ac31e51d67
Fix session flood issue after prometheus metrics are implemented.
...
Root cause:
- prometheus metrics '/metrics/codimd' exported by 3ca0341 are still in 'routes need sessions' section.
- prometheus scrapes metrics repeatedly.
- new session created every time while prometheus scrapes metrics '/metrics/codimd'.
Solution:
- move /metrics/codimd from lib/routes.js to lib/metrics.js.
- move /metrics/codimd from section 'routes need sessions' of app.js to 'routes without sessions'.
Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-04 20:57:46 +08:00
09eb8556db
Exporting metrics for node.js, express, router, and codimd realtime status.
...
1. **/metrics/router** : exporting node.js/express Prometheus metrics by
[prometheus-api-metrics](https://www.npmjs.com/package/prometheus-api-metrics )
2. **/metrics/codimd** : exporting codimd realtime status (/status) as
Prometheus metrics
Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-01 22:17:22 +08:00
5463c8412c
Use array for tags when available ( close #1496 )
...
Signed-off-by: Daniele Ricci <daniele@casaricci.it>
2020-04-30 20:31:22 +02:00
bcd92f500f
return errorForbidden when anonymous user tries to create freeUrl pad ( closes #1499 )
...
Signed-off-by: Lucas Druschke <ldruschk@posteo.de>
2020-04-29 22:42:56 +02:00
e1977a1da7
Fix GitHub's avatar URL
...
At the moment, the URL is being composed and modified with the use of
string composition.
This causes issues, if the URL returned by GitHub slightly differs from
the time developer initially had a look into it.
In our case, the URL from GitHub has two query parameters in it, whilst
the codebase only expected one.
This change will take all of these parameters and only set the one we
care about, whilst leaving others intact and carry on with the full URL.
Fixes #1489
Signed-off-by: Rafal Proszowski <paroxp@gmail.com>
2020-04-20 12:25:32 +01:00
d4d0120ab7
prevert directly call of User.hashPassword()
...
this preverted changes made in 7b8576d. now we use hooks to hash password.
no need to call User.hashPassword() manually.
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
027195e973
add hooks for hash password
...
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
f618576193
use async hashPassword/verifyPassword
...
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
ec206db173
add methods for password hashing in User model
...
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
2fe10a78b7
chore: change aws-sdk to @aws-sdk/client-s3-node, reduced module size
...
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-04-12 02:24:35 +08:00
421ccbfc25
fix: lutim not required properly
...
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-04-12 02:11:43 +08:00
e72bcfe0ea
Merge pull request #1459 from hackmdio/feat/improve-version-check
...
Improve version checker behavior
2020-04-05 15:36:10 +08:00
1b80245546
Merge pull request #1453 from moycat/feature/oauth-avatar
...
Support avatar for OAuth users
2020-03-26 05:17:27 +08:00
72c9d049f7
Fix check for creating free url notes
...
Signed-off-by: Mark Steve Samson <marksteve@thinkingmachin.es>
2020-03-17 21:00:16 +08:00
bd508b166f
Update lib/web/middleware/checkVersion.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-17 02:24:01 +08:00
b49a4e24f1
feat(versionCheck): add timeout to 1s and change logger type to avoid log error to disturb user
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-17 01:24:38 +08:00
a1a69a75c0
Add correct path for minio
...
This should fix #1452
Signed-off-by: Kishan Mehta <kishan@scrapinghub.com>
2020-03-13 18:22:40 +05:30
46fdb6a6f0
Support avatar for OAuth users
...
Signed-off-by: Moycat <i@moy.cat>
2020-03-12 13:48:18 +08:00
3ae3cb191d
fix: some environment variables not in docker secret
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-06 20:51:25 +08:00
fc662661a8
fix: only enable dropbox directives when config is given
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-03-03 18:35:57 +08:00
e2c31e4cb3
fix: allow Dropbox dropins in CSP directives
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-03-03 17:25:36 +08:00
5c9438697a
Merge pull request #1435 from hackmdio/feat/remove-old-config
...
Remove old config and environment
2020-03-02 21:55:24 +08:00
48582617ad
doc: remove HMD related and remove docs
...
All docs migrate to online documentation now and store in `codimd-docs`
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 18:35:25 +08:00
d658903d01
Merge pull request #1433 from hackmdio/feature/disable-include-subdomain-hsts
...
Disable HSTS IncludeSubdomain, to prevent unexpected behavior
2020-03-02 18:29:03 +08:00
ffe0783869
feat: old config and environment is not use anymore
...
BREAKING CHANGE: remove old config and environment
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 12:06:28 +08:00
ac0f5a9461
feat: change default anonymous setting
...
BREAKING CHANGE: change allowAnonymous to `false` and setup
allowAnonymousEdits and allowAnonymousViews to `true`
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 11:58:29 +08:00
40b6b06f57
feat(hsts): trun includeSubdomain to false
...
BREAKING CHANGE: change default setting from `true` to `false`
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 11:53:35 +08:00
c9badcf2e4
Merge pull request #1426 from hackmdio/feat/support-google-hosted-name
...
Support hostedName in google OAuth provider
2020-02-28 18:03:19 +08:00
b9f0e37eee
feat: support hostedName in google OAuth 2.0 provider
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 17:53:04 +08:00
371e985e29
Merge pull request #1289 from hackmdio/feature/embed-geolocation
...
Support embedding geolocation data
2020-02-28 17:37:23 +08:00
1a000226b0
fix: unwrap the geo div and throw error when input
...
location search not found
also fix the CSP rule that the img with data src might be violated
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
Co-authored-by: Max Wu <jackymaxj@gmail.com>
2020-02-28 15:48:09 +08:00
72c5b0d14e
feat: support customize scope in OAuth2 provider
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 02:13:58 +08:00
d5d0f3d820
fix: extractProfileAttribute not working correctly
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 01:53:25 +08:00
50cbf036e3
Merge pull request #1420 from hackmdio/feature/upgrade-reveal.js-3.9.2
...
Feature/upgrade reveal.js 3.9.2
2020-02-27 19:04:52 +08:00
b8fb9dbb9e
fix: download pdf twice may crash server
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-27 00:02:18 +08:00
adf3503c31
feat: update CSP nonce for reveal.js 3.9.2 speaker notes feature
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-02-26 22:36:25 +08:00
da3fd00577
refactor: change errorServiceUnavailable function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:26:56 +08:00
13ed2e6b44
refactor: change errorInternalError function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:26:01 +08:00
8787177991
refactor: change errorTooLong function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:23:55 +08:00
35a2135b36
refactor: change errorBadRequest function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:22:59 +08:00
09a353ffcc
refactor: change errorNotFound function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:20:42 +08:00
6b1ce381df
fix: change errorForbidden function signature, add req into function parameter
...
avoid incorrect function parameter passing
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:13:45 +08:00
7870b82249
fix: server throw TypeError when user not sign-in
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 10:25:25 +08:00
db615e5111
fix: page broken when shortId doesn't exists
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 10:25:25 +08:00
d22ea95fb6
Merge pull request #1399 from hackmdio/feature/version-check
...
Version check middleware & logging
2020-02-24 16:13:50 +08:00
6f78c9ad9a
Merge pull request #1273 from hackmdio/feature/support-pandoc-export
...
Pandoc export
2020-02-17 11:35:02 +08:00
f1c9ee4c89
Fix actioinPandoc
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-10 11:23:52 +08:00
3b2df24b75
Change npm package target
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-10 10:58:42 +08:00
bb9c43348d
Support pandoc export
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-10 10:58:02 +08:00
7969d17366
fix(noteController): should check permission when user view note
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-07 10:55:50 +08:00
c26a9f10ca
Fix missing environment config for version check
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-07 10:55:16 +08:00
caf4ac61e5
Support emojify.css use cdn
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-06 14:31:25 +08:00
821295ecd3
Fix linting errors
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-06 10:46:48 +08:00
8cd9ba2f82
Log version check info when app is starting
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-06 10:40:54 +08:00
334c81efe7
Save version info in app locals
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-06 10:19:44 +08:00
11265238db
Implement version check middleware
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-06 10:19:44 +08:00
19dad9dfc8
Lazy load dicts, support cdn, config webpack
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-05 18:34:02 +08:00
57345b06f7
refactor: noteActions
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:03 +08:00
82cade2b87
refactor: noteActions
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:03 +08:00
7f9970449a
refactor: showPublishNote
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:03 +08:00
66edff87c5
refactor: show note
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:03 +08:00
b4ec353fcd
refactor: remove web folder
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:02 +08:00
2135cfcd18
refactor: move realtime related code to directory
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:02 +08:00
68fcf35c70
feat: merge all route to single file
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:02 +08:00
80859f6cf7
feat: remove very old history migration method (since 0.2.8)
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-01-06 14:19:01 +08:00
6be31aba9b
Remove unused imports, fixing coding style issues.
...
Signed-off-by: YusukeIwaki <iwaki+git@i3-systems.com>
2019-12-28 23:00:58 +09:00
83fe0815d5
Add environment variables definition for Heroku deploy.
...
Signed-off-by: YusukeIwaki <iwaki+git@i3-systems.com>
2019-12-28 22:23:20 +09:00
d5dd27f745
Implement bitbucket login.
...
Signed-off-by: YusukeIwaki <iwaki+git@i3-systems.com>
2019-12-28 22:22:15 +09:00
8629670b0e
feat(imageUpload): upgrade minio version to 7.0.12
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-12-13 12:18:42 +08:00
3fe6ec71e3
Explicitely set uploaded image ACLs for S3 to "public-read"
...
This works around permission problems with DigitalOcean spaces (where
files are always *private* by default).
This should not pose a difference with AWS and other providers as CodiMD
only works with public S3 assets either way.
Signed-off-by: Martin Honermeyer <maze@strahlungsfrei.de>
2019-12-05 18:37:42 +01:00
75ee5ad255
Merge branch 'develop' into feature/configurable-break-style
2019-11-01 10:27:47 +08:00
f871eff28d
Merge pull request #1327 from kamijin-fanta/github-enterprise
...
support to login with github enterprise
2019-11-01 10:22:46 +08:00
7fd36b1b33
Add https_proxy support to gitlab oauth ( #1296 )
...
Add https_proxy support to gitlab oauth
2019-11-01 10:22:08 +08:00
9e6f980d8d
github-login: move comment to default.js
...
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-30 17:02:15 +09:00
2a365d6971
fix linter issues
...
Signed-off-by: Ruben ten Hove <git@rhtenhove.nl>
2019-10-30 07:58:36 +01:00
bac3921197
Add https_proxy support to gitlab oauth
...
Signed-off-by: Ruben ten Hove <git@rhtenhove.nl>
2019-10-30 07:49:43 +01:00
65ecb6d2ec
Allow to generate lower case header references through the conf… ( #1310 )
...
Allow to generate lower case header references through the config
2019-10-30 14:44:40 +08:00
7c5ac3603a
allow to define header link generation style via environment var
...
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-29 10:53:20 +01:00
3d5d8e20f7
document `linkifyHeaderStyle` in default.js
...
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-29 09:57:31 +01:00
b785ead5e5
github login: fix env name
...
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-27 00:01:56 +09:00
ba37faf71a
github login: default config/config from env vars.
...
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-26 22:18:07 +09:00
225e28bdbd
support to login with github enterprise
...
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-25 15:15:42 +09:00
0dfb8a320d
feat: add syntax hilight on pdf
...
Signed-off-by: kondouagi <kondouagi@gmail.com>
2019-10-22 12:43:09 +09:00
34c2bfcfc5
Allow to generate lower case header references through the config ( #1305 )
...
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.
This behavior can be enabled in config.json with:
```
"linkifyHeaderStyle": "gfm"
```
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-21 22:17:55 +02:00
82b5e98f55
Add defaultUseHardbreak environment variable
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2019-10-20 14:32:06 +08:00
495b65e3b9
Add defaultUseHardbreak as constants
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2019-10-20 14:30:55 +08:00
c7a15ecc66
Add allowAnonymousViews option
...
resolve #1144
set to `false` to delete `freely`, `editable` and `locked` permission when allowAnonymous is true (default is `true`)
Signed-off-by: hakoai <hakoai64@gmail.com>
2019-09-08 21:55:52 +09:00
85fc41c350
Merge branch 'master' into develop
2019-08-17 00:07:49 +08:00
044b6b9422
refactor: fix lint
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-05 10:22:12 +08:00
6c968f9622
fix: history api failed cause by circular dependency
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-05 10:04:15 +08:00
ff124ab6bf
refactor: fix line after merged develop
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:59:03 +08:00
fffefcc5f8
refactor: fix lint on lib/utils.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:38 +08:00
534b916abb
refactor: fix lint on lib/response.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:32 +08:00
81cf993358
refactor: fix lint on lib/realtime.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:32 +08:00
2c7459c16e
refactor: fix lint on lib/letter-avatars.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:32 +08:00
ac6a605cd9
refactor: fix lint on lib/history.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:31 +08:00
e2a13b05b1
refactor: fix lint on lib/workers/dmpWorker.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:31 +08:00
ee1538eed9
refactor: fix lint on lib/web/userRouter.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:31 +08:00
3049c64066
refactor: fix lint on lib/web/imageRouter/s3.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:30 +08:00
c8ffd2ab19
refactor: fix lint on lib/web/imageRouter/minio.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:30 +08:00
tarlety
Daniele Ricci
Lucas Druschke
Rafal Proszowski
BinotaLIU
Raccoon
Mark Steve Samson
Kishan Mehta
moycat
Max Wu
Yukai Huang
YusukeIwaki
Martin Honermeyer
kamijin_fanta
Ruben ten Hove
rhtenhove
hoijui
kondouagi
TAKIMOTO, Atsushi