Commit Graph

652 Commits

Author SHA1 Message Date
BoHong Li d5f5bdaa57
refactor: fix lint on lib/web/auth/oauth2/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:29 +08:00
BoHong Li 3be119ded1
refactor: fix lint on lib/web/auth/mattermost/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:28 +08:00
BoHong Li d8cde49a9c
refactor: fix lint on lib/web/auth/ldap/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:28 +08:00
BoHong Li df9eaf7fc4
refactor: fix lint on lib/web/auth/google/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:28 +08:00
BoHong Li 41500310b0
refactor: fix lint on lib/web/auth/gitlab/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:28 +08:00
BoHong Li 09f2a04bc0
refactor: fix lint on lib/web/auth/github/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:27 +08:00
BoHong Li 446d38a842
refactor: fix lint on lib/web/auth/facebook/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:27 +08:00
BoHong Li 7c8ade8258
refactor: fix lint on lib/web/auth/email/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:27 +08:00
BoHong Li ff72618a9c
refactor: fix lint on lib/web/auth/dropbox/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:26 +08:00
BoHong Li 7eecb4a0d7
refactor: fix lint on lib/models/note.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:26 +08:00
BoHong Li 898174426c
refactor: fix lint on lib/config/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:26 +08:00
Max Wu ddfea4baee fix: add default value for plantuml server and use https
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-08-03 21:23:28 +08:00
Max Wu 75513fae85
Add plantuml support (#1096)
Add plantuml support
2019-08-01 23:43:41 +08:00
BoHong Li 66fa2afaff
feat: change guest random nameing to chance.animal()
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-01 11:24:02 +08:00
Chulki Lee 1d7895c869 Add plantuml support
Signed-off-by: Chulki Lee <chulki.lee@gmail.com>
2019-07-31 10:02:07 -07:00
Max Wu 62918134c0
Merge branch 'develop' into feature/lutim 2019-08-01 00:22:23 +08:00
Max Wu 0af9bfb015
Merge branch 'master' into feature/disableRequestedAuthnContext-config-option 2019-07-31 23:35:50 +08:00
BoHong Li c628737411
Merge branch 'develop' into refactor-realtime
Signed-off-by: BoHong Li <raccoon@hackmd.io>

# Conflicts:
#	README.md
#	package.json
2019-07-30 18:20:09 +08:00
BoHong Li 0f51d1e306
fix: change note permission cause error
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-07-30 18:09:17 +08:00
Max Wu f1680ef7fa fix: code style
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-07-28 20:04:41 +08:00
Toshinori Notake 4e91268e1f Make toobusy.maxLag configurable
Signed-off-by: Toshinori Notake <toshi.notake.43568@gmail.com>
2019-07-18 13:57:14 +09:00
BoHong Li a6036cb70b
refactor: back to use js-standard
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:08 +08:00
BoHong Li 1ac6434ab7
refactor(realtime): parseNoteIdFromSocket to async-await style function
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:08 +08:00
BoHong Li 17e82c11c9
refactor(realtime): connection flow to queue
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:07 +08:00
BoHong Li 0b03b8e9ba
refactor(realtime): ifMayEdit
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:07 +08:00
BoHong Li e773182db0
refactor(realtime): updateNote
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:07 +08:00
BoHong Li 2dedc84e28
refactor(realtime): extract "save note as revision" to job
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:06 +08:00
BoHong Li ab37a33e0b
refactor(realtime): add test case for clean dangling user
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:06 +08:00
BoHong Li d8b18ee241
refactor(realtime): disconnect flow
1. use queue for queueing disconnect request

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:06 +08:00
BoHong Li f892c68e30
refactor(realtime): update dirty note job
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:06 +08:00
BoHong Li 0352057c8b
refactor(realtime): extract "update dirty note" to new job
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:05 +08:00
BoHong Li 702fc48fa8
refactor(realtime): extract "SocketClient" to separate class "RealtimeClientConnection"
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:05 +08:00
BoHong Li f317171aa0
refactor(realtime): extract user event "permission" to SocketClient
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:05 +08:00
BoHong Li 968c12ff6c
refactor(realtime: extract user event "delete" to SocketClient
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:04 +08:00
BoHong Li b17f417af4
feat(realtime): add queue for connect and disconnect queue
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:04 +08:00
BoHong Li ff72d99269
refactor(realtime): extract user event "online users" to SocketClient
1. extract user event "online users" to SocketClient
2. add test case for that

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:04 +08:00
BoHong Li c4276e1c28
refactor(realtime): extract user event "online users" to SocketClient
1. extract user event "online users" to SocketClient
2. add test case for that

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:03 +08:00
BoHong Li b33c91f41d
refactor(realtime): extract user event "version" to SocketClient
1. extract user event "version" to SocketClient
2. add test case for that

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:03 +08:00
BoHong Li 3259bd0f11
refactor(realtime): extract user event "cursor" related
1. move "cursor focus", "cursor activity", "cursor blur" event handler to SocketClient
2. add test case for that

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:03 +08:00
BoHong Li 8171860d47
refactor(realtime): extract user event "disconnect" to ClientSocket
1. extract user event "disconnect" to ClientSocket
2. add test case

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:02 +08:00
BoHong Li 48cebc0ccc
refactor(realtime): extract "refresh" and "user status" to class
1. extract client socket event handler "refresh" and "user status"
to SocketClient class
2. add testcase for this changes

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:02 +08:00
BoHong Li 85fc2297ac
fix(realtime): compatible extractNoteIdFromSocket failed
fixed url parsed method and add testcase for extractNoteIdFromSocket

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:02 +08:00
GHOUL Nadir 779fa59dbb Adding an error code to the `{"status":"forbidden"}` response
Signed-off-by: Ghoul Nadir <nadir.ghoul@outlook.com>
2019-05-04 00:18:28 +02:00
Raccoon 440661f1ce
Merge pull request #1196 from toshi0123/fix_avoiding_crash
Fix avoiding crash if URL is invalid
2019-04-30 18:40:18 +08:00
BoHong Li fc642e0d14
fix: migration should return promise
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-20 01:00:14 +08:00
toshi0123 eff6e04e2b
Fix avoiding crash if URL is invalid
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
2019-04-18 19:10:46 +09:00
BoHong Li 4e596d724d
Merge branch 'develop' of github.com:hackmdio/codimd into develop 2019-04-15 14:11:50 +08:00
BoHong Li 038803505c
doc: add default setting and README 2019-04-15 14:10:54 +08:00
Raccoon 48a68e015b
Merge pull request #1095 from Thor77/fix-1094
Hide default ports from minio image upload urls
2019-04-15 13:48:44 +08:00
Raccoon d127b8ef7f
Merge pull request #1142 from dg-i/configurable-s3-endpoint
Make AWS S3 endpoint configurable
2019-04-15 13:37:33 +08:00
BoHong Li 8c26107ab1
fix: lint
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-15 13:36:44 +08:00
Raccoon 43c0bff8c4
Merge pull request #1179 from cdancette/update-history-on-creation
Update history on note creation
2019-04-15 13:26:30 +08:00
BoHong Li 6c137ae6ed
fix: mattermost has been deprecated, use mattermost-redux instead it.
1. change mattermost color and gitlab color to official color
2. Add mattermost icon because Fork-awesome/font-awesome doesn’t provide mattermost icon

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-15 13:03:31 +08:00
BoHong Li c532742206
refactor: fix lint warning on config
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:46 +08:00
BoHong Li ee7eea6f91
refactor: fix lint warning on models and migrations
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:39 +08:00
BoHong Li a34e6a7245
refactor: fix lint warning on lib/auth
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:35 +08:00
BoHong Li 8d9a6f38c7
refactor: fix lint warning on lib/web/imageRouter
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:30 +08:00
BoHong Li 319bf6d8b8
refactor: fix lint warning on lib/web/historyRouter.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:23 +08:00
BoHong Li 1e5b4a4382
refactor: fix lint warning on lib/web/noterouter.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:18 +08:00
BoHong Li a52fd0b3f9
refactor: fix lint warning on lib/web/statusRouter.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:10 +08:00
BoHong Li 550e6a831d
refactor: fix lint warning on lib/web/userRouter.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:05 +08:00
BoHong Li 79c6a77d18
refactor: fix lint warning on lib/letter-avatars.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:59 +08:00
BoHong Li f2c8c11ea4
refactor: fix lint warning on lib/logger.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:54 +08:00
BoHong Li 0883595e95
refactor: fix lint warning on lib/response.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:52 +08:00
BoHong Li 4ae1c0ab3e
refactor: replace lz-string with @hackmd/lz-string
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 67707d097f
fix: remove string.js for sucurity issue
1. Upgrade Imgur to fix npm install
2. Upgrade less version for security
3. Change package name in package.json to fit npm package.json rule

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 1150dbe73a
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:21 +08:00
BoHong Li 7fcfbae89f
feat: replace imgur with @hackmd/imgur
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:21 +08:00
BoHong Li 651c11f92a
refactor: replace diff-match-patch to @hackmd/diff-match-patch
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 19:35:12 +08:00
BoHong Li a68d19bc22
fix: scrypt cannot build on some platform, revert the change library commit
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 18:34:31 +08:00
Corentin c078d2d304 Update history on note creation
Signed-off-by: Corentin <corentin@cdancette.fr>
2019-03-24 17:46:11 +01:00
Christoph (Sheogorath) Kern 329d39d0d0
Merge pull request #1131 from SISheogorath/fix/gitlabSnippets
Fix shown but broken GitLab snippets
2019-03-09 14:50:47 +01:00
Sheogorath cda878d377
Add required change for Google+ API deprecation
Since Google+ is shutting down soon, we need to get the profile data
from another URL. Since the library already supports it, all we need to
do is adding a single line of code.

Details:
https://github.com/hackmdio/codimd/issues/1160

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 14:42:06 +01:00
Sheogorath bcb7972607
Fix shown but broken GitLab snippets
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.

This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-05 18:16:04 +01:00
Christoph (Sheogorath) Kern de0acbb566
Merge pull request #1153 from toshi0123/for_empty_serverurl
Fix empty serverURL did not redirect properly
2019-03-05 18:11:37 +01:00
Sheogorath b51a048777
Fix wrong value type for HSTS environment variable
Seem like also environment variables are affected. This patch fixes that
as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 17:13:43 +01:00
toshi0123 6aab032709 Fix empty serverURL did not redirect properly
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
2019-03-04 13:59:14 +09:00
Sheogorath 1ee9874393
Fix names with spaces in letter-avatars
Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-03 15:46:28 +01:00
Mathias Merscher 9613197f5d
make aws s3 endpoint configurable
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
2019-02-11 17:45:24 +01:00
Dylan Dervaux 590b2f9c7d Add default config for lutim
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-02-01 13:42:12 +01:00
Dylan Dervaux 492d38b5ed Add lutim in image upload providers validator
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-02-01 12:36:58 +01:00
Dylan Dervaux 8557133fbe Add imageRouter handler for lutim
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-02-01 12:35:44 +01:00
Sheogorath 806f403045
Disable OpenID by default
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.

This patch disables OpenID by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-25 19:31:34 +01:00
Sheogorath 4e81079050
Fix broken PDF export by wrong unlink call
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.

This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 13:02:53 +01:00
Daan Sprenkels f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
Christoph (Sheogorath) Kern f9cc2ff0ef
Merge pull request #1105 from SISheogorath/fix/gistCSP
Fix broken Gist embedding
2018-12-21 18:39:22 +01:00
Daan Sprenkels 8835a09d95 Update upload provider error message
Fixes #1107.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-21 15:30:06 +01:00
Sheogorath 0f9e367015
Fix broken Gist embedding
Looks like GitHub changed their asset system and our CSP prevented them
from getting loaded.

This patch should fix the Gist embedding with enabled CSP by replacing
the old URL `https://assets-cdn.github.com` with the new
`https://github.githubassets.com`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-20 22:49:25 +01:00
Christoph (Sheogorath) Kern f492fea418
Merge pull request #1103 from SISheogorath/fix/localImageUpload
Fix usage of new URL API
2018-12-20 22:42:17 +01:00
Sheogorath 0621d7a72d
Fix usage of new URL API
Due to the deprecation of the old `url`-API provided by NodeJS we
replaced `url.resolve` with `url.URL.resolve`, which doesn't exist.

This patch fixes the local filesystem upload of CodiMD by using the new
API correctly. Creating an URL object and using its href.

Some more background:
https://nodejs.org/api/url.html#url_url_href
https://nodejs.org/api/url.html#url_url_resolve_from_to

Fixes https://github.com/hackmdio/codimd/issues/1102

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-18 14:52:18 +01:00
Thor77 87ba625d46 Remove checks for protocol before removing port
Signed-off-by: Thor77 <thor77@thor77.org>
2018-12-12 12:47:07 +01:00
Emmanuel Ormancey d73063922c Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2018-12-12 10:40:24 +01:00
Thor77 e928893cfe
Hide port from minio URL for protocol default port
Signed-off-by: Thor77 <thor77@thor77.org>
2018-12-11 23:00:24 +01:00
Christoph (Sheogorath) Kern 7f0fe6903c
Merge pull request #1091 from SISheogorath/fix/speakerNotesCSP
Fix CSP for speaker notes
2018-12-06 10:35:41 +01:00
Sheogorath ecee16bd73
Fix disqus CSP
Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.

This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 13:17:14 +01:00
Sheogorath a556575b91
Fix CSP for speaker notes
Looks like I was wrong in my previous commit to update revealjs.[1]

The speaker notes broke again with the CSPs. So this patch updates the
hash and this way the speaker notes.

[1]: bcebf1e8d2

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-05 11:32:14 +01:00
Christoph (Sheogorath) Kern 786140331b
Merge pull request #1086 from SISheogorath/feature/urlWarning
Warn on missing serverURL
2018-12-01 12:25:02 +01:00
Sheogorath a4941be3de
Warn on missing serverURL
We see some issues that are based on not properly configured
`config.serverURL`.

This patch adds a warning when `config.serverURL` is an empty value.
This should provide users direct feedback about how to improve their
configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 14:38:49 +01:00
Christoph (Sheogorath) Kern b749d50e20
Merge pull request #1082 from cloudyu/pull
Fix wrong config options

In `./lib/web/auth/` some config includes still used `config.serverurl` instead of the correct `config.serverURL`. This causes wrong URL in worst case.

This patch should fix those problems and migrate the wrong statements to camelcase.
2018-11-28 13:27:38 +01:00
Daan Sprenkels 9fba268288 Prevent subdirectories in user export
This commit also refactors the code a bit, and adds a '-' separator
between a filename and its duplicate index.

This commit fixes #1079.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-28 09:13:28 +01:00
CloudYu 35a9f72a06 Fix typo
Signed-off-by: CloudYu <cloudyu322@gmail.com>
2018-11-27 22:14:37 +08:00
Sheogorath cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Sheogorath 0aa3116805
Fix wrong maxAgeSeconds multiplication
It seems like the inital work on the hsts module expected milliseconds.
This has either changed or was never true. Either way, it caused that
the current defaults resulted in theory in a 1000 year HSTS policy.
Luckily helmet was smart enough to not go higher than 1 year.

Anyway, this patch fixes the multiplication of the configured size with
1000 by removing this multiplication.

Also to simplify the reading of the defaults, we split them into their
components, 60 times 60 seconds so we get one hour. 24 of those hours so
we get a day and finally 365 days to get our original wanted default of
one year.

Reference:
d69d65ea74
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:01:54 +01:00
Christoph (Sheogorath) Kern 5f0d04334b
Merge pull request #1053 from dsprenkels/robots.txt
Disallow creation of robots.txt in freeurl
2018-11-17 13:30:06 +01:00
Daan Sprenkels 4bd8d7eb91 Disallow creation of robots.txt in freeurl
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.

This commit fixes #1052.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-17 13:23:03 +01:00
Christoph (Sheogorath) Kern 1e2bf3698f
Merge pull request #1040 from sunbit/master
Fix migration failure due to change on error messages
2018-11-17 12:34:15 +01:00
Carles Bruguera 5da10c0e2c Update error message text checks
Signed-off-by: Carles Bruguera <carlesba@gmail.com>
2018-11-16 23:53:50 +01:00
Sheogorath bdeb053397
Fix streaming for winston
During the upgrade of winston in
c3584770f2 a the class extension for
streaming was removed.

This caused silent crashes. Somehow winston simply called
`process.exit(1)` whenever `logger.write()` was called. This is really
bad and only easy to debug because of the testing right after upgrading.

However, reimplementing the stream interface as it was, didn't work, due
to the fact that `logger.write()` is already implemented and causes the
mentioned problem. So we extent the object with an `stream` object that
implements `write()` for streams and pass that to morgan.

So this patch fixes unexpected exiting for streaming towards our logging
module.

References:
https://www.digitalocean.com/community/tutorials/how-to-use-winston-to-log-node-js-applications
c3584770f2
https://stackoverflow.com/a/28824464
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-16 11:49:39 +01:00
Christoph (Sheogorath) Kern f1367ba270
Merge pull request #1058 from ccoenen/bug/oauth2internalerror
InternalOAuthError is not part of passport, but of passport-oauth2 #1056
2018-11-16 11:45:50 +01:00
Claudius Coenen 858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Claudius Coenen 56c043424d InternalOAuthError is not part of passport, but of passport-oauth2
This fixes part of #1056: an error while obtaining the profile
would have `502`-crashed the server.

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 14:38:47 +01:00
Christoph (Sheogorath) Kern f9aa001ee7
Merge pull request #1055 from SISheogorath/upgrade/winston
Upgrade winston / refactor logging
2018-11-14 12:13:43 +01:00
Sheogorath c3584770f2
Upgrade winston
Our log library got a new major version which should be implemented.

That's exactly what this patch does. Implementing the new version of the
logging library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 00:47:11 +01:00
Sheogorath 694fb37aea
Fix logging in ot module
Seems like there was some debugging going on some day, this patch should
make sure the right logging is used.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-13 23:30:13 +01:00
Christoph (Sheogorath) Kern 54d3d930cf
Merge pull request #1027 from asg017/master
Add download action to published notes
2018-11-12 22:11:44 +01:00
Christoph (Sheogorath) Kern 4a39017fe0
Merge pull request #1051 from SISheogorath/feature/fullversion
Fix wrong reading from commit
2018-11-12 14:21:03 +01:00
Sheogorath 4b0528ac4f
Fix wrong reading from commit
Right now we use a substr after reading the commit. That's definitely
wrong and leads to wrong commit hashes since the first 5 chars are
missing.

This patch removes the substr usage here and this way fixes the
generated links.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-12 11:18:38 +01:00
Christoph (Sheogorath) Kern a1211abd32
Merge pull request #961 from SISheogorath/feature/osTEMP
Use OS based tmp dir
2018-11-11 19:00:58 +01:00
Sheogorath bcc914a773
Add full version string
Currently we only provide the version from `package.json`. This means
that during updates of instances, e.g. the demo instance, which runs
latest master instead of a stable release, changes are not reflected to
the webclient.

This patch adds a fullversion string that contains the current commit
and this way makes that clients are notified about changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-11 12:44:19 +01:00
Cédric Couralet 67f8a64f2b Fix menu for github and dropbox
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-11-07 12:30:17 +00:00
Claudius 44ffc564da removing global site layout vars from individual routers, putting them into app.local
Signed-off-by: Claudius <opensource@amenthes.de>
2018-11-03 00:52:48 +01:00
Sheogorath 59b3885dda
Use OS based tmp dir
We should use the official OS temp directory instead of an own one, to
not run into conflicts. Also various dependencies already use the OS
temp directory, which makes it pointless to use a different for our
internal purposes then. This commit provides the changes needed to use
the OS tmp directory by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 00:37:11 +01:00
Alex Garcia fcf08f89c3 forgot break statement
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
2018-10-27 17:54:01 -07:00
Alex Garcia 5b789025f3 Add download action to published notes
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
2018-10-27 16:55:14 -07:00
Christoph (Sheogorath) Kern 763b000bc6
Merge pull request #985 from SISheogorath/fix/helmetCSP
Add `data:` URL to CSP and upgrade helmet
2018-10-11 00:19:24 +02:00
Christoph (Sheogorath) Kern 5c4df14bbc
Merge pull request #990 from SISheogorath/fix/oauthProviderName
Make oauth2 provider name accessible
2018-10-09 21:57:37 +02:00
Cédric Couralet d7987def7f Fix #1001: get only project user is member of (and return max of results)
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-10-09 07:04:04 +00:00
Sheogorath 9f9c4089be
Add OpenID to CodiMD
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 22:43:32 +02:00
Christoph (Sheogorath) Kern 32af96aa37
Merge pull request #940 from WilliButz/fix-configurable-paths
enhance configurabiltiy of paths & make execution path-independent
2018-10-05 22:21:01 +02:00
Sheogorath 3d1d03fa87
Make oauth2 provider name accessible
Right now the feature exists but is almost not usable since the only way
to configure it is to know that it exists from reading the source code
and add it to config.json. This patch provides all needed changes so it
can be used by everyone including documentation.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 20:45:25 +02:00
Sheogorath d4a9bb3c7e
Add `data:` URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 03:04:36 +02:00
Sheogorath c03b42d5d4
Fix little bug in length limit
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-28 00:17:43 +02:00
Christoph (Sheogorath) Kern ffc28e06f3
Merge pull request #971 from SISheogorath/fix/gitlabWarning
Set default to `v4`
2018-09-27 22:45:12 +02:00
Sheogorath 57e6d3a482
Set default to `v4`
Seems like we didn't fix the problem with the last patch. This should
finally fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-27 21:57:12 +02:00
Claudius bb80bc2292
removing superfluous config parameters for template files
Signed-off-by: Claudius <opensource@amenthes.de>
2018-09-26 21:01:15 +02:00
WilliButz 12cd747270
imageRouter/filesystem: make callback path-independent
Images are now properly served when `config.uploadsPath`
differs from its default value.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 20:55:15 +02:00
WilliButz 556783ffad
lib/config: use `path.resolve` instead of `path.join`
While paths like `tmpPath` could previously be configured,
they were all interpreted relative to `appRootPath` because
of `path.join`.

Now the configurable paths can be canonical and therefore
independent of the `appRootPath`.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:37 +02:00
WilliButz e48852e0e2
lib/config: add environment variable to set config file
Previously it was assumed that `config.json` would be placed in
the same directory as the rest of CodiMD without any optional override.

This allows to override the path to the `config.json` by setting
`CMD_CONFIG_FILE` to the canonical path of the desired config file.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:37 +02:00
WilliButz bd2f7cef49
lib/models/revision.js: make independent of exec-path
Previously calling `app.js` from another directory than
the base directory of CodiMD would result in an error being
thrown because `lib/workers/dmpWorker.js` could not be found.

This change makes the function call independent of the path CodiMD
is started from.

Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 16:56:36 +02:00
Sheogorath 353642c870
Fix document length limit on post
We recently introduced a new way to create notes using a post requeest
to the `/new` endpoint. This is not limited in size, other than pasting
a note in the editor. This patch should enforce this limit also on this
way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-26 16:08:24 +02:00
Sheogorath 7e0be69abb
Omit unneeded warning if no gitlab is configured
This patch should fix the unneeded warning of the wrong API version,
when gitlab isn't configured at all.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 00:26:40 +02:00
Sheogorath 6fdb9eea46
Fix server crash on PDF creation
`markdown-pdf` seems to fail to provide the PDFs on tmpfs. This leads
crashing codimd which expects the file to be there. This patch should
add some proper error handling when expectation and reality don't fit
together.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-24 20:25:25 +02:00
Sheogorath 81e3d7bd00
Extend migration error handling
The current error handling seems to conflict with some sequelize
versions. So we add a second version of it in our excemptions.

I'm not happy about it, but when it helps to prevent further migration
breaking, it's worth it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 16:19:35 +01:00
Christoph (Sheogorath) Kern 007f252273
Merge pull request #906 from SISheogorath/fix/letterAvatarMail
Fix possible weird objects as email
2018-09-05 11:36:29 +01:00
Alexander Hesse f728fdb8ab BUGFIX: wrong version check for gitlab api
Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
2018-08-23 14:06:26 +02:00
Christoph (Sheogorath) Kern 881ca88c51
Merge pull request #908 from micedre/gitlabV4
Add possibility to choose between version v3 or v4 for the gitlab api.
2018-07-31 10:55:08 +02:00
Cédric Couralet 66d374b128 Add possibility to choose between version v3 or v4 for the gitlab api.
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)

Default gitlab api version to v4

Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
2018-07-31 08:36:56 +00:00
Christoph (Sheogorath) Kern 48ddcef31c
Merge pull request #894 from hcaloto/fixMigrationIssues
Add missing catch blocks for migration from 1.1.1 to 1.2.0
2018-07-31 10:26:39 +02:00
Hugo Caloto 26a14dd987 Add missing catch blocks for migration from 1.1.1 to 1.2.0
Signed-off-by: Hugo Caloto <hcaloto@gmail.com>
2018-07-31 08:19:57 +02:00
Christoph (Sheogorath) Kern 93a3ce1164
Merge pull request #907 from SISheogorath/fix/historyLZString
Some minor improvements for LZString handling
2018-07-28 15:03:06 +02:00