Dustin Frisch
d6ee10d176
Introduce ldap.useridField
...
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-03-01 23:51:47 +01:00
Max Wu
fe429e9ac1
Update to use buffer in encode/decode note id
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-27 20:57:31 +08:00
Max Wu
44298baa93
Add migration for LZString compressed note id in history
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:46:59 +08:00
Max Wu
baa0418fb5
Remove and replace all note id compression in LZString with base64url
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Max Wu
15ef54c2dc
Fix to show 500 message when got error in parseNoteId
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17 00:57:00 +08:00
Max Wu
bb5e021f20
Fix field type to prevent data truncation of authorship ( #721 )
...
* Fix field type to prevent data truncation of authorship
2018-02-09 14:27:06 +01:00
Takeaki Matsumoto
a9973cabc4
Fix typo of DB migration script
...
Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
2018-02-08 10:15:05 +09:00
Stefan Bühler
c4f8fb78ee
don't require referer to find note id in socket.io connections ( fixes #623 )
...
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
2018-02-05 14:26:42 +01:00
Sheogorath
eddf8a3a33
Fix uncaught exception for non-existent user
...
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 21:53:36 +01:00
Christoph (Sheogorath) Kern
adc781f7e3
Merge pull request #704 from SISheogorath/fix/ldapProviderName
...
Fix ldap provider name in template
2018-01-29 15:59:27 +01:00
Sheogorath
bd92010dd2
Remove camel case from `imageuploadtype` in config
...
This removes the only camel cased option of the config options
**we** added to the config.json.
In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.
Fixes #315
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath
e44751b3f1
Fix ldap provider name in template
...
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 10:46:22 +01:00
Christoph (Sheogorath) Kern
584f1c5249
Merge pull request #691 from SISheogorath/feature/upload
...
Allow more detailed configuration of upload mime types
2018-01-23 12:10:33 +01:00
Sheogorath
817bb9e639
Fix broken port config
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-23 12:00:11 +01:00
Christoph (Sheogorath) Kern
eec2318bda
Merge pull request #506 from erasys/minio
...
Add support for minio
2018-01-23 11:43:24 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
...
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Christoph (Sheogorath) Kern
268c81a323
Merge pull request #673 from fooker/master
...
Allow posting new note with content
2018-01-20 19:45:41 +01:00
Sheogorath
a7935a595a
Allow more detailed configuration of upload mime types
...
Fixes #637
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20 15:16:53 +01:00
Dario Ernst
6ae4b8bf13
Add option to enable `freely` permission in closed instance
...
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.
Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Christoph (Sheogorath) Kern
60005d3039
Merge pull request #686 from SISheogorath/feature/configVersion
...
Load version from package.json
2018-01-19 14:34:54 +01:00
Sheogorath
583aa4f462
Load version from package.json
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-19 13:54:19 +01:00
Wu Cheng-Han
608008753f
Fix not passing app key correctly in dropbox config
2018-01-19 00:25:08 +08:00
Sheogorath
11a5dd0eb4
Release 1.0.0-ce
2018-01-18 13:03:18 +01:00
Sheogorath
8bf8a1aef1
Ignore empty values for revision.
...
Fixes #420
2018-01-18 11:19:47 +01:00
Christoph (Sheogorath) Kern
8375544dea
Merge pull request #636 from laysdra7265/fix/sslcapath
...
Fix sslcapath bug
2018-01-18 11:17:17 +01:00
Christoph (Sheogorath) Kern
af082d9347
Merge pull request #567 from ccoenen/fix-mysql-text-length
...
converting all content fields to MEDIUMTEXT (affects MySQL only)
2018-01-18 11:16:59 +01:00
Dustin Frisch
f47601857e
Allow posting new note with content
...
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-01-18 10:41:58 +01:00
Max Wu
68879d20ed
Fix minor typos
...
of wrong parameters passing order and wrong user object indexing in for each function
2018-01-16 15:51:24 +08:00
Christoph (Sheogorath) Kern
45976a8916
Update index.js
2017-12-22 12:25:13 +01:00
Christoph (Sheogorath) Kern
fc626a6724
Simplify loop
2017-12-22 12:19:19 +01:00
Peter Dave Hello
76873d3f7e
Fix file permission, remove useless executable
2017-12-14 05:05:18 +08:00
Christoph (Sheogorath) Kern
17e3b8b5cd
Merge branch 'master' into ldap-username-field
2017-12-12 10:27:22 +01:00
alecdwm
5e5a021ce0
parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated array
...
Signed-off-by: Alec WM <firstcontact@owls.io>
2017-12-09 20:33:57 +01:00
Lukas Kalbertodt
612b2d1811
Add setting `ldap.usernameField`
...
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
2017-12-09 12:30:48 +01:00
LaysDragon
9949795533
fixed sslcapath bug
2017-12-05 12:06:10 +08:00
Norihito Nakae
2db2ff484f
added guide for SAML settings
2017-12-04 20:13:15 +09:00
Norihito Nakae
410268da74
added environment variables for SAML
2017-11-29 20:26:28 +09:00
Norihito Nakae
a22be81feb
fixed the SAML callback URL to unconfigurable.
2017-11-29 15:45:32 +09:00
Norihito Nakae
4a4ae9d332
Initial support for SAML authentication
2017-11-28 18:52:24 +09:00
Sheogorath
8808399c48
Fix mattermost breaking notes
2017-10-31 13:48:35 +01:00
Christoph Witzany
5cda55086a
Add mattermost authentication
2017-10-31 10:34:51 +01:00
Sheogorath
881e800fd8
Merge pull request #562 from SISheogorath/fix/LDAP
...
Fix LDAP problem about missing uidNumber
2017-10-27 12:48:45 +02:00
geekyd
f7d2ef970a
Adds 403 response if PDF export is disabled
2017-10-25 19:21:34 +05:30
geekyd
d63e6780eb
Adds PDF export via config
2017-10-25 19:19:37 +05:30
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
...
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive
2017-10-22 00:03:46 +02:00
Literallie
0cbdc852cb
CSP: Allow more content types
2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS
2017-10-22 00:03:45 +02:00
Literallie
5d2d3ec875
CSP: Upgrade insecure requests if possible
...
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie
ba183ce654
Add basic CSP support
2017-10-22 00:03:44 +02:00
Claudius Coenen
cc49ce55c8
Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent truncation of data.
2017-10-16 10:13:11 +02:00
Literallie
6bdc90d6ff
Add env vars for extra HSTS options
2017-10-13 01:42:05 +02:00
Literallie
1634d5c567
Add on/off env var for HSTS
2017-10-13 01:42:05 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584
2017-10-13 01:42:05 +02:00
Sheogorath
f93a14e3e1
Fix LDAP problem about missing uidNumber
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-12 14:52:28 +02:00
Sheogorath
53c2d0b5ca
Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT
...
Fix missing boolean setting for HMD_URL_ADDPORT
2017-10-12 00:01:27 +02:00
Sheogorath
89c60d1331
Fix missing boolean setting for HMD_URL_ADDPORT
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-11 23:13:22 +02:00
Claudius Coenen
724a6bc26f
createdAt DESC with quotation marks did not work with MySQL fixes #565
2017-10-09 14:03:33 +02:00
Sheogorath
a99cac0cf0
Merge pull request #550 from SISheogorath/fix/gitlabAvatar
...
Fix broken profile images in GitLab
Fixes #549
2017-10-08 22:20:35 +02:00
Sheogorath
500207545f
Fix broken profile images
2017-09-22 12:40:43 +02:00
Kaiyu Shi
4ae8086301
Give google the correct name.
2017-09-04 16:04:20 +08:00
Marc Deop
2c780f53df
Add support for minio
2017-08-30 18:58:34 +02:00
Kotaro Yamamoto
1220bbe9f6
fix s3 us-east-1 region endpoint
2017-06-14 11:08:09 +09:00
Wu Cheng-Han
20c5c78c29
Fix typo in the db config
2017-06-05 03:52:25 +08:00
Wu Cheng-Han
ca95901204
Fix slide might not provide slideOptions meta
2017-06-05 01:12:40 +08:00
Max Wu
38cf2f7535
Merge pull request #471 from butlerx/reveal/theme
...
add the ability to set slide theme in slide options
2017-06-03 12:51:03 +08:00
butlerx
0c827703c1
switch to __dirname
2017-06-02 11:34:35 +01:00
tkykm
bf3512f8f6
Read to correct tlsca file path
2017-06-01 19:58:55 +09:00
butlerx
c531d96f66
check if reveal theme exists
2017-06-01 10:12:40 +01:00
butlerx
e5834c077f
add the ability to set slide theme in slide options
2017-05-31 23:28:43 +01:00
Max Wu
0a6793747c
fix: export to gist occurred 404 not found
2017-05-17 02:42:44 +08:00
Raccoon Li
0c619fee91
fix(config): ssl environment configs not parse properly
2017-05-08 20:41:38 +08:00
Raccoon Li
826ad213d6
fix(config): some environment config not parse properly
2017-05-08 20:38:59 +08:00
Max Wu
0ef0e70579
Rename checkURiValid.js to checkURIValid.js
2017-05-08 20:13:55 +08:00
Raccoon Li
d79997808a
fix(imageRouter): import missing dependency: getImageMimeType
2017-05-08 20:04:05 +08:00
BoHong Li
ecb0533605
refactor(config.js): Extract config file
...
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d
refactor: Remove `require` extension filename
2017-05-08 19:29:06 +08:00
BoHong Li
34c9f07669
refactor(baseRouter.js): Adjust style fit standard
2017-05-08 19:29:06 +08:00
BoHong Li
a7e3c4d535
refactor(auth.js): Remove base path
2017-05-08 19:29:06 +08:00
BoHong Li
d88502e331
refactor(app.js): Move passport serialize and deserialize to auth module
2017-05-08 19:29:06 +08:00
BoHong Li
7ef17fd4e6
refactor(app.js): Extract tooBusy
2017-05-08 19:29:06 +08:00
BoHong Li
768943002c
refactor(app.js): Extract upload image
2017-05-08 19:29:06 +08:00
BoHong Li
689bade730
refactor(app.js): Extract note action
2017-05-08 19:24:38 +08:00
BoHong Li
e2ac73f5a3
refactor(app.js): Extract /me page
2017-05-08 19:24:38 +08:00
BoHong Li
706df11e23
refactor(app.js): Extract history api
2017-05-08 19:24:38 +08:00
BoHong Li
69a9f7ca38
refactor(app.js, auth.js): Extract all auth method to individual modules
2017-05-08 19:24:38 +08:00
BoHong Li
766022378a
refactor(app.js): Extract status pages
2017-05-08 19:24:37 +08:00
BoHong Li
66c68254b4
refactor(app.js): Extract index, 403, 404, 500 pages
2017-05-08 19:24:37 +08:00
BoHong Li
9f1f16c8e3
refactor(app.js): Extract urlencodedParser to utils module
2017-05-08 19:24:37 +08:00
BoHong Li
dee77c459a
refactor(app.js): Extract middleware to module
...
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li
036b2414f3
refactor(logger): Refactor logger.js
...
Use class style implement write interface
2017-05-08 19:24:37 +08:00
LluisArevalo
6bf32afb0b
Use single quotes
2017-05-08 11:00:45 +02:00
LluisArevalo
03ef1bf4f0
Add Content-Type to the images uploaded to AWS S3
2017-05-08 10:22:52 +02:00
BoHong Li
e46874d04a
fix: Other dialect duplicated add index problem
...
Detect is using SQLite to add index
2017-03-28 15:28:33 +08:00
BoHong Li
e26bb0503f
fix: Support SQlite
...
Move 'unique' constraint to another statement (SQLite don't support set unique when addColumn)
2017-03-28 15:16:09 +08:00
BoHong Li
6f14822413
fix: Add missing migration
2017-03-27 19:23:00 +08:00
BoHong Li
66fc817ad4
fix: Fixed sequelize-cli db:migration cannot stop when occur error
...
Up and Down method must return a Promise.
breaking changes: docker-hackmd cannot initialize, because db:migration will fail
2017-03-24 11:26:04 +08:00
Wu Cheng-Han
dde6e622a4
Fix front-end constants generation not getting config properly
2017-03-23 20:00:48 +08:00
Wu Cheng-Han
7e3b74d0da
Mark as 0.5.1
2017-03-23 00:22:44 +08:00
Wu Cheng-Han
448b006194
Update to generate front-end constants on server startup
...
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han
4a1d08c653
Fix strip null byte in model should cast to string to use replace function
2017-03-15 22:12:24 +08:00
Wu Cheng-Han
506a381eca
Add config option for gitlab api scope and auto adapt gitlab snippet feature on it
2017-03-14 18:04:23 +08:00
Wu Cheng-Han
baf13072c1
Fix update doc from filesystem cause redundant authorship stringify
2017-03-14 17:11:52 +08:00
BoHong Li
5870d988b5
Use strict mode in all backend files
...
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li
4889e9732d
Use JavaScript Standard Style
...
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
BoHong Li
8f1c97f4a4
Fixed Syntax Error
2017-03-04 17:06:11 +08:00
Raccoon
48592d692c
Merge branch 'master' into feature/addSecrets
2017-03-03 09:22:35 +08:00
Wu Cheng-Han
2aee0f267c
Fix user profile photo might not replace to proper size
2017-02-18 20:07:15 +08:00
Mike
d29aff6505
first envs then the config
...
or docker -e will not work
2017-02-15 10:22:38 +01:00
NV
5375fe5779
Add validation to defaultpermission in config
2017-02-10 11:46:10 +09:00
NV
0a7adaf35d
Add default permission config
2017-02-10 10:16:38 +09:00
Wu Cheng-Han
1cc27e1794
Fix ldap config not initialize properly
2017-02-07 22:31:38 +08:00
Wu Cheng-Han
bbbf64aae4
Fix HMD_LDAP_TLS_CA not passing correctly and update README.md
2017-02-07 21:17:05 +08:00
Sheogorath
a8b99638b2
Add basics for secret management by Docker 1.13
...
See https://docs.docker.com/engine/swarm/secrets/
2017-02-07 02:46:23 +01:00
Wu Cheng-Han
8cfbfa4352
Update to add biggerphoto on parsing user profile
2017-02-03 21:48:36 +08:00
Wu Cheng-Han
ef0ac7768d
Update realtime to use timer to avoid memory leaks on busy tick
2017-02-03 21:47:38 +08:00
Wu Cheng-Han
92ad67b813
Update to remove history cache to lower application coupling
2017-02-03 21:39:08 +08:00
Yukai Huang
74b04d08b5
Merge branch 'master' into es6-integration
2017-01-21 12:55:45 +08:00
Wu Cheng-Han
6e8ff3de23
Fix redundant parameter to removeColumn in db migration scripts
2017-01-21 12:53:18 +08:00
Yukai Huang
4bbe035beb
Merge branch 'master' into frontend-next
2017-01-21 12:08:52 +08:00
Wu Cheng-Han
1473437295
Refactor checkViewPermission to fix limited & protected permission check bug and fix code style
2017-01-16 23:47:53 +08:00
Wu Cheng-Han
3c0667813c
Fix missing config in hackmd response
2017-01-16 12:41:34 +08:00
Yukai Huang
a9a38c3d75
Recover config change in 0f833f0
2017-01-15 11:58:00 +08:00
Yukai Huang
c0e8306961
Merge branch 'frontend-next' into t216-refactor-common
2017-01-15 11:33:22 +08:00
Yukai Huang
0f833f099f
Update server google/dropbox config check
2017-01-14 19:05:54 +08:00
Wu Cheng-Han
6be875263a
Fix allowemailregister config typo and default should be true
2017-01-12 23:53:22 +08:00
Wu Cheng-Han
3ee65cd38e
Fix for limited and protected permissions should forbid guest in realtime events
2017-01-12 23:45:51 +08:00
Max Wu
4851098477
Merge pull request #317 from SISheogorath/master+allowEmailRegister
...
Add `allowemailregister` option
2017-01-12 23:37:28 +08:00
Sheogorath
747629e549
Add `allowemailregister` option
2017-01-12 13:54:45 +01:00
Wu Cheng-Han
5f65795e79
Fix permission order and keep wording consistency
2017-01-12 19:04:17 +08:00
Wu Cheng-Han
7e191acbde
Fix author creation in operationCallback might cause unique constraint validation error
2017-01-12 17:18:24 +08:00
Max Wu
a8068d38d5
Merge pull request #313 from elct9620/feature/disable_anonymous_view
...
WIP: Add options to limit anonymous view note
2017-01-10 20:23:47 +08:00
蒼時弦也
7b02c48d93
Adjust permission order to more clarly
2017-01-10 14:13:30 +08:00
蒼時弦也
be7696170f
Fix syntax when use case
2017-01-10 10:19:18 +08:00
蒼時弦也
89b8ddeaba
Add limited and protected permission
2017-01-10 10:02:37 +08:00
蒼時弦也
c21fb8e2a0
Recovery tariling spaces
2017-01-10 09:35:21 +08:00
蒼時弦也
f8e5b54767
Remove temporary change
2017-01-10 09:32:44 +08:00
neopostmodern
ff545b2688
Allow displaying LDAP provider name on sign-in modal
2017-01-09 12:49:23 +01:00
Max Wu
b13635aac9
Merge pull request #279 from alecdwm/ldap-auth
...
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
alecdwm
94abfaba7c
removed comma
2017-01-06 07:21:59 +01:00
alecdwm
e4fe93249f
dark avatar backgrounds only
2017-01-06 07:18:22 +01:00
alecdwm
b044c2ae19
Use randomcolor not seedrandom for avatar backgrounds
2017-01-06 07:08:07 +01:00
alecdwm
01361afa7a
Profile pictures for LDAP users
2017-01-06 05:37:40 +01:00
蒼時弦也
1fbecbb03d
Fix anonymouse view permission check
2017-01-05 23:37:10 +08:00
蒼時弦也
aaf1ff4b2f
Add limit for constrain anonymous view note
2017-01-05 22:36:40 +08:00
Wu Cheng-Han
c1b5e74cf9
Fix and refactor extracting content using metaMarked directly might lead in invalid object
2017-01-04 23:57:16 +08:00
Wu Cheng-Han
bd4335964d
Mark as 0.5.0
2017-01-02 11:19:01 +08:00
Wu Cheng-Han
10a8448c6a
Fix yaml metadata description not able to show
2017-01-02 11:13:41 +08:00
Wu Cheng-Han
b1ec3ba748
Refactor data processing to model definition
2017-01-02 11:05:36 +08:00
Wu Cheng-Han
d9e19b6029
Update to remove null byte before saving to DB and remove null byte on changes
2017-01-02 11:05:05 +08:00