Commit Graph

138 Commits

Author SHA1 Message Date
Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
2020-05-11 15:59:49 +02:00
moycat 46fdb6a6f0
Support avatar for OAuth users
Signed-off-by: Moycat <i@moy.cat>
2020-03-12 13:48:18 +08:00
BoHong Li 3ae3cb191d
fix: some environment variables not in docker secret
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-06 20:51:25 +08:00
Max Wu 5c9438697a
Merge pull request #1435 from hackmdio/feat/remove-old-config
Remove old config and environment
2020-03-02 21:55:24 +08:00
BoHong Li 48582617ad
doc: remove HMD related and remove docs
All docs migrate to online documentation now and store in `codimd-docs`

Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 18:35:25 +08:00
Max Wu d658903d01
Merge pull request #1433 from hackmdio/feature/disable-include-subdomain-hsts
Disable HSTS IncludeSubdomain, to prevent unexpected behavior
2020-03-02 18:29:03 +08:00
BoHong Li ffe0783869
feat: old config and environment is not use anymore
BREAKING CHANGE: remove old config and environment

Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 12:06:28 +08:00
BoHong Li ac0f5a9461
feat: change default anonymous setting
BREAKING CHANGE: change allowAnonymous to `false` and setup
allowAnonymousEdits and allowAnonymousViews to `true`

Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 11:58:29 +08:00
BoHong Li 40b6b06f57
feat(hsts): trun includeSubdomain to false
BREAKING CHANGE: change default setting from `true` to `false`

Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 11:53:35 +08:00
BoHong Li b9f0e37eee
feat: support hostedName in google OAuth 2.0 provider
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 17:53:04 +08:00
BoHong Li 72c5b0d14e
feat: support customize scope in OAuth2 provider
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 02:13:58 +08:00
BoHong Li d5d0f3d820
fix: extractProfileAttribute not working correctly
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 01:53:25 +08:00
Yukai Huang c26a9f10ca
Fix missing environment config for version check
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-07 10:55:16 +08:00
Yukai Huang 11265238db Implement version check middleware
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-02-06 10:19:44 +08:00
YusukeIwaki 83fe0815d5 Add environment variables definition for Heroku deploy.
Signed-off-by: YusukeIwaki <iwaki+git@i3-systems.com>
2019-12-28 22:23:20 +09:00
YusukeIwaki d5dd27f745 Implement bitbucket login.
Signed-off-by: YusukeIwaki <iwaki+git@i3-systems.com>
2019-12-28 22:22:15 +09:00
Yukai Huang 75ee5ad255
Merge branch 'develop' into feature/configurable-break-style 2019-11-01 10:27:47 +08:00
Yukai Huang f871eff28d
Merge pull request #1327 from kamijin-fanta/github-enterprise
support to login with github enterprise
2019-11-01 10:22:46 +08:00
kamijin_fanta 9e6f980d8d github-login: move comment to default.js
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-30 17:02:15 +09:00
Yukai Huang 65ecb6d2ec
Allow to generate lower case header references through the conf… (#1310)
Allow to generate lower case header references through the config
2019-10-30 14:44:40 +08:00
hoijui 7c5ac3603a allow to define header link generation style via environment var
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-29 10:53:20 +01:00
hoijui 3d5d8e20f7 document `linkifyHeaderStyle` in default.js
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-29 09:57:31 +01:00
kamijin_fanta b785ead5e5 github login: fix env name
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-27 00:01:56 +09:00
kamijin_fanta ba37faf71a github login: default config/config from env vars.
Signed-off-by: kamijin_fanta <kamijin@live.jp>
2019-10-26 22:18:07 +09:00
kondouagi 0dfb8a320d feat: add syntax hilight on pdf
Signed-off-by: kondouagi <kondouagi@gmail.com>
2019-10-22 12:43:09 +09:00
hoijui 34c2bfcfc5 Allow to generate lower case header references through the config (#1305)
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-21 22:17:55 +02:00
Yukai Huang 82b5e98f55
Add defaultUseHardbreak environment variable
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2019-10-20 14:32:06 +08:00
Yukai Huang 495b65e3b9
Add defaultUseHardbreak as constants
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2019-10-20 14:30:55 +08:00
TAKIMOTO, Atsushi c7a15ecc66 Add allowAnonymousViews option
resolve #1144
set to `false` to delete `freely`, `editable` and `locked` permission when allowAnonymous is true (default is `true`)
Signed-off-by: hakoai <hakoai64@gmail.com>
2019-09-08 21:55:52 +09:00
BoHong Li 85fc41c350
Merge branch 'master' into develop 2019-08-17 00:07:49 +08:00
BoHong Li 898174426c
refactor: fix lint on lib/config/index.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:26 +08:00
Max Wu ddfea4baee fix: add default value for plantuml server and use https
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-08-03 21:23:28 +08:00
Chulki Lee 1d7895c869 Add plantuml support
Signed-off-by: Chulki Lee <chulki.lee@gmail.com>
2019-07-31 10:02:07 -07:00
Max Wu 62918134c0
Merge branch 'develop' into feature/lutim 2019-08-01 00:22:23 +08:00
Max Wu 0af9bfb015
Merge branch 'master' into feature/disableRequestedAuthnContext-config-option 2019-07-31 23:35:50 +08:00
Toshinori Notake 4e91268e1f Make toobusy.maxLag configurable
Signed-off-by: Toshinori Notake <toshi.notake.43568@gmail.com>
2019-07-18 13:57:14 +09:00
BoHong Li 038803505c
doc: add default setting and README 2019-04-15 14:10:54 +08:00
Raccoon d127b8ef7f
Merge pull request #1142 from dg-i/configurable-s3-endpoint
Make AWS S3 endpoint configurable
2019-04-15 13:37:33 +08:00
BoHong Li c532742206
refactor: fix lint warning on config
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:01:46 +08:00
Sheogorath bcb7972607
Fix shown but broken GitLab snippets
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.

This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-05 18:16:04 +01:00
Sheogorath b51a048777
Fix wrong value type for HSTS environment variable
Seem like also environment variables are affected. This patch fixes that
as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 17:13:43 +01:00
Mathias Merscher 9613197f5d
make aws s3 endpoint configurable
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
2019-02-11 17:45:24 +01:00
Dylan Dervaux 590b2f9c7d Add default config for lutim
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-02-01 13:42:12 +01:00
Dylan Dervaux 492d38b5ed Add lutim in image upload providers validator
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-02-01 12:36:58 +01:00
Sheogorath 806f403045
Disable OpenID by default
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.

This patch disables OpenID by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-25 19:31:34 +01:00
Daan Sprenkels 8835a09d95 Update upload provider error message
Fixes #1107.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-21 15:30:06 +01:00
Emmanuel Ormancey d73063922c Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2018-12-12 10:40:24 +01:00
Sheogorath a4941be3de
Warn on missing serverURL
We see some issues that are based on not properly configured
`config.serverURL`.

This patch adds a warning when `config.serverURL` is an empty value.
This should provide users direct feedback about how to improve their
configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 14:38:49 +01:00
Sheogorath 0aa3116805
Fix wrong maxAgeSeconds multiplication
It seems like the inital work on the hsts module expected milliseconds.
This has either changed or was never true. Either way, it caused that
the current defaults resulted in theory in a 1000 year HSTS policy.
Luckily helmet was smart enough to not go higher than 1 year.

Anyway, this patch fixes the multiplication of the configured size with
1000 by removing this multiplication.

Also to simplify the reading of the defaults, we split them into their
components, 60 times 60 seconds so we get one hour. 24 of those hours so
we get a day and finally 365 days to get our original wanted default of
one year.

Reference:
d69d65ea74
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:01:54 +01:00
Christoph (Sheogorath) Kern 5f0d04334b
Merge pull request #1053 from dsprenkels/robots.txt
Disallow creation of robots.txt in freeurl
2018-11-17 13:30:06 +01:00