Commit Graph

685 Commits

Author SHA1 Message Date
Yukai Huang de0f4588ac
Fix getImageMimeType mime usage
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 22:16:28 +08:00
Yukai Huang c9e23985d3
Check image type from file extension
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:46:19 +08:00
Yukai Huang e19e6642fb
Allow bmp/tiff image to be uploaded
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:45:49 +08:00
Yukai Huang c1a22a5318
Replace hard coded impl in getImageMimeType
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:43:14 +08:00
Yukai Huang 7a88f9d95a
Check upload image mime type
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-22 16:48:13 +08:00
Yukai Huang ab0ac83582
Fix updateHistory parameter
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-12 18:10:39 +08:00
James Tsai 4792908169 Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-08-04 17:11:09 +08:00
James Tsai e7a4996cbe Update note title and history in update api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-08-04 16:48:33 +08:00
James Tsai 091c77bdb1 Refactor, change response type to json in update-api user online checking
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-30 18:56:57 +08:00
James Tsai 04fe74d520 Refactor, use body parser, adjust update api content column
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-30 18:14:10 +08:00
James Tsai 53526c154a Check online users, update authorships, save revisions in update note content API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai 96f8f06b00 Disconnect online users by delete API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai b3cf98b329 Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai b597dc9811 Add update note api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai 66d53956c4 Add delete note api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
Yukai Huang 8e72eb5aca
Merge pull request #1548 from hackmdio/feature/list-my-note-api
List-my-note API
2020-07-15 17:13:35 +08:00
James Tsai 03bc329b3f Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-14 17:34:32 +08:00
James Tsai a22cf73f60 Refactor, variable naming and myNoteList mapping
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-14 17:34:32 +08:00
James Tsai dcf48e749e Update route of list-my-notes api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-14 17:34:32 +08:00
Yukai Huang 91fb54539a
Merge pull request #1546 from schokotets/develop
feature: pass-through yaml metadata image to html meta tag
2020-07-10 10:33:55 +08:00
Yukai Huang 3e09c7a21f
Merge pull request #1505 from daniele-athome/pr/feature/tags-array
Use array for tags when available (close #1496)
2020-07-09 15:50:57 +08:00
James Tsai 07f32f5bbf Fix standard
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-01 11:42:28 +08:00
James Tsai 2973bfbceb Add list-my-note API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-01 11:42:28 +08:00
schokotets 2c9f73cfb2
feature: pass-through yaml metadata image to html meta tag
Signed-off-by: schokotets <moritzleni@gmail.com>
2020-06-27 17:22:11 +02:00
Raccoon 8b67d6916d
fix: improve image upload to filesystem may caused app crash
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-31 00:41:01 +08:00
Raccoon ac6021a579 fix: returning 500 when getStatus failed
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-17 03:25:57 +08:00
Raccoon a3742e4564 fix: getStatus should reject promise
1. reject promise when getStatus failed
2. change to use promise-way call getStatus in debug message

Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-17 03:25:20 +08:00
Raccoon 54ab0a08de
Merge pull request #1512 from stregouet/oauth2-state
fix: add state parameter for oauth2
2020-05-13 16:26:26 +08:00
Raccoon 20bacfbaf1
Merge pull request #1507 from tarlety/feature-metrics-merge-develop
Exporting metrics for node.js, express, router, and codimd realtime status.
2020-05-13 16:25:38 +08:00
Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
2020-05-11 15:59:49 +02:00
tarlety ac31e51d67
Fix session flood issue after prometheus metrics are implemented.
Root cause:
- prometheus metrics '/metrics/codimd' exported by 3ca0341 are still in 'routes need sessions' section.
- prometheus scrapes metrics repeatedly.
- new session created every time while prometheus scrapes metrics '/metrics/codimd'.

Solution:
- move /metrics/codimd from lib/routes.js to lib/metrics.js.
- move /metrics/codimd from section 'routes need sessions' of app.js to 'routes without sessions'.

Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-04 20:57:46 +08:00
tarlety 09eb8556db
Exporting metrics for node.js, express, router, and codimd realtime status.
1. **/metrics/router** : exporting node.js/express Prometheus metrics by
[prometheus-api-metrics](https://www.npmjs.com/package/prometheus-api-metrics)

2. **/metrics/codimd** : exporting codimd realtime status (/status) as
Prometheus metrics

Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-01 22:17:22 +08:00
Daniele Ricci 5463c8412c Use array for tags when available (close #1496)
Signed-off-by: Daniele Ricci <daniele@casaricci.it>
2020-04-30 20:31:22 +02:00
Lucas Druschke bcd92f500f return errorForbidden when anonymous user tries to create freeUrl pad (closes #1499)
Signed-off-by: Lucas Druschke <ldruschk@posteo.de>
2020-04-29 22:42:56 +02:00
Rafal Proszowski e1977a1da7
Fix GitHub's avatar URL
At the moment, the URL is being composed and modified with the use of
string composition.

This causes issues, if the URL returned by GitHub slightly differs from
the time developer initially had a look into it.

In our case, the URL from GitHub has two query parameters in it, whilst
the codebase only expected one.

This change will take all of these parameters and only set the one we
care about, whilst leaving others intact and carry on with the full URL.

Fixes #1489

Signed-off-by: Rafal Proszowski <paroxp@gmail.com>
2020-04-20 12:25:32 +01:00
BinotaLIU d4d0120ab7
prevert directly call of User.hashPassword()
this preverted changes made in 7b8576d. now we use hooks to hash password.
no need to call User.hashPassword() manually.

Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
BinotaLIU 027195e973
add hooks for hash password
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
BinotaLIU f618576193
use async hashPassword/verifyPassword
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
BinotaLIU ec206db173
add methods for password hashing in User model
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
Raccoon 2fe10a78b7
chore: change aws-sdk to @aws-sdk/client-s3-node, reduced module size
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-04-12 02:24:35 +08:00
Raccoon 421ccbfc25
fix: lutim not required properly
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-04-12 02:11:43 +08:00
Raccoon e72bcfe0ea
Merge pull request #1459 from hackmdio/feat/improve-version-check
Improve version checker behavior
2020-04-05 15:36:10 +08:00
Raccoon 1b80245546
Merge pull request #1453 from moycat/feature/oauth-avatar
Support avatar for OAuth users
2020-03-26 05:17:27 +08:00
Mark Steve Samson 72c9d049f7
Fix check for creating free url notes
Signed-off-by: Mark Steve Samson <marksteve@thinkingmachin.es>
2020-03-17 21:00:16 +08:00
Raccoon bd508b166f
Update lib/web/middleware/checkVersion.js
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-17 02:24:01 +08:00
BoHong Li b49a4e24f1
feat(versionCheck): add timeout to 1s and change logger type to avoid log error to disturb user
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-17 01:24:38 +08:00
Kishan Mehta a1a69a75c0 Add correct path for minio
This should fix #1452

Signed-off-by: Kishan Mehta <kishan@scrapinghub.com>
2020-03-13 18:22:40 +05:30
moycat 46fdb6a6f0
Support avatar for OAuth users
Signed-off-by: Moycat <i@moy.cat>
2020-03-12 13:48:18 +08:00
BoHong Li 3ae3cb191d
fix: some environment variables not in docker secret
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-06 20:51:25 +08:00
Max Wu fc662661a8 fix: only enable dropbox directives when config is given
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-03-03 18:35:57 +08:00