status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,822 Commits 23 Branches 35 Tags 26 MiB
Commit Graph

694 Commits

Author SHA1 Message Date
Yukai Huang 0c3171b17d
Merge pull request #1570 from hackmdio/bugfix/update-history-usage 
Use encoded noteId when calling updateHistory
 2021-05-11 16:27:50 +08:00
Yukai Huang ab58cd45b4 Use encoded noteId in updateHistory call 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2021-05-11 16:21:46 +08:00
Raccoon 965cca9d39
fix: lint 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2021-04-28 17:37:43 +08:00
Raccoon 20b10b7bb7
refactor: beforeCreate and parseNoteId 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2021-04-27 19:25:46 +08:00
Raccoon d3bbdfc7d3
fix: can traversal any md files 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2021-04-27 18:25:06 +08:00
Yukai Huang bf5325b37f
Merge pull request #1609 from mic4ael/return-to-note-on-login 
Better redirection after a successful login
 2021-04-16 12:20:09 +08:00
Giuseppe Lo Presti dc37e5df63 Better update of the authorship of anonymous users 
Co-authored-by: Yukai Huang <yukaihuangtw@gmail.com>
Signed-off-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
 2021-03-18 09:13:22 +01:00
Giuseppe Lo Presti c9399f33d1 Support anonymous updates via API if allowAnonymousEdits is true 
Signed-off-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
 2021-03-09 12:32:54 +01:00
Yukai Huang de0f4588ac
Fix getImageMimeType mime usage 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-12-23 22:16:28 +08:00
Yukai Huang c9e23985d3
Check image type from file extension 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-12-23 15:46:19 +08:00
Yukai Huang e19e6642fb
Allow bmp/tiff image to be uploaded 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-12-23 15:45:49 +08:00
Yukai Huang c1a22a5318
Replace hard coded impl in getImageMimeType 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-12-23 15:43:14 +08:00
Yukai Huang 7a88f9d95a
Check upload image mime type 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-12-22 16:48:13 +08:00
Michal Kolodziejski 7d815cc90c Better redirection after a successful login 
Signed-off-by: Michal Kolodziejski <michal.kolodziejski@cern.ch>
 2020-10-17 12:57:23 +02:00
Yukai Huang ab0ac83582
Fix updateHistory parameter 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-08-12 18:10:39 +08:00
James Tsai 4792908169 Fix linter 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-08-04 17:11:09 +08:00
James Tsai e7a4996cbe Update note title and history in update api 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-08-04 16:48:33 +08:00
James Tsai 091c77bdb1 Refactor, change response type to json in update-api user online checking 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-30 18:56:57 +08:00
James Tsai 04fe74d520 Refactor, use body parser, adjust update api content column 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-30 18:14:10 +08:00
James Tsai 53526c154a Check online users, update authorships, save revisions in update note content API 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-27 18:01:10 +08:00
James Tsai 96f8f06b00 Disconnect online users by delete API 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-27 18:01:10 +08:00
James Tsai b3cf98b329 Fix linter 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-27 18:01:10 +08:00
James Tsai b597dc9811 Add update note api 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-27 18:01:10 +08:00
James Tsai 66d53956c4 Add delete note api 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-27 18:01:10 +08:00
Yukai Huang 8e72eb5aca
Merge pull request #1548 from hackmdio/feature/list-my-note-api 
List-my-note API
 2020-07-15 17:13:35 +08:00
James Tsai 03bc329b3f Fix linter 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-14 17:34:32 +08:00
James Tsai a22cf73f60 Refactor, variable naming and myNoteList mapping 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-14 17:34:32 +08:00
James Tsai dcf48e749e Update route of list-my-notes api 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-14 17:34:32 +08:00
Yukai Huang 91fb54539a
Merge pull request #1546 from schokotets/develop 
feature: pass-through yaml metadata image to html meta tag
 2020-07-10 10:33:55 +08:00
Yukai Huang 3e09c7a21f
Merge pull request #1505 from daniele-athome/pr/feature/tags-array 
Use array for tags when available (close #1496)
 2020-07-09 15:50:57 +08:00
James Tsai 07f32f5bbf Fix standard 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-01 11:42:28 +08:00
James Tsai 2973bfbceb Add list-my-note API 
Signed-off-by: James Tsai <jamesscamel@gmail.com>
 2020-07-01 11:42:28 +08:00
schokotets 2c9f73cfb2
feature: pass-through yaml metadata image to html meta tag 
Signed-off-by: schokotets <moritzleni@gmail.com>
 2020-06-27 17:22:11 +02:00
Raccoon 8b67d6916d
fix: improve image upload to filesystem may caused app crash 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-05-31 00:41:01 +08:00
Raccoon ac6021a579 fix: returning 500 when getStatus failed 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-05-17 03:25:57 +08:00
Raccoon a3742e4564 fix: getStatus should reject promise 
1. reject promise when getStatus failed
2. change to use promise-way call getStatus in debug message

Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-05-17 03:25:20 +08:00
Raccoon 54ab0a08de
Merge pull request #1512 from stregouet/oauth2-state 
fix: add state parameter for oauth2
 2020-05-13 16:26:26 +08:00
Raccoon 20bacfbaf1
Merge pull request #1507 from tarlety/feature-metrics-merge-develop 
Exporting metrics for node.js, express, router, and codimd realtime status.
 2020-05-13 16:25:38 +08:00
Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2 
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
 2020-05-11 15:59:49 +02:00
tarlety ac31e51d67
Fix session flood issue after prometheus metrics are implemented. 
Root cause:
- prometheus metrics '/metrics/codimd' exported by 3ca0341 are still in 'routes need sessions' section.
- prometheus scrapes metrics repeatedly.
- new session created every time while prometheus scrapes metrics '/metrics/codimd'.

Solution:
- move /metrics/codimd from lib/routes.js to lib/metrics.js.
- move /metrics/codimd from section 'routes need sessions' of app.js to 'routes without sessions'.

Signed-off-by: tarlety <tarlety@gmail.com>
 2020-05-04 20:57:46 +08:00
tarlety 09eb8556db
Exporting metrics for node.js, express, router, and codimd realtime status. 
1. **/metrics/router** : exporting node.js/express Prometheus metrics by
[prometheus-api-metrics](https://www.npmjs.com/package/prometheus-api-metrics)

2. **/metrics/codimd** : exporting codimd realtime status (/status) as
Prometheus metrics

Signed-off-by: tarlety <tarlety@gmail.com>
 2020-05-01 22:17:22 +08:00
Daniele Ricci 5463c8412c Use array for tags when available (close #1496) 
Signed-off-by: Daniele Ricci <daniele@casaricci.it>
 2020-04-30 20:31:22 +02:00
Lucas Druschke bcd92f500f return errorForbidden when anonymous user tries to create freeUrl pad (closes #1499) 
Signed-off-by: Lucas Druschke <ldruschk@posteo.de>
 2020-04-29 22:42:56 +02:00
Rafal Proszowski e1977a1da7
Fix GitHub's avatar URL 
At the moment, the URL is being composed and modified with the use of
string composition.

This causes issues, if the URL returned by GitHub slightly differs from
the time developer initially had a look into it.

In our case, the URL from GitHub has two query parameters in it, whilst
the codebase only expected one.

This change will take all of these parameters and only set the one we
care about, whilst leaving others intact and carry on with the full URL.

Fixes #1489

Signed-off-by: Rafal Proszowski <paroxp@gmail.com>
 2020-04-20 12:25:32 +01:00
BinotaLIU d4d0120ab7
prevert directly call of User.hashPassword() 
this preverted changes made in 7b8576d. now we use hooks to hash password.
no need to call User.hashPassword() manually.

Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:13 +08:00
BinotaLIU 027195e973
add hooks for hash password 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:13 +08:00
BinotaLIU f618576193
use async hashPassword/verifyPassword 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:12 +08:00
BinotaLIU ec206db173
add methods for password hashing in User model 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:12 +08:00
Raccoon 2fe10a78b7
chore: change aws-sdk to @aws-sdk/client-s3-node, reduced module size 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-04-12 02:24:35 +08:00
Raccoon 421ccbfc25
fix: lutim not required properly 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-04-12 02:11:43 +08:00