mirror of https://github.com/status-im/codimd.git
Merge branch 'master' into frontend-next
This commit is contained in:
commit
3d6b319216
17
README.md
17
README.md
|
@ -140,8 +140,18 @@ Environment variables (will overwrite other server configs)
|
||||||
| HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
|
| HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
|
||||||
| HMD_GOOGLE_CLIENTID | no example | Google API client id |
|
| HMD_GOOGLE_CLIENTID | no example | Google API client id |
|
||||||
| HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
|
| HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
|
||||||
|
| HMD_LDAP_URL | ldap://example.com | url of LDAP server |
|
||||||
|
| HMD_LDAP_BINDDN | no example | bindDn for LDAP access |
|
||||||
|
| HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access |
|
||||||
|
| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens |
|
||||||
|
| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from |
|
||||||
|
| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with |
|
||||||
|
| HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
|
||||||
|
| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format |
|
||||||
|
| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider |
|
||||||
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
|
| HMD_IMGUR_CLIENTID | no example | Imgur API client id |
|
||||||
| HMD_EMAIL | `true` or `false` | set to allow email register and signin |
|
| HMD_EMAIL | `true` or `false` | set to allow email signin |
|
||||||
|
| HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
|
||||||
| HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) |
|
| HMD_IMAGE_UPLOAD_TYPE | `imgur`, `s3` or `filesystem` | Where to upload image. For S3, see our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) |
|
||||||
| HMD_S3_ACCESS_KEY_ID | no example | AWS access key id |
|
| HMD_S3_ACCESS_KEY_ID | no example | AWS access key id |
|
||||||
| HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key |
|
| HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key |
|
||||||
|
@ -185,7 +195,8 @@ Server settings `config.json`
|
||||||
| heartbeatinterval | `5000` | socket.io heartbeat interval |
|
| heartbeatinterval | `5000` | socket.io heartbeat interval |
|
||||||
| heartbeattimeout | `10000` | socket.io heartbeat timeout |
|
| heartbeattimeout | `10000` | socket.io heartbeat timeout |
|
||||||
| documentmaxlength | `100000` | note max length |
|
| documentmaxlength | `100000` | note max length |
|
||||||
| email | `true` or `false` | set to allow email register and signin |
|
| email | `true` or `false` | set to allow email signin |
|
||||||
|
| allowemailregister | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
|
||||||
| imageUploadType | `imgur`(default), `s3` or `filesystem` | Where to upload image
|
| imageUploadType | `imgur`(default), `s3` or `filesystem` | Where to upload image
|
||||||
| s3 | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION", "bucket": "YOUR_S3_BUCKET_NAME" }` | When `imageUploadType` be setted to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) |
|
| s3 | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION", "bucket": "YOUR_S3_BUCKET_NAME" }` | When `imageUploadType` be setted to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) |
|
||||||
|
|
||||||
|
@ -194,7 +205,7 @@ Third-party integration api key settings
|
||||||
|
|
||||||
| service | settings location | description |
|
| service | settings location | description |
|
||||||
| ------- | --------- | ----------- |
|
| ------- | --------- | ----------- |
|
||||||
| facebook, twitter, github, gitlab, dropbox, google | environment variables or `config.json` | for signin |
|
| facebook, twitter, github, gitlab, dropbox, google, ldap | environment variables or `config.json` | for signin |
|
||||||
| imgur | environment variables or `config.json` | for image upload |
|
| imgur | environment variables or `config.json` | for image upload |
|
||||||
| google drive, dropbox | `public/js/config.js` | for export and import |
|
| google drive, dropbox | `public/js/config.js` | for export and import |
|
||||||
|
|
||||||
|
|
66
app.js
66
app.js
|
@ -381,36 +381,50 @@ if (config.google) {
|
||||||
failureRedirect: config.serverurl + '/'
|
failureRedirect: config.serverurl + '/'
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
// ldap auth
|
||||||
|
if (config.ldap) {
|
||||||
|
app.post('/auth/ldap', urlencodedParser, function (req, res, next) {
|
||||||
|
if (!req.body.username || !req.body.password) return response.errorBadRequest(res);
|
||||||
|
setReturnToFromReferer(req);
|
||||||
|
passport.authenticate('ldapauth', {
|
||||||
|
successReturnToOrRedirect: config.serverurl + '/',
|
||||||
|
failureRedirect: config.serverurl + '/',
|
||||||
|
failureFlash: true
|
||||||
|
})(req, res, next);
|
||||||
|
});
|
||||||
|
}
|
||||||
// email auth
|
// email auth
|
||||||
if (config.email) {
|
if (config.email) {
|
||||||
app.post('/register', urlencodedParser, function (req, res, next) {
|
if (config.allowemailregister)
|
||||||
if (!req.body.email || !req.body.password) return response.errorBadRequest(res);
|
app.post('/register', urlencodedParser, function (req, res, next) {
|
||||||
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res);
|
if (!req.body.email || !req.body.password) return response.errorBadRequest(res);
|
||||||
models.User.findOrCreate({
|
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res);
|
||||||
where: {
|
models.User.findOrCreate({
|
||||||
email: req.body.email
|
where: {
|
||||||
},
|
email: req.body.email
|
||||||
defaults: {
|
},
|
||||||
password: req.body.password
|
defaults: {
|
||||||
}
|
password: req.body.password
|
||||||
}).spread(function (user, created) {
|
|
||||||
if (user) {
|
|
||||||
if (created) {
|
|
||||||
if (config.debug) logger.info('user registered: ' + user.id);
|
|
||||||
req.flash('info', "You've successfully registered, please signin.");
|
|
||||||
} else {
|
|
||||||
if (config.debug) logger.info('user found: ' + user.id);
|
|
||||||
req.flash('error', "This email has been used, please try another one.");
|
|
||||||
}
|
}
|
||||||
|
}).spread(function (user, created) {
|
||||||
|
if (user) {
|
||||||
|
if (created) {
|
||||||
|
if (config.debug) logger.info('user registered: ' + user.id);
|
||||||
|
req.flash('info', "You've successfully registered, please signin.");
|
||||||
|
} else {
|
||||||
|
if (config.debug) logger.info('user found: ' + user.id);
|
||||||
|
req.flash('error', "This email has been used, please try another one.");
|
||||||
|
}
|
||||||
|
return res.redirect(config.serverurl + '/');
|
||||||
|
}
|
||||||
|
req.flash('error', "Failed to register your account, please try again.");
|
||||||
return res.redirect(config.serverurl + '/');
|
return res.redirect(config.serverurl + '/');
|
||||||
}
|
}).catch(function (err) {
|
||||||
req.flash('error', "Failed to register your account, please try again.");
|
logger.error('auth callback failed: ' + err);
|
||||||
return res.redirect(config.serverurl + '/');
|
return response.errorInternalError(res);
|
||||||
}).catch(function (err) {
|
});
|
||||||
logger.error('auth callback failed: ' + err);
|
|
||||||
return response.errorInternalError(res);
|
|
||||||
});
|
});
|
||||||
});
|
|
||||||
app.post('/login', urlencodedParser, function (req, res, next) {
|
app.post('/login', urlencodedParser, function (req, res, next) {
|
||||||
if (!req.body.email || !req.body.password) return response.errorBadRequest(res);
|
if (!req.body.email || !req.body.password) return response.errorBadRequest(res);
|
||||||
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res);
|
if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res);
|
||||||
|
@ -627,7 +641,7 @@ process.on('SIGINT', function () {
|
||||||
var checkCleanTimer = setInterval(function () {
|
var checkCleanTimer = setInterval(function () {
|
||||||
if (history.isReady() && realtime.isReady()) {
|
if (history.isReady() && realtime.isReady()) {
|
||||||
models.Revision.checkAllNotesRevision(function (err, notes) {
|
models.Revision.checkAllNotesRevision(function (err, notes) {
|
||||||
if (err) throw new Error(err);
|
if (err) return logger.error(err);
|
||||||
if (!notes || notes.length <= 0) {
|
if (!notes || notes.length <= 0) {
|
||||||
clearInterval(checkCleanTimer);
|
clearInterval(checkCleanTimer);
|
||||||
return process.exit(0);
|
return process.exit(0);
|
||||||
|
|
|
@ -51,6 +51,18 @@
|
||||||
"clientID": "change this",
|
"clientID": "change this",
|
||||||
"clientSecret": "change this"
|
"clientSecret": "change this"
|
||||||
},
|
},
|
||||||
|
"ldap": {
|
||||||
|
"url": "ldap://change_this",
|
||||||
|
"bindDn": null,
|
||||||
|
"bindCredentials": null,
|
||||||
|
"tokenSecret": "change this",
|
||||||
|
"searchBase": "change this",
|
||||||
|
"searchFilter": "change this",
|
||||||
|
"searchAttributes": "change this",
|
||||||
|
"tlsOptions": {
|
||||||
|
"changeme": "See https://nodejs.org/api/tls.html#tls_tls_connect_options_callback"
|
||||||
|
}
|
||||||
|
},
|
||||||
"imgur": {
|
"imgur": {
|
||||||
"clientID": "change this"
|
"clientID": "change this"
|
||||||
}
|
}
|
||||||
|
|
57
lib/auth.js
57
lib/auth.js
|
@ -7,6 +7,7 @@ var GithubStrategy = require('passport-github').Strategy;
|
||||||
var GitlabStrategy = require('passport-gitlab2').Strategy;
|
var GitlabStrategy = require('passport-gitlab2').Strategy;
|
||||||
var DropboxStrategy = require('passport-dropbox-oauth2').Strategy;
|
var DropboxStrategy = require('passport-dropbox-oauth2').Strategy;
|
||||||
var GoogleStrategy = require('passport-google-oauth20').Strategy;
|
var GoogleStrategy = require('passport-google-oauth20').Strategy;
|
||||||
|
var LdapStrategy = require('passport-ldapauth');
|
||||||
var LocalStrategy = require('passport-local').Strategy;
|
var LocalStrategy = require('passport-local').Strategy;
|
||||||
var validator = require('validator');
|
var validator = require('validator');
|
||||||
|
|
||||||
|
@ -110,6 +111,62 @@ if (config.google) {
|
||||||
callbackURL: config.serverurl + '/auth/google/callback'
|
callbackURL: config.serverurl + '/auth/google/callback'
|
||||||
}, callback));
|
}, callback));
|
||||||
}
|
}
|
||||||
|
// ldap
|
||||||
|
if (config.ldap) {
|
||||||
|
passport.use(new LdapStrategy({
|
||||||
|
server: {
|
||||||
|
url: config.ldap.url || null,
|
||||||
|
bindDn: config.ldap.bindDn || null,
|
||||||
|
bindCredentials: config.ldap.bindCredentials || null,
|
||||||
|
searchBase: config.ldap.searchBase || null,
|
||||||
|
searchFilter: config.ldap.searchFilter || null,
|
||||||
|
searchAttributes: config.ldap.searchAttributes || null,
|
||||||
|
tlsOptions: config.ldap.tlsOptions || null
|
||||||
|
},
|
||||||
|
},
|
||||||
|
function(user, done) {
|
||||||
|
var profile = {
|
||||||
|
id: 'LDAP-' + user.uidNumber,
|
||||||
|
username: user.uid,
|
||||||
|
displayName: user.displayName,
|
||||||
|
emails: user.mail ? [user.mail] : [],
|
||||||
|
avatarUrl: null,
|
||||||
|
profileUrl: null,
|
||||||
|
provider: 'ldap',
|
||||||
|
}
|
||||||
|
var stringifiedProfile = JSON.stringify(profile);
|
||||||
|
models.User.findOrCreate({
|
||||||
|
where: {
|
||||||
|
profileid: profile.id.toString()
|
||||||
|
},
|
||||||
|
defaults: {
|
||||||
|
profile: stringifiedProfile,
|
||||||
|
}
|
||||||
|
}).spread(function (user, created) {
|
||||||
|
if (user) {
|
||||||
|
var needSave = false;
|
||||||
|
if (user.profile != stringifiedProfile) {
|
||||||
|
user.profile = stringifiedProfile;
|
||||||
|
needSave = true;
|
||||||
|
}
|
||||||
|
if (needSave) {
|
||||||
|
user.save().then(function () {
|
||||||
|
if (config.debug)
|
||||||
|
logger.info('user login: ' + user.id);
|
||||||
|
return done(null, user);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
if (config.debug)
|
||||||
|
logger.info('user login: ' + user.id);
|
||||||
|
return done(null, user);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}).catch(function (err) {
|
||||||
|
logger.error('ldap auth failed: ' + err);
|
||||||
|
return done(err, null);
|
||||||
|
});
|
||||||
|
}));
|
||||||
|
}
|
||||||
// email
|
// email
|
||||||
if (config.email) {
|
if (config.email) {
|
||||||
passport.use(new LocalStrategy({
|
passport.use(new LocalStrategy({
|
||||||
|
|
|
@ -95,8 +95,44 @@ var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSE
|
||||||
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
clientID: process.env.HMD_GOOGLE_CLIENTID,
|
||||||
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
|
||||||
} : config.google || false;
|
} : config.google || false;
|
||||||
|
var ldap = config.ldap || (
|
||||||
|
process.env.HMD_LDAP_URL ||
|
||||||
|
process.env.HMD_LDAP_BINDDN ||
|
||||||
|
process.env.HMD_LDAP_BINDCREDENTIALS ||
|
||||||
|
process.env.HMD_LDAP_TOKENSECRET ||
|
||||||
|
process.env.HMD_LDAP_SEARCHBASE ||
|
||||||
|
process.env.HMD_LDAP_SEARCHFILTER ||
|
||||||
|
process.env.HMD_LDAP_SEARCHATTRIBUTES ||
|
||||||
|
process.env.HMD_LDAP_PROVIDERNAME
|
||||||
|
) || false;
|
||||||
|
if (ldap == true)
|
||||||
|
ldap = {};
|
||||||
|
if (process.env.HMD_LDAP_URL)
|
||||||
|
ldap.url = process.env.HMD_LDAP_URL;
|
||||||
|
if (process.env.HMD_LDAP_BINDDN)
|
||||||
|
ldap.bindDn = process.env.HMD_LDAP_BINDDN;
|
||||||
|
if (process.env.HMD_LDAP_BINDCREDENTIALS)
|
||||||
|
ldap.bindCredentials = process.env.HMD_LDAP_BINDCREDENTIALS;
|
||||||
|
if (process.env.HMD_LDAP_TOKENSECRET)
|
||||||
|
ldap.tokenSecret = process.env.HMD_LDAP_TOKENSECRET;
|
||||||
|
if (process.env.HMD_LDAP_SEARCHBASE)
|
||||||
|
ldap.searchBase = process.env.HMD_LDAP_SEARCHBASE;
|
||||||
|
if (process.env.HMD_LDAP_SEARCHFILTER)
|
||||||
|
ldap.searchFilter = process.env.HMD_LDAP_SEARCHFILTER;
|
||||||
|
if (process.env.HMD_LDAP_SEARCHATTRIBUTES)
|
||||||
|
ldap.searchAttributes = process.env.HMD_LDAP_SEARCHATTRIBUTES;
|
||||||
|
if (process.env.HMD_LDAP_TLS_CA) {
|
||||||
|
var ca = {
|
||||||
|
ca: process.env.HMD_LDAP_TLS_CA
|
||||||
|
}
|
||||||
|
ldap.tlsOptions = ldap.tlsOptions ? Object.assign(ldap.tlsOptions, ca) : ca
|
||||||
|
}
|
||||||
|
if (process.env.HMD_LDAP_PROVIDERNAME) {
|
||||||
|
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
|
||||||
|
}
|
||||||
var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
|
var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
|
||||||
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email;
|
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email;
|
||||||
|
var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true);
|
||||||
|
|
||||||
function getserverurl() {
|
function getserverurl() {
|
||||||
var url = '';
|
var url = '';
|
||||||
|
@ -156,8 +192,10 @@ module.exports = {
|
||||||
gitlab: gitlab,
|
gitlab: gitlab,
|
||||||
dropbox: dropbox,
|
dropbox: dropbox,
|
||||||
google: google,
|
google: google,
|
||||||
|
ldap: ldap,
|
||||||
imgur: imgur,
|
imgur: imgur,
|
||||||
email: email,
|
email: email,
|
||||||
|
allowemailregister: allowemailregister,
|
||||||
imageUploadType: imageUploadType,
|
imageUploadType: imageUploadType,
|
||||||
s3: s3,
|
s3: s3,
|
||||||
s3bucket: s3bucket
|
s3bucket: s3bucket
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
// external modules
|
||||||
|
var randomcolor = require('randomcolor');
|
||||||
|
|
||||||
|
// core
|
||||||
|
module.exports = function(name) {
|
||||||
|
var color = randomcolor({
|
||||||
|
seed: name,
|
||||||
|
luminosity: 'dark'
|
||||||
|
});
|
||||||
|
var letter = name.substring(0, 1).toUpperCase();
|
||||||
|
|
||||||
|
var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>';
|
||||||
|
svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">';
|
||||||
|
svg += '<g>';
|
||||||
|
svg += '<rect width="96" height="96" fill="' + color + '" />';
|
||||||
|
svg += '<text font-size="64px" font-family="sans-serif" text-anchor="middle" fill="#ffffff">';
|
||||||
|
svg += '<tspan x="48" y="72" stroke-width=".26458px" fill="#ffffff">' + letter + '</tspan>';
|
||||||
|
svg += '</text>';
|
||||||
|
svg += '</g>';
|
||||||
|
svg += '</svg>';
|
||||||
|
|
||||||
|
return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64');
|
||||||
|
};
|
|
@ -23,7 +23,7 @@ var logger = require("../logger.js");
|
||||||
var ot = require("../ot/index.js");
|
var ot = require("../ot/index.js");
|
||||||
|
|
||||||
// permission types
|
// permission types
|
||||||
var permissionTypes = ["freely", "editable", "locked", "private"];
|
var permissionTypes = ["freely", "editable", "limited", "locked", "protected", "private"];
|
||||||
|
|
||||||
module.exports = function (sequelize, DataTypes) {
|
module.exports = function (sequelize, DataTypes) {
|
||||||
var Note = sequelize.define("Note", {
|
var Note = sequelize.define("Note", {
|
||||||
|
|
|
@ -7,6 +7,7 @@ var scrypt = require('scrypt');
|
||||||
|
|
||||||
// core
|
// core
|
||||||
var logger = require("../logger.js");
|
var logger = require("../logger.js");
|
||||||
|
var letterAvatars = require('../letter-avatars.js');
|
||||||
|
|
||||||
module.exports = function (sequelize, DataTypes) {
|
module.exports = function (sequelize, DataTypes) {
|
||||||
var User = sequelize.define("User", {
|
var User = sequelize.define("User", {
|
||||||
|
@ -105,6 +106,16 @@ module.exports = function (sequelize, DataTypes) {
|
||||||
case "google":
|
case "google":
|
||||||
photo = profile.photos[0].value.replace(/(\?sz=)\d*$/i, '$196');
|
photo = profile.photos[0].value.replace(/(\?sz=)\d*$/i, '$196');
|
||||||
break;
|
break;
|
||||||
|
case "ldap":
|
||||||
|
//no image api provided,
|
||||||
|
//use gravatar if email exists,
|
||||||
|
//otherwise generate a letter avatar
|
||||||
|
if (profile.emails[0]) {
|
||||||
|
photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0]) + '?s=96';
|
||||||
|
} else {
|
||||||
|
photo = letterAvatars(profile.username);
|
||||||
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
return photo;
|
return photo;
|
||||||
},
|
},
|
||||||
|
|
|
@ -374,7 +374,7 @@ function finishConnection(socket, note, user) {
|
||||||
return interruptConnection(socket, note, user);
|
return interruptConnection(socket, note, user);
|
||||||
}
|
}
|
||||||
//check view permission
|
//check view permission
|
||||||
if (note.permission == 'private') {
|
if (note.permission == 'limited' || note.permission == 'protected' || note.permission == 'private') {
|
||||||
if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
|
if (socket.request.user && socket.request.user.logged_in && socket.request.user.id == note.owner) {
|
||||||
//na
|
//na
|
||||||
} else {
|
} else {
|
||||||
|
@ -618,12 +618,12 @@ function ifMayEdit(socket, callback) {
|
||||||
case "freely":
|
case "freely":
|
||||||
//not blocking anyone
|
//not blocking anyone
|
||||||
break;
|
break;
|
||||||
case "editable":
|
case "editable": case "limited":
|
||||||
//only login user can change
|
//only login user can change
|
||||||
if (!socket.request.user || !socket.request.user.logged_in)
|
if (!socket.request.user || !socket.request.user.logged_in)
|
||||||
mayEdit = false;
|
mayEdit = false;
|
||||||
break;
|
break;
|
||||||
case "locked": case "private":
|
case "locked": case "private": case "protected":
|
||||||
//only owner can change
|
//only owner can change
|
||||||
if (!note.owner || note.owner != socket.request.user.id)
|
if (!note.owner || note.owner != socket.request.user.id)
|
||||||
mayEdit = false;
|
mayEdit = false;
|
||||||
|
@ -652,17 +652,25 @@ function operationCallback(socket, operation) {
|
||||||
if (!user) return;
|
if (!user) return;
|
||||||
userId = socket.request.user.id;
|
userId = socket.request.user.id;
|
||||||
if (!note.authors[userId]) {
|
if (!note.authors[userId]) {
|
||||||
models.Author.create({
|
models.Author.findOrCreate({
|
||||||
noteId: noteId,
|
where: {
|
||||||
userId: userId,
|
noteId: noteId,
|
||||||
color: user.color
|
userId: userId
|
||||||
}).then(function (author) {
|
},
|
||||||
note.authors[author.userId] = {
|
defaults: {
|
||||||
userid: author.userId,
|
noteId: noteId,
|
||||||
color: author.color,
|
userId: userId,
|
||||||
photo: user.photo,
|
color: user.color
|
||||||
name: user.name
|
}
|
||||||
};
|
}).spread(function (author, created) {
|
||||||
|
if (author) {
|
||||||
|
note.authors[author.userId] = {
|
||||||
|
userid: author.userId,
|
||||||
|
color: author.color,
|
||||||
|
photo: user.photo,
|
||||||
|
name: user.name
|
||||||
|
};
|
||||||
|
}
|
||||||
}).catch(function (err) {
|
}).catch(function (err) {
|
||||||
return logger.error('operation callback failed: ' + err);
|
return logger.error('operation callback failed: ' + err);
|
||||||
});
|
});
|
||||||
|
@ -782,7 +790,7 @@ function connection(socket) {
|
||||||
var sock = note.socks[i];
|
var sock = note.socks[i];
|
||||||
if (typeof sock !== 'undefined' && sock) {
|
if (typeof sock !== 'undefined' && sock) {
|
||||||
//check view permission
|
//check view permission
|
||||||
if (permission == 'private') {
|
if (permission == 'limited' || permission == 'protected' || permission == 'private') {
|
||||||
if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
|
if (sock.request.user && sock.request.user.logged_in && sock.request.user.id == note.owner) {
|
||||||
//na
|
//na
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -66,7 +66,9 @@ function showIndex(req, res, next) {
|
||||||
gitlab: config.gitlab,
|
gitlab: config.gitlab,
|
||||||
dropbox: config.dropbox,
|
dropbox: config.dropbox,
|
||||||
google: config.google,
|
google: config.google,
|
||||||
|
ldap: config.ldap,
|
||||||
email: config.email,
|
email: config.email,
|
||||||
|
allowemailregister: config.allowemailregister,
|
||||||
signin: req.isAuthenticated(),
|
signin: req.isAuthenticated(),
|
||||||
infoMessage: req.flash('info'),
|
infoMessage: req.flash('info'),
|
||||||
errorMessage: req.flash('error')
|
errorMessage: req.flash('error')
|
||||||
|
@ -94,6 +96,7 @@ function responseHackMD(res, note) {
|
||||||
gitlab: config.gitlab,
|
gitlab: config.gitlab,
|
||||||
dropbox: config.dropbox,
|
dropbox: config.dropbox,
|
||||||
google: config.google,
|
google: config.google,
|
||||||
|
ldap: config.ldap,
|
||||||
email: config.email
|
email: config.email
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -122,6 +125,11 @@ function checkViewPermission(req, note) {
|
||||||
return false;
|
return false;
|
||||||
else
|
else
|
||||||
return true;
|
return true;
|
||||||
|
} else if (note.permission == 'limited' || note.permission == 'protected') {
|
||||||
|
if( !req.isAuthenticated() ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -85,6 +85,7 @@
|
||||||
"passport-github": "^1.1.0",
|
"passport-github": "^1.1.0",
|
||||||
"passport-gitlab2": "^2.2.0",
|
"passport-gitlab2": "^2.2.0",
|
||||||
"passport-google-oauth20": "^1.0.0",
|
"passport-google-oauth20": "^1.0.0",
|
||||||
|
"passport-ldapauth": "^0.6.0",
|
||||||
"passport-local": "^1.0.0",
|
"passport-local": "^1.0.0",
|
||||||
"passport-twitter": "^1.0.4",
|
"passport-twitter": "^1.0.4",
|
||||||
"passport.socketio": "^3.7.0",
|
"passport.socketio": "^3.7.0",
|
||||||
|
|
|
@ -240,6 +240,9 @@ body {
|
||||||
}
|
}
|
||||||
.dropdown-menu > li > a {
|
.dropdown-menu > li > a {
|
||||||
cursor: pointer;
|
cursor: pointer;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
max-width: calc(100vw - 30px);
|
||||||
|
overflow: hidden;
|
||||||
}
|
}
|
||||||
.dropdown-menu.CodeMirror-other-cursor {
|
.dropdown-menu.CodeMirror-other-cursor {
|
||||||
transition: none;
|
transition: none;
|
||||||
|
|
|
@ -3,7 +3,7 @@ body {
|
||||||
font-smoothing: subpixel-antialiased !important;
|
font-smoothing: subpixel-antialiased !important;
|
||||||
-webkit-font-smoothing: subpixel-antialiased !important;
|
-webkit-font-smoothing: subpixel-antialiased !important;
|
||||||
-moz-osx-font-smoothing: auto !important;
|
-moz-osx-font-smoothing: auto !important;
|
||||||
text-shadow: 1px 1px 1.2px rgba(0, 0, 0, 0.004);
|
text-shadow: 0 0 1em transparent, 1px 1px 1.2px rgba(0, 0, 0, 0.004);
|
||||||
/*text-rendering: optimizeLegibility;*/
|
/*text-rendering: optimizeLegibility;*/
|
||||||
-webkit-overflow-scrolling: touch;
|
-webkit-overflow-scrolling: touch;
|
||||||
font-family: "Source Sans Pro", Helvetica, Arial, sans-serif;
|
font-family: "Source Sans Pro", Helvetica, Arial, sans-serif;
|
||||||
|
|
|
@ -118,9 +118,11 @@ $(".ui-history").click(() => {
|
||||||
|
|
||||||
function checkHistoryList() {
|
function checkHistoryList() {
|
||||||
if ($("#history-list").children().length > 0) {
|
if ($("#history-list").children().length > 0) {
|
||||||
|
$('.pagination').show();
|
||||||
$(".ui-nohistory").hide();
|
$(".ui-nohistory").hide();
|
||||||
$(".ui-import-from-browser").hide();
|
$(".ui-import-from-browser").hide();
|
||||||
} else if ($("#history-list").children().length == 0) {
|
} else if ($("#history-list").children().length == 0) {
|
||||||
|
$('.pagination').hide();
|
||||||
$(".ui-nohistory").slideDown();
|
$(".ui-nohistory").slideDown();
|
||||||
getStorageHistory(data => {
|
getStorageHistory(data => {
|
||||||
if (data && data.length > 0 && getLoginState() && historyList.items.length == 0) {
|
if (data && data.length > 0 && getLoginState() && historyList.items.length == 0) {
|
||||||
|
|
|
@ -861,7 +861,9 @@ window.ui = {
|
||||||
freely: $(".ui-permission-freely"),
|
freely: $(".ui-permission-freely"),
|
||||||
editable: $(".ui-permission-editable"),
|
editable: $(".ui-permission-editable"),
|
||||||
locked: $(".ui-permission-locked"),
|
locked: $(".ui-permission-locked"),
|
||||||
private: $(".ui-permission-private")
|
private: $(".ui-permission-private"),
|
||||||
|
limited: $(".ui-permission-limited"),
|
||||||
|
protected: $(".ui-permission-protected")
|
||||||
},
|
},
|
||||||
delete: $(".ui-delete-note")
|
delete: $(".ui-delete-note")
|
||||||
},
|
},
|
||||||
|
@ -2251,6 +2253,14 @@ ui.infobar.permission.locked.click(function () {
|
||||||
ui.infobar.permission.private.click(function () {
|
ui.infobar.permission.private.click(function () {
|
||||||
emitPermission("private");
|
emitPermission("private");
|
||||||
});
|
});
|
||||||
|
//limited
|
||||||
|
ui.infobar.permission.limited.click(function() {
|
||||||
|
emitPermission("limited");
|
||||||
|
});
|
||||||
|
//protected
|
||||||
|
ui.infobar.permission.protected.click(function() {
|
||||||
|
emitPermission("protected");
|
||||||
|
});
|
||||||
// delete note
|
// delete note
|
||||||
ui.infobar.delete.click(function () {
|
ui.infobar.delete.click(function () {
|
||||||
$('.delete-modal').modal('show');
|
$('.delete-modal').modal('show');
|
||||||
|
@ -2281,10 +2291,18 @@ function updatePermission(newPermission) {
|
||||||
label = '<i class="fa fa-shield"></i> Editable';
|
label = '<i class="fa fa-shield"></i> Editable';
|
||||||
title = "Signed people can edit";
|
title = "Signed people can edit";
|
||||||
break;
|
break;
|
||||||
|
case "limited":
|
||||||
|
label = '<i class="fa fa-id-card"></i> Limited';
|
||||||
|
title = "Signed people can edit (forbid guest)"
|
||||||
|
break;
|
||||||
case "locked":
|
case "locked":
|
||||||
label = '<i class="fa fa-lock"></i> Locked';
|
label = '<i class="fa fa-lock"></i> Locked';
|
||||||
title = "Only owner can edit";
|
title = "Only owner can edit";
|
||||||
break;
|
break;
|
||||||
|
case "protected":
|
||||||
|
label = '<i class="fa fa-umbrella"></i> Protected';
|
||||||
|
title = "Only owner can edit (forbid guest)";
|
||||||
|
break;
|
||||||
case "private":
|
case "private":
|
||||||
label = '<i class="fa fa-hand-stop-o"></i> Private';
|
label = '<i class="fa fa-hand-stop-o"></i> Private';
|
||||||
title = "Only owner can view & edit";
|
title = "Only owner can view & edit";
|
||||||
|
@ -2306,6 +2324,7 @@ function havePermission() {
|
||||||
bool = true;
|
bool = true;
|
||||||
break;
|
break;
|
||||||
case "editable":
|
case "editable":
|
||||||
|
case "limited":
|
||||||
if (!personalInfo.login) {
|
if (!personalInfo.login) {
|
||||||
bool = false;
|
bool = false;
|
||||||
} else {
|
} else {
|
||||||
|
@ -2314,6 +2333,7 @@ function havePermission() {
|
||||||
break;
|
break;
|
||||||
case "locked":
|
case "locked":
|
||||||
case "private":
|
case "private":
|
||||||
|
case "protected":
|
||||||
if (!owner || personalInfo.userid != owner) {
|
if (!owner || personalInfo.userid != owner) {
|
||||||
bool = false;
|
bool = false;
|
||||||
} else {
|
} else {
|
||||||
|
@ -2930,14 +2950,14 @@ function sortOnlineUserList(list) {
|
||||||
else if (usera.idle && !userb.idle)
|
else if (usera.idle && !userb.idle)
|
||||||
return 1;
|
return 1;
|
||||||
else {
|
else {
|
||||||
if (usera.name && usera.name.toLowerCase() < userb.name.toLowerCase()) {
|
if (usera.name && userb.name && usera.name.toLowerCase() < userb.name.toLowerCase()) {
|
||||||
return -1;
|
return -1;
|
||||||
} else if (usera.name && usera.name.toLowerCase() > userb.name.toLowerCase()) {
|
} else if (usera.name && userb.name && usera.name.toLowerCase() > userb.name.toLowerCase()) {
|
||||||
return 1;
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
if (usera.color && usera.color.toLowerCase() < userb.color.toLowerCase())
|
if (usera.color && userb.color && usera.color.toLowerCase() < userb.color.toLowerCase())
|
||||||
return -1;
|
return -1;
|
||||||
else if (usera.color && usera.color.toLowerCase() > userb.color.toLowerCase())
|
else if (usera.color && userb.color && usera.color.toLowerCase() > userb.color.toLowerCase())
|
||||||
return 1;
|
return 1;
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -17,7 +17,9 @@
|
||||||
<ul class="dropdown-menu" aria-labelledby="permissionLabel">
|
<ul class="dropdown-menu" aria-labelledby="permissionLabel">
|
||||||
<li class="ui-permission-freely"<% if(!allowAnonymous) { %> style="display: none;"<% } %>><a><i class="fa fa-leaf fa-fw"></i> Freely - Anyone can edit</a></li>
|
<li class="ui-permission-freely"<% if(!allowAnonymous) { %> style="display: none;"<% } %>><a><i class="fa fa-leaf fa-fw"></i> Freely - Anyone can edit</a></li>
|
||||||
<li class="ui-permission-editable"><a><i class="fa fa-shield fa-fw"></i> Editable - Signed people can edit</a></li>
|
<li class="ui-permission-editable"><a><i class="fa fa-shield fa-fw"></i> Editable - Signed people can edit</a></li>
|
||||||
|
<li class="ui-permission-limited"><a><i class="fa fa-id-card fa-fw"></i> Limited - Signed people can edit (forbid guest)</a></li>
|
||||||
<li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li>
|
<li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li>
|
||||||
|
<li class="ui-permission-protected"><a><i class="fa fa-umbrella fa-fw"></i> Protected - Only owner can edit (forbid guest)</a></li>
|
||||||
<li class="ui-permission-private"><a><i class="fa fa-hand-stop-o fa-fw"></i> Private - Only owner can view & edit</a></li>
|
<li class="ui-permission-private"><a><i class="fa fa-hand-stop-o fa-fw"></i> Private - Only owner can view & edit</a></li>
|
||||||
<li class="divider"></li>
|
<li class="divider"></li>
|
||||||
<li class="ui-delete-note"><a><i class="fa fa-trash-o fa-fw"></i> Delete this note</a></li>
|
<li class="ui-delete-note"><a><i class="fa fa-trash-o fa-fw"></i> Delete this note</a></li>
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
<% if (errorMessage && errorMessage.length > 0) { %>
|
<% if (errorMessage && errorMessage.length > 0) { %>
|
||||||
<div class="alert alert-danger" style="max-width: 400px; margin: 0 auto;"><%= errorMessage %></div>
|
<div class="alert alert-danger" style="max-width: 400px; margin: 0 auto;"><%= errorMessage %></div>
|
||||||
<% } %>
|
<% } %>
|
||||||
<% if(facebook || twitter || github || gitlab || dropbox || google || email) { %>
|
<% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %>
|
||||||
<span class="ui-signin">
|
<span class="ui-signin">
|
||||||
<br>
|
<br>
|
||||||
<a type="button" class="btn btn-lg btn-success ui-signin" data-toggle="modal" data-target=".signin-modal" style="min-width: 170px;"><%= __('Sign In') %></a>
|
<a type="button" class="btn btn-lg btn-success ui-signin" data-toggle="modal" data-target=".signin-modal" style="min-width: 170px;"><%= __('Sign In') %></a>
|
||||||
|
@ -98,7 +98,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div id="history" class="section"<% if(!signin) { %> style="display:none;"<% } %>>
|
<div id="history" class="section"<% if(!signin) { %> style="display:none;"<% } %>>
|
||||||
<% if(facebook || twitter || github || gitlab || dropbox || google || email) { %>
|
<% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %>
|
||||||
<div class="ui-signin">
|
<div class="ui-signin">
|
||||||
<p><%= __('Below is the history from browser') %></p>
|
<p><%= __('Below is the history from browser') %></p>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -38,7 +38,32 @@
|
||||||
<i class="fa fa-google"></i> <%= __('Sign in via %s', 'Google') %>
|
<i class="fa fa-google"></i> <%= __('Sign in via %s', 'Google') %>
|
||||||
</a>
|
</a>
|
||||||
<% } %>
|
<% } %>
|
||||||
<% if((facebook || twitter || github || gitlab || dropbox || google) && email) { %>
|
<% if((facebook || twitter || github || gitlab || dropbox || google) && ldap) { %>
|
||||||
|
<hr>
|
||||||
|
<% }%>
|
||||||
|
<% if(ldap) { %>
|
||||||
|
<h4>Via <% if (ldap.providerName) { %> <%- ldap.providerName %> (LDAP) <% } else { %> LDAP <% } %></h4>
|
||||||
|
<form data-toggle="validator" role="form" class="form-horizontal" method="post" enctype="application/x-www-form-urlencoded">
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
<input type="username" class="form-control" name="username" placeholder="Username" required>
|
||||||
|
<span class="help-block control-label with-errors" style="display: inline;"></span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
<input type="password" class="form-control" name="password" placeholder="Password" required>
|
||||||
|
<span class="help-block control-label with_errors" style="display: inline;"></span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
<button type="submit" class="btn btn-primary" formaction="<%- url %>/auth/ldap">Sign in</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
<% } %>
|
||||||
|
<% if((facebook || twitter || github || gitlab || dropbox || google || ldap) && email) { %>
|
||||||
<hr>
|
<hr>
|
||||||
<% }%>
|
<% }%>
|
||||||
<% if(email) { %>
|
<% if(email) { %>
|
||||||
|
@ -59,7 +84,7 @@
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="col-sm-12">
|
<div class="col-sm-12">
|
||||||
<button type="submit" class="btn btn-primary" formaction="<%- url %>/login">Sign in</button>
|
<button type="submit" class="btn btn-primary" formaction="<%- url %>/login">Sign in</button>
|
||||||
<button type="submit" class="btn btn-default" formaction="<%- url %>/register">Register</button>
|
<% if(allowemailregister) { %><button type="submit" class="btn btn-default" formaction="<%- url %>/register">Register</button><% }%>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
Loading…
Reference in New Issue