord](https://img.shields.io/discord/354974912613449730.svg?logo=discord&label=LSIO%20Discord&style=flat-square)](https://discord.gg/YWrKVTn)[![container version badge](https://images.microbadger.com/badges/version/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")[![container image size badge](https://images.microbadger.com/badges/image/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/codimd.svg)![Docker Stars](https://img.shields.io/docker/stars/linuxserver/codimd.svg)[![Build Status](https://ci.linuxserver.io/buildStatus/icon?job=Docker-Pipeline-Builders/docker-codimd/master)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-codimd/job/master/)[![LinuxServer.io CI summary](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/badge.svg)](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/index.html)
[LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf which supports PDF export from all architectures using [PhantomJS](https://phantomjs.org/).
- It supports all the environment variables detailed in the [configuration documentation](../configuration-env-vars.md) to modify it according to your needs.
- It gets rebuilt on new releases from CodiMD and also weekly if necessary to update any other package changes in the underlying container, making it easy to keep your CodiMD instance up to date.
- It also details how to easily [utilize Docker networking to reverse proxy](https://github.com/linuxserver/docker-codimd/#application-setup) CodiMD using their [LetsEncrypt docker image](https://github.com/linuxserver/docker-letsencrypt)
In order to contribute check the LinuxServer.io [GitHub repository](https://github.com/linuxserver/docker-codimd/) for CodiMD.
And to find all tags and versions of the image, check the [Docker Hub repository](https://hub.docker.com/r/linuxserver/codimd).

23
docs/setup/docker.md Normal file
View file

@ -0,0 +1,23 @@
CodiMD Docker Image
===
[![Try in PWD](https://cdn.rawgit.com/play-with-docker/stacks/cff22438/assets/images/button.png)](http://play-with-docker.com?stack=https://github.com/codimd/container/raw/master/docker-compose.yml&stack_name=codimd)
**Debian-based version:**
[![Docker Repository on Quay](https://quay.io/repository/codimd/server/status "Docker Repository on Quay")](https://quay.io/repository/codimd/server)
**Alpine-based version:**
[![Docker Repository on Quay](https://quay.io/repository/codimd/server/status "Docker Repository on Quay")](https://quay.io/repository/codimd/server)
The easiest way to setup CodiMD using docker are using the following three commands:
```sh
git clone https://github.com/codimd/container.git codimd-container
cd codimd-container
docker-compose up
```
Read more about it in the [container repository](https://github.com/codimd/container).

7
docs/setup/heroku.md Normal file
View file

@ -0,0 +1,7 @@
Heroku Deployment
===
You can quickly setup a sample Heroku CodiMD application by clicking the button
below.
[![Deploy on Heroku](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/codimd/server/tree/master)

6
docs/setup/kubernetes.md Normal file
View file

@ -0,0 +1,6 @@
Kubernetes
===
To install use `helm install stable/hackmd`.
For all further details, please check out the offical CodiMD [K8s helm chart](https://github.com/kubernetes/charts/tree/master/stable/hackmd).

View file

@ -0,0 +1,39 @@
Manual Installation
===
## Requirements on your server
- Node.js 8.5 or up
- Database (PostgreSQL, MySQL, MariaDB, SQLite, MSSQL) use charset `utf8`
- npm (and its dependencies, [node-gyp](https://github.com/nodejs/node-gyp#installation))
- yarn
- Bash (for the setup script)
- For **building** CodiMD we recommend to use a machine with at least **2GB** RAM
## Instructions
1. Check if you meet the [requirements at the top of this document](#requirements-on-your-server).
2. Clone this repository (preferred) or download a release and unzip it.
3. Enter the directory and type `bin/setup`, which will install npm dependencies and create configs.
4. Setup the configs, see more below
5. Setup environment variables which will overwrite the configs
6. Build front-end bundle by `npm run build` (use `npm run dev` if you are in development)
7. Modify the file named `.sequelizerc`, change the value of the variable `url` with your db connection string
For example: `postgres://username:password@localhost:5432/codimd`
8. It is recommended to start your server manually once: `npm start --production`, this way it's easier to see warnings or errors that might occur (leave out `--production` for development).
9. Run the server as you like (node, forever, pm2, SystemD, Init-Scripts)
## How to upgrade your installation
If you are upgrading CodiMD from an older version, follow these steps:
1. Check if you meet the [requirements at the top of this document](#requirements-on-your-server).
2. Verify which version you were running before and take a look at [migrations and breaking changes](../guides/migrations-and-breaking-changes.md) to see if additional steps, or configuration changes are necessary!
3. Fully stop your old CodiMD server.
4. `git pull` or unzip a new release in the directory.
5. Run `bin/setup`. This will take care of installing dependencies. It is safe to run on an existing installation.
6. Build front-end bundle by `npm run build` (use `npm run dev` if you are in development).
7. It is recommended to start your server manually once: `npm start --production`, this way it's easier to see warnings or errors that might occur (leave out `--production` for development).
8. You can now restart the CodiMD server!

161
docs/slide-options.md Normal file
View file

@ -0,0 +1,161 @@
Slide Separators
===
If you're getting started with reveal.js slides, there are a few things you need to know.
There are two types of slides, those that transition horizontally and those that transition vertically (subslides).
The following separators are used for each in the CodiMD syntax:
```
# First Slide
---
# Next slide
----
## Subslide
```
as you can see, horizontal transitions are separated by `---` and vertical transitions by `----`
## Basic YAML header
It's possible to customise the slide options using the YAML header in the slide markdown.
eg:
```
---
title: Example Slide
tags: presentation
slideOptions:
theme: solarized
transition: 'fade'
# parallaxBackgroundImage: 'https://s3.amazonaws.com/hakim-static/reveal-js/reveal-parallax-1.jpg'
---
```
make sure to have two spaces only at the start of the listed slide options.
you can comment out options with a `#`
### Some other options
```
# Display controls in the bottom right corner
controls: true
# Display a presentation progress bar
progress: true
# Set default timing of 2 minutes per slide
defaultTiming: 120
# Display the page number of the current slide
slideNumber: false
# Push each slide change to the browser history
history: false
# Enable keyboard shortcuts for navigation
keyboard: true
# Enable the slide overview mode
overview: true
# Vertical centering of slides
center: true
# Enables touch navigation on devices with touch input
touch: true
# Loop the presentation
loop: false
# Change the presentation direction to be RTL
rtl: false
# Randomizes the order of slides each time the presentation loads
shuffle: false
# Turns fragments on and off globally
fragments: true
# Flags if the presentation is running in an embedded mode,
# i.e. contained within a limited portion of the screen
embedded: false
# Flags if we should show a help overlay when the questionmark
# key is pressed
help: true
# Flags if speaker notes should be visible to all viewers
showNotes: false
# Global override for autolaying embedded media (video/audio/iframe)
# - null: Media will only autoplay if data-autoplay is present
# - true: All media will autoplay, regardless of individual setting
# - false: No media will autoplay, regardless of individual setting
autoPlayMedia: null
# Number of milliseconds between automatically proceeding to the
# next slide, disabled when set to 0, this value can be overwritten
# by using a data-autoslide attribute on your slides
autoSlide: 0
# Stop auto-sliding after user input
autoSlideStoppable: true
# Use this method for navigation when auto-sliding
autoSlideMethod: Reveal.navigateNext
# Enable slide navigation via mouse wheel
mouseWheel: false
# Hides the address bar on mobile devices
hideAddressBar: true
# Opens links in an iframe preview overlay
previewLinks: false
# Transition style
transition: 'slide'
# none/fade/slide/convex/concave/zoom
# Transition speed
transitionSpeed: 'default'
# default/fast/slow
# Transition style for full page slide backgrounds
backgroundTransition: 'fade'
# none/fade/slide/convex/concave/zoom
# Number of slides away from the current that are visible
viewDistance: 3
# Parallax background image
parallaxBackgroundImage: ''
# e.g. "'https://s3.amazonaws.com/hakim-static/reveal-js/reveal-parallax-1.jpg'"
# Parallax background size
parallaxBackgroundSize: ''
# CSS syntax, e.g. "2100px 900px"
# Number of pixels to move the parallax background per slide
# - Calculated automatically unless specified
# - Set to 0 to disable movement along an axis
parallaxBackgroundHorizontal: null
parallaxBackgroundVertical: null
# The display mode that will be used to show slides
display: 'block'
```
## Customising individual slides
custom background image:
```
---
<!-- .slide: data-background="https://s3.amazonaws.com/hakim-static/reveal-js/reveal-parallax-1.jpg" -->
#### testslide
---
```

View file

@ -1,15 +1,19 @@
'use strict' 'use strict'
const os = require('os')
module.exports = { module.exports = {
domain: '', domain: '',
urlpath: '', urlPath: '',
host: '0.0.0.0',
port: 3000, port: 3000,
urladdport: false, loglevel: 'info',
alloworigin: ['localhost'], urlAddPort: false,
usessl: false, allowOrigin: ['localhost'],
useSSL: false,
hsts: { hsts: {
enable: true, enable: true,
maxAgeSeconds: 31536000, maxAgeSeconds: 60 * 60 * 24 * 365,
includeSubdomains: true, includeSubdomains: true,
preload: true preload: true
}, },
@ -18,42 +22,49 @@ module.exports = {
directives: { directives: {
}, },
addDefaults: true, addDefaults: true,
upgradeInsecureRequests: 'auto' addDisqus: true,
addGoogleAnalytics: true,
upgradeInsecureRequests: 'auto',
reportURI: undefined
}, },
protocolusessl: false, protocolUseSSL: false,
usecdn: true, useCDN: true,
allowanonymous: true, allowAnonymous: true,
allowanonymousedits: false, allowAnonymousEdits: false,
allowfreeurl: false, allowFreeURL: false,
defaultpermission: 'editable', forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api'],
dburl: '', defaultPermission: 'editable',
dbURL: '',
db: {}, db: {},
// ssl path // ssl path
sslkeypath: '', sslKeyPath: '',
sslcertpath: '', sslCertPath: '',
sslcapath: '', sslCAPath: '',
dhparampath: '', dhParamPath: '',
// other path // other path
tmppath: './tmp', viewPath: './public/views',
defaultnotepath: './public/default.md', tmpPath: os.tmpdir(),
docspath: './public/docs', defaultNotePath: './public/default.md',
indexpath: './public/views/index.ejs', docsPath: './public/docs',
hackmdpath: './public/views/hackmd.ejs', uploadsPath: './public/uploads',
errorpath: './public/views/error.ejs',
prettypath: './public/views/pretty.ejs',
slidepath: './public/views/slide.ejs',
// session // session
sessionname: 'connect.sid', sessionName: 'connect.sid',
sessionsecret: 'secret', sessionSecret: 'secret',
sessionlife: 14 * 24 * 60 * 60 * 1000, // 14 days sessionSecretLen: 128,
staticcachetime: 1 * 24 * 60 * 60 * 1000, // 1 day sessionLife: 14 * 24 * 60 * 60 * 1000, // 14 days
staticCacheTime: 1 * 24 * 60 * 60 * 1000, // 1 day
// socket.io // socket.io
heartbeatinterval: 5000, heartbeatInterval: 5000,
heartbeattimeout: 10000, heartbeatTimeout: 10000,
// too busy timeout
tooBusyLag: 70,
// document // document
documentmaxlength: 100000, documentMaxLength: 100000,
// image upload setting, available options are imgur/s3/filesystem // image upload setting, available options are imgur/s3/filesystem/azure/lutim
imageUploadType: 'filesystem', imageUploadType: 'filesystem',
lutim: {
url: 'https://framapic.org/'
},
imgur: { imgur: {
clientID: undefined clientID: undefined
}, },
@ -70,7 +81,18 @@ module.exports = {
port: 9000 port: 9000
}, },
s3bucket: undefined, s3bucket: undefined,
azure: {
connectionString: undefined,
container: undefined
},
// authentication // authentication
oauth2: {
providerName: undefined,
authorizationURL: undefined,
tokenURL: undefined,
clientID: undefined,
clientSecret: undefined
},
facebook: { facebook: {
clientID: undefined, clientID: undefined,
clientSecret: undefined clientSecret: undefined
@ -87,7 +109,8 @@ module.exports = {
baseURL: undefined, baseURL: undefined,
clientID: undefined, clientID: undefined,
clientSecret: undefined, clientSecret: undefined,
scope: undefined scope: undefined,
version: 'v4'
}, },
mattermost: { mattermost: {
baseURL: undefined, baseURL: undefined,
@ -108,11 +131,11 @@ module.exports = {
url: undefined, url: undefined,
bindDn: undefined, bindDn: undefined,
bindCredentials: undefined, bindCredentials: undefined,
tokenSecret: undefined,
searchBase: undefined, searchBase: undefined,
searchFilter: undefined, searchFilter: undefined,
searchAttributes: undefined, searchAttributes: undefined,
usernameField: undefined, usernameField: undefined,
useridField: undefined,
tlsca: undefined tlsca: undefined
}, },
saml: { saml: {
@ -120,6 +143,7 @@ module.exports = {
idpCert: undefined, idpCert: undefined,
issuer: undefined, issuer: undefined,
identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
disableRequestedAuthnContext: false,
groupAttribute: undefined, groupAttribute: undefined,
externalGroups: [], externalGroups: [],
requiredGroups: [], requiredGroups: [],
@ -130,6 +154,8 @@ module.exports = {
} }
}, },
email: true, email: true,
allowemailregister: true, allowEmailRegister: true,
allowpdfexport: true allowGravatar: true,
allowPDFExport: true,
openID: false
} }

View file

@ -10,8 +10,8 @@ function getFile (path) {
} }
module.exports = { module.exports = {
sslkeypath: getFile('/run/secrets/key.pem'), sslKeyPath: getFile('/run/secrets/key.pem'),
sslcertpath: getFile('/run/secrets/cert.pem'), sslCertPath: getFile('/run/secrets/cert.pem'),
sslcapath: getFile('/run/secrets/ca.pem') !== undefined ? [getFile('/run/secrets/ca.pem')] : [], sslCAPath: getFile('/run/secrets/ca.pem') !== undefined ? [getFile('/run/secrets/ca.pem')] : [],
dhparampath: getFile('/run/secrets/dhparam.pem') dhParamPath: getFile('/run/secrets/dhparam.pem')
} }

View file

@ -13,6 +13,7 @@ function getSecret (secret) {
if (fs.existsSync(basePath)) { if (fs.existsSync(basePath)) {
module.exports = { module.exports = {
dbURL: getSecret('dbURL'),
sessionsecret: getSecret('sessionsecret'), sessionsecret: getSecret('sessionsecret'),
sslkeypath: getSecret('sslkeypath'), sslkeypath: getSecret('sslkeypath'),
sslcertpath: getSecret('sslcertpath'), sslcertpath: getSecret('sslcertpath'),
@ -22,6 +23,9 @@ if (fs.existsSync(basePath)) {
accessKeyId: getSecret('s3_acccessKeyId'), accessKeyId: getSecret('s3_acccessKeyId'),
secretAccessKey: getSecret('s3_secretAccessKey') secretAccessKey: getSecret('s3_secretAccessKey')
}, },
azure: {
connectionString: getSecret('azure_connectionString')
},
facebook: { facebook: {
clientID: getSecret('facebook_clientID'), clientID: getSecret('facebook_clientID'),
clientSecret: getSecret('facebook_clientSecret') clientSecret: getSecret('facebook_clientSecret')

View file

@ -1,106 +1,137 @@
'use strict' 'use strict'
const {toBooleanConfig, toArrayConfig} = require('./utils') const { toBooleanConfig, toArrayConfig, toIntegerConfig } = require('./utils')
module.exports = { module.exports = {
domain: process.env.HMD_DOMAIN, sourceURL: process.env.CMD_SOURCE_URL,
urlpath: process.env.HMD_URL_PATH, domain: process.env.CMD_DOMAIN,
port: process.env.HMD_PORT, urlPath: process.env.CMD_URL_PATH,
urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT), host: process.env.CMD_HOST,
usessl: toBooleanConfig(process.env.HMD_USESSL), port: toIntegerConfig(process.env.CMD_PORT),
path: process.env.CMD_PATH,
loglevel: process.env.CMD_LOGLEVEL,
urlAddPort: toBooleanConfig(process.env.CMD_URL_ADDPORT),
useSSL: toBooleanConfig(process.env.CMD_USESSL),
hsts: { hsts: {
enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), enable: toBooleanConfig(process.env.CMD_HSTS_ENABLE),
maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE, maxAgeSeconds: toIntegerConfig(process.env.CMD_HSTS_MAX_AGE),
includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS), includeSubdomains: toBooleanConfig(process.env.CMD_HSTS_INCLUDE_SUBDOMAINS),
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD) preload: toBooleanConfig(process.env.CMD_HSTS_PRELOAD)
}, },
csp: { csp: {
enable: toBooleanConfig(process.env.HMD_CSP_ENABLE) enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
reportURI: process.env.CMD_CSP_REPORTURI
}, },
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN), allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
usecdn: toBooleanConfig(process.env.HMD_USECDN), useCDN: toBooleanConfig(process.env.CMD_USECDN),
allowanonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS), allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
allowanonymousedits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS), allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
allowfreeurl: toBooleanConfig(process.env.HMD_ALLOW_FREEURL), allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
defaultpermission: process.env.HMD_DEFAULT_PERMISSION, forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
dburl: process.env.HMD_DB_URL, defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE, dbURL: process.env.CMD_DB_URL,
sessionSecret: process.env.CMD_SESSION_SECRET,
sessionLife: toIntegerConfig(process.env.CMD_SESSION_LIFE),
tooBusyLag: toIntegerConfig(process.env.CMD_TOOBUSY_LAG),
imageUploadType: process.env.CMD_IMAGE_UPLOAD_TYPE,
imgur: { imgur: {
clientID: process.env.HMD_IMGUR_CLIENTID clientID: process.env.CMD_IMGUR_CLIENTID
}, },
s3: { s3: {
accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID, accessKeyId: process.env.CMD_S3_ACCESS_KEY_ID,
secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY, secretAccessKey: process.env.CMD_S3_SECRET_ACCESS_KEY,
region: process.env.HMD_S3_REGION region: process.env.CMD_S3_REGION
}, },
minio: { minio: {
accessKey: process.env.HMD_MINIO_ACCESS_KEY, accessKey: process.env.CMD_MINIO_ACCESS_KEY,
secretKey: process.env.HMD_MINIO_SECRET_KEY, secretKey: process.env.CMD_MINIO_SECRET_KEY,
endPoint: process.env.HMD_MINIO_ENDPOINT, endPoint: process.env.CMD_MINIO_ENDPOINT,
secure: toBooleanConfig(process.env.HMD_MINIO_SECURE), secure: toBooleanConfig(process.env.CMD_MINIO_SECURE),
port: process.env.HMD_MINIO_PORT port: toIntegerConfig(process.env.CMD_MINIO_PORT)
},
lutim: {
url: process.env.CMD_LUTIM_URL
},
s3bucket: process.env.CMD_S3_BUCKET,
azure: {
connectionString: process.env.CMD_AZURE_CONNECTION_STRING,
container: process.env.CMD_AZURE_CONTAINER
}, },
s3bucket: process.env.HMD_S3_BUCKET,
facebook: { facebook: {
clientID: process.env.HMD_FACEBOOK_CLIENTID, clientID: process.env.CMD_FACEBOOK_CLIENTID,
clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET clientSecret: process.env.CMD_FACEBOOK_CLIENTSECRET
}, },
twitter: { twitter: {
consumerKey: process.env.HMD_TWITTER_CONSUMERKEY, consumerKey: process.env.CMD_TWITTER_CONSUMERKEY,
consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET consumerSecret: process.env.CMD_TWITTER_CONSUMERSECRET
}, },
github: { github: {
clientID: process.env.HMD_GITHUB_CLIENTID, clientID: process.env.CMD_GITHUB_CLIENTID,
clientSecret: process.env.HMD_GITHUB_CLIENTSECRET clientSecret: process.env.CMD_GITHUB_CLIENTSECRET
}, },
gitlab: { gitlab: {
baseURL: process.env.HMD_GITLAB_BASEURL, baseURL: process.env.CMD_GITLAB_BASEURL,
clientID: process.env.HMD_GITLAB_CLIENTID, clientID: process.env.CMD_GITLAB_CLIENTID,
clientSecret: process.env.HMD_GITLAB_CLIENTSECRET, clientSecret: process.env.CMD_GITLAB_CLIENTSECRET,
scope: process.env.HMD_GITLAB_SCOPE scope: process.env.CMD_GITLAB_SCOPE
}, },
mattermost: { mattermost: {
baseURL: process.env.HMD_MATTERMOST_BASEURL, baseURL: process.env.CMD_MATTERMOST_BASEURL,
clientID: process.env.HMD_MATTERMOST_CLIENTID, clientID: process.env.CMD_MATTERMOST_CLIENTID,
clientSecret: process.env.HMD_MATTERMOST_CLIENTSECRET clientSecret: process.env.CMD_MATTERMOST_CLIENTSECRET
},
oauth2: {
providerName: process.env.CMD_OAUTH2_PROVIDERNAME,
baseURL: process.env.CMD_OAUTH2_BASEURL,
userProfileURL: process.env.CMD_OAUTH2_USER_PROFILE_URL,
userProfileUsernameAttr: process.env.CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR,
userProfileDisplayNameAttr: process.env.CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR,
userProfileEmailAttr: process.env.CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR,
tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL,
clientID: process.env.CMD_OAUTH2_CLIENT_ID,
clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET
}, },
dropbox: { dropbox: {
clientID: process.env.HMD_DROPBOX_CLIENTID, clientID: process.env.CMD_DROPBOX_CLIENTID,
clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET, clientSecret: process.env.CMD_DROPBOX_CLIENTSECRET,
appKey: process.env.HMD_DROPBOX_APPKEY appKey: process.env.CMD_DROPBOX_APPKEY
}, },
google: { google: {
clientID: process.env.HMD_GOOGLE_CLIENTID, clientID: process.env.CMD_GOOGLE_CLIENTID,
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET clientSecret: process.env.CMD_GOOGLE_CLIENTSECRET
}, },
ldap: { ldap: {
providerName: process.env.HMD_LDAP_PROVIDERNAME, providerName: process.env.CMD_LDAP_PROVIDERNAME,
url: process.env.HMD_LDAP_URL, url: process.env.CMD_LDAP_URL,
bindDn: process.env.HMD_LDAP_BINDDN, bindDn: process.env.CMD_LDAP_BINDDN,
bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS, bindCredentials: process.env.CMD_LDAP_BINDCREDENTIALS,
tokenSecret: process.env.HMD_LDAP_TOKENSECRET, searchBase: process.env.CMD_LDAP_SEARCHBASE,
searchBase: process.env.HMD_LDAP_SEARCHBASE, searchFilter: process.env.CMD_LDAP_SEARCHFILTER,
searchFilter: process.env.HMD_LDAP_SEARCHFILTER, searchAttributes: toArrayConfig(process.env.CMD_LDAP_SEARCHATTRIBUTES),
searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES), usernameField: process.env.CMD_LDAP_USERNAMEFIELD,
usernameField: process.env.HMD_LDAP_USERNAMEFIELD, useridField: process.env.CMD_LDAP_USERIDFIELD,
tlsca: process.env.HMD_LDAP_TLS_CA tlsca: process.env.CMD_LDAP_TLS_CA
}, },
saml: { saml: {
idpSsoUrl: process.env.HMD_SAML_IDPSSOURL, idpSsoUrl: process.env.CMD_SAML_IDPSSOURL,
idpCert: process.env.HMD_SAML_IDPCERT, idpCert: process.env.CMD_SAML_IDPCERT,
issuer: process.env.HMD_SAML_ISSUER, issuer: process.env.CMD_SAML_ISSUER,
identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT, identifierFormat: process.env.CMD_SAML_IDENTIFIERFORMAT,
groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE, disableRequestedAuthnContext: toBooleanConfig(process.env.CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []), groupAttribute: process.env.CMD_SAML_GROUPATTRIBUTE,
requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []), externalGroups: toArrayConfig(process.env.CMD_SAML_EXTERNALGROUPS, '|', []),
requiredGroups: toArrayConfig(process.env.CMD_SAML_REQUIREDGROUPS, '|', []),
attribute: { attribute: {
id: process.env.HMD_SAML_ATTRIBUTE_ID, id: process.env.CMD_SAML_ATTRIBUTE_ID,
username: process.env.HMD_SAML_ATTRIBUTE_USERNAME, username: process.env.CMD_SAML_ATTRIBUTE_USERNAME,
email: process.env.HMD_SAML_ATTRIBUTE_EMAIL email: process.env.CMD_SAML_ATTRIBUTE_EMAIL
} }
}, },
email: toBooleanConfig(process.env.HMD_EMAIL), email: toBooleanConfig(process.env.CMD_EMAIL),
allowemailregister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
allowpdfexport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT),
openID: toBooleanConfig(process.env.CMD_OPENID)
} }

View file

@ -0,0 +1,125 @@
'use strict'
const { toBooleanConfig, toArrayConfig, toIntegerConfig } = require('./utils')
module.exports = {
domain: process.env.HMD_DOMAIN,
urlPath: process.env.HMD_URL_PATH,
port: toIntegerConfig(process.env.HMD_PORT),
urlAddPort: toBooleanConfig(process.env.HMD_URL_ADDPORT),
useSSL: toBooleanConfig(process.env.HMD_USESSL),
hsts: {
enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
maxAgeSeconds: toIntegerConfig(process.env.HMD_HSTS_MAX_AGE),
includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
},
csp: {
enable: toBooleanConfig(process.env.HMD_CSP_ENABLE),
reportURI: process.env.HMD_CSP_REPORTURI
},
protocolUseSSL: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
allowOrigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
useCDN: toBooleanConfig(process.env.HMD_USECDN),
allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
defaultPermission: process.env.HMD_DEFAULT_PERMISSION,
dbURL: process.env.HMD_DB_URL,
sessionSecret: process.env.HMD_SESSION_SECRET,
sessionLife: toIntegerConfig(process.env.HMD_SESSION_LIFE),
imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE,
imgur: {
clientID: process.env.HMD_IMGUR_CLIENTID
},
s3: {
accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID,
secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY,
region: process.env.HMD_S3_REGION
},
minio: {
accessKey: process.env.HMD_MINIO_ACCESS_KEY,
secretKey: process.env.HMD_MINIO_SECRET_KEY,
endPoint: process.env.HMD_MINIO_ENDPOINT,
secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
port: toIntegerConfig(process.env.HMD_MINIO_PORT)
},
s3bucket: process.env.HMD_S3_BUCKET,
azure: {
connectionString: process.env.HMD_AZURE_CONNECTION_STRING,
container: process.env.HMD_AZURE_CONTAINER
},
facebook: {
clientID: process.env.HMD_FACEBOOK_CLIENTID,
clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET
},
twitter: {
consumerKey: process.env.HMD_TWITTER_CONSUMERKEY,
consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET
},
github: {
clientID: process.env.HMD_GITHUB_CLIENTID,
clientSecret: process.env.HMD_GITHUB_CLIENTSECRET
},
gitlab: {
baseURL: process.env.HMD_GITLAB_BASEURL,
clientID: process.env.HMD_GITLAB_CLIENTID,
clientSecret: process.env.HMD_GITLAB_CLIENTSECRET,
scope: process.env.HMD_GITLAB_SCOPE
},
mattermost: {
baseURL: process.env.HMD_MATTERMOST_BASEURL,
clientID: process.env.HMD_MATTERMOST_CLIENTID,
clientSecret: process.env.HMD_MATTERMOST_CLIENTSECRET
},
oauth2: {
baseURL: process.env.HMD_OAUTH2_BASEURL,
userProfileURL: process.env.HMD_OAUTH2_USER_PROFILE_URL,
userProfileUsernameAttr: process.env.HMD_OAUTH2_USER_PROFILE_USERNAME_ATTR,
userProfileDisplayNameAttr: process.env.HMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR,
userProfileEmailAttr: process.env.HMD_OAUTH2_USER_PROFILE_EMAIL_ATTR,
tokenURL: process.env.HMD_OAUTH2_TOKEN_URL,
authorizationURL: process.env.HMD_OAUTH2_AUTHORIZATION_URL,
clientID: process.env.HMD_OAUTH2_CLIENT_ID,
clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET
},
dropbox: {
clientID: process.env.HMD_DROPBOX_CLIENTID,
clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET,
appKey: process.env.HMD_DROPBOX_APPKEY
},
google: {
clientID: process.env.HMD_GOOGLE_CLIENTID,
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
},
ldap: {
providerName: process.env.HMD_LDAP_PROVIDERNAME,
url: process.env.HMD_LDAP_URL,
bindDn: process.env.HMD_LDAP_BINDDN,
bindCredentials: process.env.HMD_LDAP_BINDCREDENTIALS,
searchBase: process.env.HMD_LDAP_SEARCHBASE,
searchFilter: process.env.HMD_LDAP_SEARCHFILTER,
searchAttributes: toArrayConfig(process.env.HMD_LDAP_SEARCHATTRIBUTES),
usernameField: process.env.HMD_LDAP_USERNAMEFIELD,
useridField: process.env.HMD_LDAP_USERIDFIELD,
tlsca: process.env.HMD_LDAP_TLS_CA
},
saml: {
idpSsoUrl: process.env.HMD_SAML_IDPSSOURL,
idpCert: process.env.HMD_SAML_IDPCERT,
issuer: process.env.HMD_SAML_ISSUER,
identifierFormat: process.env.HMD_SAML_IDENTIFIERFORMAT,
disableRequestedAuthnContext: toBooleanConfig(process.env.HMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT),
groupAttribute: process.env.HMD_SAML_GROUPATTRIBUTE,
externalGroups: toArrayConfig(process.env.HMD_SAML_EXTERNALGROUPS, '|', []),
requiredGroups: toArrayConfig(process.env.HMD_SAML_REQUIREDGROUPS, '|', []),
attribute: {
id: process.env.HMD_SAML_ATTRIBUTE_ID,
username: process.env.HMD_SAML_ATTRIBUTE_USERNAME,
email: process.env.HMD_SAML_ATTRIBUTE_EMAIL
}
},
email: toBooleanConfig(process.env.HMD_EMAIL),
allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER),
allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
}

View file

@ -1,37 +1,56 @@
'use strict' 'use strict'
const crypto = require('crypto')
const fs = require('fs') const fs = require('fs')
const path = require('path') const path = require('path')
const {merge} = require('lodash') const { merge } = require('lodash')
const deepFreeze = require('deep-freeze') const deepFreeze = require('deep-freeze')
const {Environment, Permission} = require('./enum') const { Environment, Permission } = require('./enum')
const logger = require('../logger')
const { getGitCommit, getGitHubURL } = require('./utils')
const appRootPath = path.join(__dirname, '../../') const appRootPath = path.resolve(__dirname, '../../')
const env = process.env.NODE_ENV || Environment.development const env = process.env.NODE_ENV || Environment.development
const debugConfig = { const debugConfig = {
debug: (env === Environment.development) debug: (env === Environment.development)
} }
const {version} = require(path.join(appRootPath, 'package.json')) // Get version string from package.json
const { version, repository } = require(path.join(appRootPath, 'package.json'))
const commitID = getGitCommit(appRootPath)
const sourceURL = getGitHubURL(repository.url, commitID || version)
const fullversion = commitID ? `${version}-${commitID}` : version
const packageConfig = { const packageConfig = {
version: version, version: version,
minimumCompatibleVersion: '0.5.0' minimumCompatibleVersion: '0.5.0',
fullversion: fullversion,
sourceURL: sourceURL
} }
const configFilePath = path.join(__dirname, '../../config.json') const configFilePath = path.resolve(appRootPath, process.env.CMD_CONFIG_FILE ||
'config.json')
const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
let config = require('./default') let config = require('./default')
merge(config, require('./defaultSSL')) merge(config, require('./defaultSSL'))
merge(config, require('./oldDefault'))
merge(config, debugConfig) merge(config, debugConfig)
merge(config, packageConfig) merge(config, packageConfig)
merge(config, fileConfig) merge(config, fileConfig)
merge(config, require('./oldEnvironment')) merge(config, require('./oldEnvironment'))
merge(config, require('./hackmdEnvironment'))
merge(config, require('./environment')) merge(config, require('./environment'))
merge(config, require('./dockerSecret')) merge(config, require('./dockerSecret'))
if (['debug', 'verbose', 'info', 'warn', 'error'].includes(config.loglevel)) {
logger.level = config.loglevel
} else {
logger.error('Selected loglevel %s doesn\'t exist, using default level \'debug\'. Available options: debug, verbose, info, warn, error', config.loglevel)
}
// load LDAP CA // load LDAP CA
if (config.ldap.tlsca) { if (config.ldap.tlsca) {
let ca = config.ldap.tlsca.split(',') let ca = config.ldap.tlsca.split(',')
@ -49,39 +68,43 @@ if (config.ldap.tlsca) {
// Permission // Permission
config.permission = Permission config.permission = Permission
if (!config.allowanonymous && !config.allowanonymousedits) { if (!config.allowAnonymous && !config.allowAnonymousEdits) {
delete config.permission.freely delete config.permission.freely
} }
if (!(config.defaultpermission in config.permission)) { if (!(config.defaultPermission in config.permission)) {
config.defaultpermission = config.permission.editable config.defaultPermission = config.permission.editable
} }
// cache result, cannot change config in runtime!!! // cache result, cannot change config in runtime!!!
config.isStandardHTTPsPort = (function isStandardHTTPsPort () { config.isStandardHTTPsPort = (function isStandardHTTPsPort () {
return config.usessl && config.port === 443 return config.useSSL && config.port === 443
})() })()
config.isStandardHTTPPort = (function isStandardHTTPPort () { config.isStandardHTTPPort = (function isStandardHTTPPort () {
return !config.usessl && config.port === 80 return !config.useSSL && config.port === 80
})() })()
// cache serverURL // cache serverURL
config.serverurl = (function getserverurl () { config.serverURL = (function getserverurl () {
var url = '' var url = ''
if (config.domain) { if (config.domain) {
var protocol = config.protocolusessl ? 'https://' : 'http://' var protocol = config.protocolUseSSL ? 'https://' : 'http://'
url = protocol + config.domain url = protocol + config.domain
if (config.urladdport) { if (config.urlAddPort) {
if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) { if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) {
url += ':' + config.port url += ':' + config.port
} }
} }
} }
if (config.urlpath) { if (config.urlPath) {
url += '/' + config.urlpath url += '/' + config.urlPath
} }
return url return url
})() })()
if (config.serverURL === '') {
logger.warn('Neither \'domain\' nor \'CMD_DOMAIN\' is configured. This can cause issues with various components.\nHint: Make sure \'protocolUseSSL\' and \'urlAddPort\' or \'CMD_PROTOCOL_USESSL\' and \'CMD_URL_ADDPORT\' are configured properly.')
}
config.Environment = Environment config.Environment = Environment
// auth method // auth method
@ -90,12 +113,61 @@ config.isGoogleEnable = config.google.clientID && config.google.clientSecret
config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
config.isEmailEnable = config.email config.isEmailEnable = config.email
config.isOpenIDEnable = config.openID
config.isGitHubEnable = config.github.clientID && config.github.clientSecret config.isGitHubEnable = config.github.clientID && config.github.clientSecret
config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
config.isLDAPEnable = config.ldap.url config.isLDAPEnable = config.ldap.url
config.isSAMLEnable = config.saml.idpSsoUrl config.isSAMLEnable = config.saml.idpSsoUrl
config.isPDFExportEnable = config.allowpdfexport config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret
config.isPDFExportEnable = config.allowPDFExport
// Check gitlab api version
if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') {
logger.warn('config.js contains wrong version (' + config.gitlab.version + ') for gitlab api; it should be \'v3\' or \'v4\'. Defaulting to v4')
config.gitlab.version = 'v4'
}
// If gitlab scope is api, enable snippets Export/import
config.isGitlabSnippetsEnable = (!config.gitlab.scope || config.gitlab.scope === 'api') && config.isGitLabEnable
// Only update i18n files in development setups
config.updateI18nFiles = (env === Environment.development)
// merge legacy values
let keys = Object.keys(config)
const uppercase = /[A-Z]/
for (let i = keys.length; i--;) {
let lowercaseKey = keys[i].toLowerCase()
// if the config contains uppercase letters
// and a lowercase version of this setting exists
// and the config with uppercase is not set
// we set the new config using the old key.
if (uppercase.test(keys[i]) &&
config[lowercaseKey] !== undefined &&
fileConfig[keys[i]] === undefined) {
logger.warn('config.js contains deprecated lowercase setting for ' + keys[i] + '. Please change your config.js file to replace ' + lowercaseKey + ' with ' + keys[i])
config[keys[i]] = config[lowercaseKey]
}
}
// Notify users about the prefix change and inform them they use legacy prefix for environment variables
if (Object.keys(process.env).toString().indexOf('HMD_') !== -1) {
logger.warn('Using legacy HMD prefix for environment variables. Please change your variables in future. For details see: https://github.com/codimd/server#environment-variables-will-overwrite-other-server-configs')
}
// Generate session secret if it stays on default values
if (config.sessionSecret === 'secret') {
logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.')
config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number
.toString('hex') // convert to hexadecimal format
.slice(0, config.sessionSecretLen) // return required number of characters
}
// Validate upload upload providers
if (['filesystem', 's3', 'minio', 'imgur', 'azure', 'lutim'].indexOf(config.imageUploadType) === -1) {
logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio", "azure", "lutim" or "imgur". Defaulting to "filesystem"')
config.imageUploadType = 'filesystem'
}
// figure out mime types for image uploads // figure out mime types for image uploads
switch (config.imageUploadType) { switch (config.imageUploadType) {
@ -118,22 +190,18 @@ switch (config.imageUploadType) {
} }
// generate correct path // generate correct path
config.sslcapath.forEach(function (capath, i, array) { config.sslCAPath.forEach(function (capath, i, array) {
array[i] = path.resolve(appRootPath, capath) array[i] = path.resolve(appRootPath, capath)
}) })
config.sslcertpath = path.join(appRootPath, config.sslcertpath) config.sslCertPath = path.resolve(appRootPath, config.sslCertPath)
config.sslkeypath = path.join(appRootPath, config.sslkeypath) config.sslKeyPath = path.resolve(appRootPath, config.sslKeyPath)
config.dhparampath = path.join(appRootPath, config.dhparampath) config.dhParamPath = path.resolve(appRootPath, config.dhParamPath)
config.viewPath = path.resolve(appRootPath, config.viewPath)
config.tmppath = path.join(appRootPath, config.tmppath) config.tmpPath = path.resolve(appRootPath, config.tmpPath)
config.defaultnotepath = path.join(appRootPath, config.defaultnotepath) config.defaultNotePath = path.resolve(appRootPath, config.defaultNotePath)
config.docspath = path.join(appRootPath, config.docspath) config.docsPath = path.resolve(appRootPath, config.docsPath)
config.indexpath = path.join(appRootPath, config.indexpath) config.uploadsPath = path.resolve(appRootPath, config.uploadsPath)
config.hackmdpath = path.join(appRootPath, config.hackmdpath)
config.errorpath = path.join(appRootPath, config.errorpath)
config.prettypath = path.join(appRootPath, config.prettypath)
config.slidepath = path.join(appRootPath, config.slidepath)
// make config readonly // make config readonly
config = deepFreeze(config) config = deepFreeze(config)

42
lib/config/oldDefault.js Normal file
View file

@ -0,0 +1,42 @@
'use strict'
module.exports = {
urlpath: undefined,
urladdport: undefined,
alloworigin: undefined,
usessl: undefined,
protocolusessl: undefined,
usecdn: undefined,
allowanonymous: undefined,
allowanonymousedits: undefined,
allowfreeurl: undefined,
defaultpermission: undefined,
dburl: undefined,
// ssl path
sslkeypath: undefined,
sslcertpath: undefined,
sslcapath: undefined,
dhparampath: undefined,
// other path
tmppath: undefined,
defaultnotepath: undefined,
docspath: undefined,
indexpath: undefined,
hackmdpath: undefined,
errorpath: undefined,
prettypath: undefined,
slidepath: undefined,
// session
sessionname: undefined,
sessionsecret: undefined,
sessionlife: undefined,
staticcachetime: undefined,
// socket.io
heartbeatinterval: undefined,
heartbeattimeout: undefined,
// document
documentmaxlength: undefined,
imageuploadtype: undefined,
allowemailregister: undefined,
allowpdfexport: undefined
}

View file

@ -1,6 +1,6 @@
'use strict' 'use strict'
const {toBooleanConfig} = require('./utils') const { toBooleanConfig } = require('./utils')
module.exports = { module.exports = {
debug: toBooleanConfig(process.env.DEBUG), debug: toBooleanConfig(process.env.DEBUG),

View file

@ -1,5 +1,8 @@
'use strict' 'use strict'
const fs = require('fs')
const path = require('path')
exports.toBooleanConfig = function toBooleanConfig (configValue) { exports.toBooleanConfig = function toBooleanConfig (configValue) {
if (configValue && typeof configValue === 'string') { if (configValue && typeof configValue === 'string') {
return (configValue === 'true') return (configValue === 'true')
@ -13,3 +16,40 @@ exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fa
} }
return fallback return fallback
} }
exports.toIntegerConfig = function toIntegerConfig (configValue) {
if (configValue && typeof configValue === 'string') {
return parseInt(configValue)
}
return configValue
}
exports.getGitCommit = function getGitCommit (repodir) {
if (!fs.existsSync(repodir + '/.git/HEAD')) {
return undefined
}
let reference = fs.readFileSync(repodir + '/.git/HEAD', 'utf8')
if (reference.startsWith('ref: ')) {
reference = reference.substr(5).replace('\n', '')
reference = fs.readFileSync(path.resolve(repodir + '/.git', reference), 'utf8')
}
reference = reference.replace('\n', '')
return reference
}
exports.getGitHubURL = function getGitHubURL (repo, reference) {
// if it's not a github reference, we handle handle that anyway
if (!repo.startsWith('https://github.com') && !repo.startsWith('git@github.com')) {
return repo
}
if (repo.startsWith('git@github.com') || repo.startsWith('ssh://git@github.com')) {
repo = repo.replace(/^(ssh:\/\/)?git@github.com:/, 'https://github.com/')
}
if (repo.endsWith('.git')) {
repo = repo.replace(/\.git$/, '/')
} else if (!repo.endsWith('/')) {
repo = repo + '/'
}
return repo + 'tree/' + reference
}

View file

@ -5,12 +5,13 @@ var CspStrategy = {}
var defaultDirectives = { var defaultDirectives = {
defaultSrc: ['\'self\''], defaultSrc: ['\'self\''],
scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', 'https://*.disqus.com', '\'unsafe-eval\''], scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
// ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/hackmd/issues/594 // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
imgSrc: ['*'], imgSrc: ['*'],
styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'], fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/ objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
mediaSrc: ['*'],
childSrc: ['*'], childSrc: ['*'],
connectSrc: ['*'] connectSrc: ['*']
} }
@ -21,15 +22,28 @@ var cdnDirectives = {
fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com'] fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
} }
var disqusDirectives = {
scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'],
styleSrc: ['https://*.disquscdn.com'],
fontSrc: ['https://*.disquscdn.com']
}
var googleAnalyticsDirectives = {
scriptSrc: ['https://www.google-analytics.com']
}
CspStrategy.computeDirectives = function () { CspStrategy.computeDirectives = function () {
var directives = {} var directives = {}
mergeDirectives(directives, config.csp.directives) mergeDirectives(directives, config.csp.directives)
mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives) mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives)
mergeDirectivesIf(config.usecdn, directives, cdnDirectives) mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
if (!areAllInlineScriptsAllowed(directives)) { if (!areAllInlineScriptsAllowed(directives)) {
addInlineScriptExceptions(directives) addInlineScriptExceptions(directives)
} }
addUpgradeUnsafeRequestsOptionTo(directives) addUpgradeUnsafeRequestsOptionTo(directives)
addReportURI(directives)
return directives return directives
} }
@ -57,7 +71,7 @@ function addInlineScriptExceptions (directives) {
directives.scriptSrc.push(getCspNonce) directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
// Any more clean solution appreciated. // Any more clean solution appreciated.
directives.scriptSrc.push('\'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=\'') directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'')
} }
function getCspNonce (req, res) { function getCspNonce (req, res) {
@ -65,13 +79,19 @@ function getCspNonce (req, res) {
} }
function addUpgradeUnsafeRequestsOptionTo (directives) { function addUpgradeUnsafeRequestsOptionTo (directives) {
if (config.csp.upgradeInsecureRequests === 'auto' && config.usessl) { if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
directives.upgradeInsecureRequests = true directives.upgradeInsecureRequests = true
} else if (config.csp.upgradeInsecureRequests === true) { } else if (config.csp.upgradeInsecureRequests === true) {
directives.upgradeInsecureRequests = true directives.upgradeInsecureRequests = true
} }
} }
function addReportURI (directives) {
if (config.csp.reportURI) {
directives.reportUri = config.csp.reportURI
}
}
CspStrategy.addNonceToLocals = function (req, res, next) { CspStrategy.addNonceToLocals = function (req, res, next) {
res.locals.nonce = uuid.v4() res.locals.nonce = uuid.v4()
next() next()

View file

@ -1,9 +1,9 @@
'use strict' 'use strict'
// history // history
// external modules // external modules
var LZString = require('lz-string')
// core // core
var config = require('./config')
var logger = require('./logger') var logger = require('./logger')
var response = require('./response') var response = require('./response')
var models = require('./models') var models = require('./models')
@ -27,11 +27,35 @@ function getHistory (userid, callback) {
} }
var history = {} var history = {}
if (user.history) { if (user.history) {
history = parseHistoryToObject(JSON.parse(user.history)) history = JSON.parse(user.history)
} // migrate LZString encoded note id to base64url encoded note id
if (config.debug) { for (let i = 0, l = history.length; i < l; i++) {
logger.info('read history success: ' + user.id) // Calculate minimal string length for an UUID that is encoded
// base64 encoded and optimize comparsion by using -1
// this should make a lot of LZ-String parsing errors obsolete
// as we can assume that a nodeId that is 48 chars or longer is a
// noteID.
const base64UuidLength = ((4 * 36) / 3) - 1
if (!(history[i].id.length > base64UuidLength)) {
continue
}
try {
let id = LZString.decompressFromBase64(history[i].id)
if (id && models.Note.checkNoteIdValid(id)) {
history[i].id = models.Note.encodeNoteId(id)
}
} catch (err) {
// most error here comes from LZString, ignore
if (err.message === 'Cannot read property \'charAt\' of undefined') {
logger.warning('Looks like we can not decode "' + history[i].id + '" with LZString. Can be ignored.')
} else {
logger.error(err)
}
}
}
history = parseHistoryToObject(history)
} }
logger.debug(`read history success: ${user.id}`)
return callback(null, history) return callback(null, history)
}).catch(function (err) { }).catch(function (err) {
logger.error('read history failed: ' + err) logger.error('read history failed: ' + err)
@ -113,7 +137,7 @@ function historyPost (req, res) {
var noteId = req.params.noteId var noteId = req.params.noteId
if (!noteId) { if (!noteId) {
if (typeof req.body['history'] === 'undefined') return response.errorBadRequest(res) if (typeof req.body['history'] === 'undefined') return response.errorBadRequest(res)
if (config.debug) { logger.info('SERVER received history from [' + req.user.id + ']: ' + req.body.history) } logger.debug(`SERVER received history from [${req.user.id}]: ${req.body.history}`)
try { try {
var history = JSON.parse(req.body.history) var history = JSON.parse(req.body.history)
} catch (err) { } catch (err) {

View file

@ -1,16 +1,18 @@
'use strict' 'use strict'
// external modules // external modules
var randomcolor = require('randomcolor') const crypto = require('crypto')
const randomcolor = require('randomcolor')
const config = require('./config')
// core // core
module.exports = function (name) { exports.generateAvatar = function (name) {
var color = randomcolor({ const color = randomcolor({
seed: name, seed: name,
luminosity: 'dark' luminosity: 'dark'
}) })
var letter = name.substring(0, 1).toUpperCase() const letter = name.substring(0, 1).toUpperCase()
var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>' let svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">' svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'
svg += '<g>' svg += '<g>'
svg += '<rect width="96" height="96" fill="' + color + '" />' svg += '<rect width="96" height="96" fill="' + color + '" />'
@ -20,5 +22,29 @@ module.exports = function (name) {
svg += '</g>' svg += '</g>'
svg += '</svg>' svg += '</svg>'
return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64') return svg
}
exports.generateAvatarURL = function (name, email = '', big = true) {
let photo
if (typeof email !== 'string') {
email = '' + name + '@example.com'
}
name = encodeURIComponent(name)
let hash = crypto.createHash('md5')
hash.update(email.toLowerCase())
let hexDigest = hash.digest('hex')
if (email !== '' && config.allowGravatar) {
photo = 'https://cdn.libravatar.org/avatar/' + hexDigest
if (big) {
photo += '?s=400'
} else {
photo += '?s=96'
}
} else {
photo = config.serverURL + '/user/' + (name || email.substring(0, email.lastIndexOf('@')) || hexDigest) + '/avatar.svg'
}
return photo
} }

View file

@ -1,23 +1,27 @@
'use strict' 'use strict'
const winston = require('winston') const { createLogger, format, transports } = require('winston')
class Logger extends winston.Logger { const logger = createLogger({
// Implement stream.writable.write interface level: 'debug',
write (chunk) { format: format.combine(
this.info(chunk) format.uncolorize(),
format.timestamp(),
format.align(),
format.splat(),
format.printf(info => `${info.timestamp} ${info.level}: ${info.message}`)
),
transports: [
new transports.Console({
handleExceptions: true
})
],
exitOnError: false
})
logger.stream = {
write: function (message, encoding) {
logger.info(message)
} }
} }
module.exports = new Logger({ module.exports = logger
transports: [
new winston.transports.Console({
level: 'debug',
handleExceptions: true,
json: false,
colorize: false,
timestamp: true
})
],
emitErrs: true,
exitOnError: false
})

View file

@ -20,6 +20,13 @@ module.exports = {
type: Sequelize.INTEGER, type: Sequelize.INTEGER,
defaultValue: 0 defaultValue: 0
}) })
}).catch(function (error) {
if (error.message === 'SQLITE_ERROR: duplicate column name: shortid' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'shortid'" || error.message === 'column "shortid" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
throw error
}
}) })
}, },

View file

@ -7,13 +7,20 @@ module.exports = {
return queryInterface.addColumn('Notes', 'lastchangeAt', { return queryInterface.addColumn('Notes', 'lastchangeAt', {
type: Sequelize.DATE type: Sequelize.DATE
}) })
}).catch(function (error) {
if (error.message === 'SQLITE_ERROR: duplicate column name: lastchangeuserId' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'lastchangeuserId'" || error.message === 'column "lastchangeuserId" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
throw error
}
}) })
}, },
down: function (queryInterface, Sequelize) { down: function (queryInterface, Sequelize) {
return queryInterface.removeColumn('Notes', 'lastchangeAt') return queryInterface.removeColumn('Notes', 'lastchangeAt')
.then(function () { .then(function () {
return queryInterface.removeColumn('Notes', 'lastchangeuserId') return queryInterface.removeColumn('Notes', 'lastchangeuserId')
}) })
} }
} }

View file

@ -7,6 +7,13 @@ module.exports = {
return queryInterface.addIndex('Notes', ['alias'], { return queryInterface.addIndex('Notes', ['alias'], {
indicesType: 'UNIQUE' indicesType: 'UNIQUE'
}) })
}).catch(function (error) {
if (error.message === 'SQLITE_ERROR: duplicate column name: alias' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'alias'" || error.message === 'column "alias" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
throw error
}
}) })
}, },

Some files were not shown because too many files have changed in this diff Show more