Commit Graph

205 Commits

Author SHA1 Message Date
Miranda Kastemaa 70e8df5c04 Support 'host' & 'path' config options
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
2018-07-27 15:35:29 +03:00
Sheogorath 3b9e29a14a
Update install instructions to cover sequelize
We instruct people to run db migrations on inital setup. We should do
that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-26 22:56:19 +02:00
Sheogorath b242b59db4
Rename environment variables and add legacy support.
As we are no longer HackMD the short tag `HMD` doesn't match anymore. We
move it to the matching prefix `CMD` and inform our users about the
change.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:40:18 +02:00
Sheogorath 12d11f3f3f
Add background story about the renaming
We want to communicate transparent. So we should state very clear what
CodiMD is and what makes it different from HackMD and at the same time
how we are related and that there are no bad boys involved.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:13 +02:00
Sheogorath 4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Sheogorath 318b2d378f
Allow to disable gravatar
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.

This commit also simplifies and optimizes the avatar code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:40:55 +02:00
Sheogorath a2608c319a
Fix possible error if HackMD is started with wrong workdir
In https://github.com/hackmdio/hackmd/issues/834 is described how
starting HackMD crashes when using the wrong working dir.

This is caused by a relative path in our upload routine. This change
should fix it and prevent future crashes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 23:01:01 +02:00
Christoph (Sheogorath) Kern 82c7f9d07c
Merge pull request #844 from hackmdio/docs/fix-default
Fix wrong docs about default image upload location
2018-06-18 03:42:42 +02:00
Sheogorath 10dbd537b4
Fix wrong docs about default image upload location
We wrongly state that the default image upload location is imgur. This
is no longer true, but got lost when updating docs. This commit should
fix it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-17 23:38:49 +02:00
Sheogorath 6ffe8875bf
Add K8s note in README
We have an official K8s chart for helm out there but probably no one
knows about it. Let's advertise it a bit!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-17 23:38:25 +02:00
Ádám Hóka 376fcab2ca Add Azure Blob Storage support
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 10:07:52 +02:00
Sheogorath ad69c5017b
Removing google drive integration
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.

As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.

This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-16 01:34:55 +02:00
Sheogorath c4dba48f79
Fix possible file limit errors
As we currently may need higher nofile limits than usual/default on
various systems this commit should probide a fix for that an allow to
build HackMD without highering these limits and increase security.

Inspiration was found in a copy-webpack-plugin-issue[1] and found by
@thegcat[2]. Thanks for that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

[1]:
https://github.com/webpack-contrib/copy-webpack-plugin/issues/59#issuecomment-228563990
[2]: https://github.com/thegcat
2018-04-16 21:08:34 +02:00
Sheogorath f23f403bcb
Extend README
Add hint about file descriptor limits and add the new translation
platform.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-11 09:38:56 +02:00
Sheogorath 14a0f8594f
Merge branch 'feature/releaseNotes1.1.0' 2018-04-06 16:24:08 +02:00
Sheogorath 81e5ebf6d6
Add migration section to README.md
As it was requested to be more visable, this commit adds a migration
section about the introduced config style changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 02:20:34 +02:00
Sheogorath 30b5ff0d96
Add session data to env vars
Currently the session secret can only be set by config.json or docker
secrets. This creates a problem on Heroku hosted instances that can not
set a session secret.

Since we automatically generate them on startup this results in an
logout of all users on every config change in Heroku.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-29 19:34:32 +02:00
Sheogorath 2411dffa2c
Change config to camel case with backwards compatibility
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Sheogorath efa490a50f
Add config option for report URI in CSP
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-14 17:57:41 +01:00
Felix Schäfer 6094c61871 Remove unused LDAP option `tokenSecret`
hackmdio/hackmd#754

Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-05 14:06:05 +01:00
Dustin Frisch d6ee10d176
Introduce ldap.useridField
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-03-01 23:51:47 +01:00
Zearin b8e019c6b0 Rerun doctoc
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
2018-02-17 13:08:05 -05:00
Zearin b0f524e55e Update README.md
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
2018-02-17 12:51:48 -05:00
Christoph (Sheogorath) Kern dfa0851d8f
Add matrix.org badge to README.md
Matrix.org is an interesting platform for collaboration and community building. 

Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more.

Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias.

Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
2018-02-08 15:27:07 +01:00
Sheogorath 1a4800e21a
Update Heroku button
The button needs a parameter to work, that provides the git repository
that is used for the deployment. This commit corrects the link and this
way fixes the provisioning as it's not working with the wrong/default
buildpacks.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-31 14:00:49 +01:00
Christoph (Sheogorath) Kern 80950f806b
Merge pull request #707 from Nebukadneza/add_cmdline_usermanager
Add simple user-management tool for emailsignin
2018-01-29 22:35:20 +01:00
Sheogorath be02aed1c0
Update badges in README.md
The docker badges have to be updated since we now provide official image
like tags. So `latest-alpine` became `alpine`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 22:01:31 +01:00
Dario Ernst 9e0359e079 Add simple user-management tool for emailsignin …
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-29 19:49:04 +01:00
Christoph (Sheogorath) Kern e18e05541c
Merge pull request #705 from SISheogorath/fix/camelcaseConfig
Remove camel case from `imageuploadtype` in config
2018-01-29 15:53:14 +01:00
Sheogorath bd92010dd2
Remove camel case from `imageuploadtype` in config
This removes the only camel cased option of the config options
**we** added to the config.json.

In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.

Fixes #315

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath aca5490b3a
Add recommendation for 2GB RAM
We noticed on multiple places that machines with less than 2GB of RAM
fail their build and result in missing files and unexpected errors.

Sadly we can't really solve this right now since it's a webpack
related bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 18:30:01 +01:00
Sheogorath 0138911274
Extend README changes for minio 2018-01-26 10:23:51 +01:00
Sheogorath 587a6e2239
Add README and `config.json.example` content
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-23 11:59:07 +01:00
Christoph (Sheogorath) Kern 7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Dario Ernst 6ae4b8bf13 Add option to enable `freely` permission in closed instance
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Max Wu d073a8ea19
Update README.md
To show "Community Edition" on title.
2018-01-18 13:36:12 +08:00
schneems 0b7b7244b5 [ci skip] Add CodeTriage badge
[CodeTriage](https://www.codetriage.com/) is an app I have maintained
for the past 4-5 years with the goal of getting people involved in
Open Source projects like this one. The app sends subscribers a random
open issue for them to help "triage". For some languages you can also
suggested areas to add documentation.

The initial approach was inspired by seeing the work of the small
core team spending countless hours asking "what version was
this in" and "can you give us an example app". The idea is to
outsource these small interactions to a huge team of volunteers
and let the core team focus on their work.

I want to add a badge to the README of this project. The idea is to
provide an easy link for people to get started contributing to this
project. A badge indicates the number of people currently subscribed
to help the repo. The color is based off of open issues in the project.

Here are some examples of other projects that have a badge in their
README:

- https://github.com/crystal-lang/crystal
- https://github.com/rails/rails
- https://github.com/codetriage/codetriage

Thanks for building open source software, I would love to help you find some helpers.
2018-01-03 21:08:15 -06:00
Christoph (Sheogorath) Kern 17e3b8b5cd
Merge branch 'master' into ldap-username-field 2017-12-12 10:27:22 +01:00
alecdwm 5e5a021ce0 parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated array
Signed-off-by: Alec WM <firstcontact@owls.io>
2017-12-09 20:33:57 +01:00
Christoph (Sheogorath) Kern e9e7a8e23d
Update README.md 2017-12-09 19:36:18 +01:00
Lukas Kalbertodt 612b2d1811 Add setting `ldap.usernameField`
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
2017-12-09 12:30:48 +01:00
Norihito Nakae 2db2ff484f added guide for SAML settings 2017-12-04 20:13:15 +09:00
Norihito Nakae 410268da74 added environment variables for SAML 2017-11-29 20:26:28 +09:00
Norihito Nakae 4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Devon Jue 8c916bb987 added auth docs and images for GitHub and Twitter 2017-11-08 21:20:50 -08:00
Peter Dave Hello 05541f1546
[README] Add icons to browser version support list 2017-10-31 22:13:36 +08:00
Sheogorath 16b3e015ab
Merge pull request #606 from DoubleMalt/feature/MattermostAuth
Add Mattermost authentication strategy
2017-10-31 12:11:41 +01:00
Christoph Witzany 5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Sheogorath 803a2776ad
Extend docker section 2017-10-30 07:50:50 +01:00
Sheogorath 94021e2d34 Merge pull request #574 from PeterDaveHello/README.md-Table-of-Contents
Add "Table of Contents" in README.md
2017-10-27 11:51:50 +02:00
geekyd 0be09e109f Adds HMD_ALLOW_PDF_EXPORT to readme 2017-10-25 19:20:36 +05:30
Literallie 04f5e3a341
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie 91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Felix Yan b72556b915 Fix a typo in README.md 2017-10-17 23:48:33 +08:00
Peter Dave Hello 0864b06e0c Integrate npm package "doctoc" to update README.md 2017-10-13 16:21:25 +08:00
Peter Dave Hello 6fadd9126e Add "Table of Contents" in README.md 2017-10-13 15:59:57 +08:00
Peter Dave Hello 4ebda60165 Reorganize README.md structure, cc #574 2017-10-13 15:57:58 +08:00
Literallie 6bdc90d6ff
Add env vars for extra HSTS options 2017-10-13 01:42:05 +02:00
Literallie 1634d5c567
Add on/off env var for HSTS 2017-10-13 01:42:05 +02:00
Literallie 56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Peter Dave Hello 121b089d96 Add version badge in README.md 2017-10-10 21:54:13 +08:00
Johannes Weißl 89a2389586 Correct documentation of S3 bucket
Documentation added in aaf034b on Nov 17th 2016 says the S3 bucket can
be specified with `s3.bucket`, but commit c8bcc4c (#285) on Dec 18th
2016 used `s3bucket`. Instead of fixing the code (#552) to match the
documentation this commit changes just the documentation so that
existing configurations are not broken. Also, the `s3` object is passed
as is to `AWS.S3()`, which does not know the option `bucket` (but
silently ignores it in my test).

http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property

Following the old documentation leads to this exception:

    2017-09-23T09:42:38.079Z - error:  MissingRequiredParameter: Missing required key 'Bucket' in params
        at ParamValidator.fail (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:50:37)
        at ParamValidator.validateStructure (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:61:14)
        at ParamValidator.validateMember (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:88:21)
        at ParamValidator.validate (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:34:10)
        at Request.VALIDATE_PARAMETERS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:125:42)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
        at callNextListener (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:95:12)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:85:9
        at finish (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:315:7)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:333:9
        at Credentials.get (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/credentials.js:126:7)
        at getAsyncCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:327:24)
        at Config.getCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:347:9)
        at Request.VALIDATE_CREDENTIALS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:80:26)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:101:18)
        at Request.emit (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
2017-09-23 18:28:57 +02:00
Wonder Chang af58a71238 Add defaultpermission protected example value 2017-03-25 17:00:43 +08:00
Max Wu 16d80edc65 Fix badges and links in README.md 2017-03-14 23:30:35 +08:00
Wu Cheng-Han 506a381eca Add config option for gitlab api scope and auto adapt gitlab snippet feature on it 2017-03-14 18:04:23 +08:00
BoHong Li 8246ac3850 Add JavaScript Standard Style badge in README
add badge to let people know that code is using the standard style
2017-03-13 18:42:22 +08:00
bananaappletw c48ba0ad48 Test up to 7.5.0 2017-02-15 22:09:09 +08:00
bananaappletw 4198d0d560 Add travis ci 2017-02-15 19:11:53 +08:00
NV 00d1543a10 simplified description 2017-02-10 11:49:45 +09:00
NV a0d16eec23 Update README 2017-02-09 11:45:34 +09:00
Max Wu 6587e7ccc6 Merge pull request #343 from sakajunquality/feature/fix-read-me-for-gcc
Add additional comment about Prerequisite to README
2017-02-08 15:10:02 +08:00
Jun SAKATA 2ab57effbd add reference to packages, instead of writing down solutions for specific os 2017-02-08 15:30:31 +09:00
Wu Cheng-Han bbbf64aae4 Fix HMD_LDAP_TLS_CA not passing correctly and update README.md 2017-02-07 21:17:05 +08:00
Jun SAKATA c49a0849b2 add sudo 2017-02-06 17:48:08 +09:00
Jun SAKATA 373f32aab7 Add additional comment about Prerequisite to README 2017-02-06 17:41:46 +09:00
Yukai Huang 75e28a1d5e Merge branch 't216-refactor-common' into 'frontend-next'
T216 refactor common

See merge request !5
2017-01-15 03:45:19 +00:00
Yukai Huang c0e8306961 Merge branch 'frontend-next' into t216-refactor-common 2017-01-15 11:33:22 +08:00
bananaappletw 77994508e6 Update README.md for npm script 2017-01-14 15:27:24 +08:00
Yukai Huang 98c0cfc6a7 Update README 2017-01-14 15:24:31 +08:00
Yukai Huang 3d6b319216 Merge branch 'master' into frontend-next 2017-01-13 22:53:33 +08:00
Wu Cheng-Han 3cf40a8dec Update README.md to describe allowemailregister config more clear 2017-01-13 00:51:40 +08:00
Sheogorath 747629e549 Add `allowemailregister` option 2017-01-12 13:54:45 +01:00
neopostmodern ff545b2688 Allow displaying LDAP provider name on sign-in modal 2017-01-09 12:49:23 +01:00
Max Wu b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
bananaappletw 78c51e5e88 Revert "Rename npm script"
This reverts commit ed83dfc862.
2017-01-04 14:30:47 +08:00
Wu Cheng-Han f9d2f68959 Update README.md about migration tool of version 0.5.0 2017-01-02 11:15:20 +08:00
bananaappletw 96fb3743f3 Use dburl to configurate 2016-12-22 21:51:48 +08:00
Florian Rhiem fdea226159 Fixed typo: anonmyous 2016-12-21 14:36:54 +01:00
Wu Cheng-Han 5bb3de2675 Add support of allow free url config option with correspond modifications 2016-12-16 15:38:05 +08:00
Wu Cheng-Han 5c7eb48319 Add support of allow anonymous config option with correspond modifications 2016-12-15 14:11:23 +08:00
alecdwm 6ba9a2f039 Added HMD_LDAP_TLS_CA env variable 2016-12-14 11:49:33 +01:00
alecdwm 02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Max Wu 9769b0c872 Update README.md
to mention about build front-end bundle on upgrade guide
2016-12-11 23:24:04 +08:00
Yukai Huang 9e6fd505e1 Remove bower occurences 2016-12-11 11:18:08 +08:00
Yukai Huang ed83dfc862 Rename npm script
webpack scripts are meant to “build” assets, so place them under the same namespace

* dev => build:dev
* build => build:prod
2016-12-10 22:12:07 +08:00
Wu Cheng-Han a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Yukai Huang aaf034bfbc Update README 2016-11-17 18:27:53 +08:00
Max Wu 58533aded3 Update README.md
browser requirement of chrome to 47 in order to avoid SRI not valid issue https://bugs.chromium.org/p/chromium/issues/detail?id=527286
2016-10-31 15:32:36 +08:00
Wu Cheng-Han d37321e28d Change use cdn config option default to be true 2016-10-23 22:27:02 +08:00
Yukai Huang 9f63581c61 Config heroku deployment 2016-10-16 11:20:29 +08:00