Commit Graph

585 Commits

Author SHA1 Message Date
Sheogorath efa490a50f
Add config option for report URI in CSP
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-14 17:57:41 +01:00
Max Wu 5e975cbe69 Fix to log instead of throwing error on parse note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-11 02:52:24 +08:00
Max Wu c7657ae81e Fix parseNoteId order to fix some edge case
that LZString note url could be parsed by base64url note url and thus return wrong note id

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-10 16:52:24 +08:00
Max Wu 16cb842b94 Improve history migration performance
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-03-10 16:51:00 +08:00
Felix Schäfer 12dae4465f Multiple emails from LDAP are already an Array
Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-09 14:39:08 +01:00
Sheogorath f85ba6df53
Add missing migration for permissions
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-06 16:31:41 +01:00
Felix Schäfer 6094c61871 Remove unused LDAP option `tokenSecret`
hackmdio/hackmd#754

Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-05 14:06:05 +01:00
Dustin Frisch d6ee10d176
Introduce ldap.useridField
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-03-01 23:51:47 +01:00
Max Wu fe429e9ac1 Update to use buffer in encode/decode note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-27 20:57:31 +08:00
Max Wu 44298baa93 Add migration for LZString compressed note id in history
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:46:59 +08:00
Max Wu baa0418fb5 Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Max Wu 15ef54c2dc Fix to show 500 message when got error in parseNoteId
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17 00:57:00 +08:00
Max Wu bb5e021f20 Fix field type to prevent data truncation of authorship (#721)
* Fix field type to prevent data truncation of authorship
2018-02-09 14:27:06 +01:00
Takeaki Matsumoto a9973cabc4 Fix typo of DB migration script
Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
2018-02-08 10:15:05 +09:00
Stefan Bühler c4f8fb78ee don't require referer to find note id in socket.io connections (fixes #623)
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
2018-02-05 14:26:42 +01:00
Sheogorath eddf8a3a33
Fix uncaught exception for non-existent user
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 21:53:36 +01:00
Christoph (Sheogorath) Kern adc781f7e3
Merge pull request #704 from SISheogorath/fix/ldapProviderName
Fix ldap provider name in template
2018-01-29 15:59:27 +01:00
Sheogorath bd92010dd2
Remove camel case from `imageuploadtype` in config
This removes the only camel cased option of the config options
**we** added to the config.json.

In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.

Fixes #315

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath e44751b3f1
Fix ldap provider name in template
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 10:46:22 +01:00
Christoph (Sheogorath) Kern 584f1c5249
Merge pull request #691 from SISheogorath/feature/upload
Allow more detailed configuration of upload mime types
2018-01-23 12:10:33 +01:00
Sheogorath 817bb9e639
Fix broken port config
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-23 12:00:11 +01:00
Christoph (Sheogorath) Kern eec2318bda
Merge pull request #506 from erasys/minio
Add support for minio
2018-01-23 11:43:24 +01:00
Christoph (Sheogorath) Kern 7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Christoph (Sheogorath) Kern 268c81a323
Merge pull request #673 from fooker/master
Allow posting new note with content
2018-01-20 19:45:41 +01:00
Sheogorath a7935a595a
Allow more detailed configuration of upload mime types
Fixes #637

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20 15:16:53 +01:00
Dario Ernst 6ae4b8bf13 Add option to enable `freely` permission in closed instance
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Christoph (Sheogorath) Kern 60005d3039
Merge pull request #686 from SISheogorath/feature/configVersion
Load version from package.json
2018-01-19 14:34:54 +01:00
Sheogorath 583aa4f462
Load version from package.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-19 13:54:19 +01:00
Wu Cheng-Han 608008753f Fix not passing app key correctly in dropbox config 2018-01-19 00:25:08 +08:00
Sheogorath 11a5dd0eb4
Release 1.0.0-ce 2018-01-18 13:03:18 +01:00
Sheogorath 8bf8a1aef1
Ignore empty values for revision.
Fixes #420
2018-01-18 11:19:47 +01:00
Christoph (Sheogorath) Kern 8375544dea
Merge pull request #636 from laysdra7265/fix/sslcapath
Fix sslcapath bug
2018-01-18 11:17:17 +01:00
Christoph (Sheogorath) Kern af082d9347
Merge pull request #567 from ccoenen/fix-mysql-text-length
converting all content fields to MEDIUMTEXT (affects MySQL only)
2018-01-18 11:16:59 +01:00
Dustin Frisch f47601857e
Allow posting new note with content
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-01-18 10:41:58 +01:00
Max Wu 68879d20ed
Fix minor typos
of wrong parameters passing order and wrong user object indexing in for each function
2018-01-16 15:51:24 +08:00
Christoph (Sheogorath) Kern 45976a8916
Update index.js 2017-12-22 12:25:13 +01:00
Christoph (Sheogorath) Kern fc626a6724
Simplify loop 2017-12-22 12:19:19 +01:00
Peter Dave Hello 76873d3f7e Fix file permission, remove useless executable 2017-12-14 05:05:18 +08:00
Christoph (Sheogorath) Kern 17e3b8b5cd
Merge branch 'master' into ldap-username-field 2017-12-12 10:27:22 +01:00
alecdwm 5e5a021ce0 parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated array
Signed-off-by: Alec WM <firstcontact@owls.io>
2017-12-09 20:33:57 +01:00
Lukas Kalbertodt 612b2d1811 Add setting `ldap.usernameField`
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
2017-12-09 12:30:48 +01:00
LaysDragon 9949795533 fixed sslcapath bug 2017-12-05 12:06:10 +08:00
Norihito Nakae 2db2ff484f added guide for SAML settings 2017-12-04 20:13:15 +09:00
Norihito Nakae 410268da74 added environment variables for SAML 2017-11-29 20:26:28 +09:00
Norihito Nakae a22be81feb fixed the SAML callback URL to unconfigurable. 2017-11-29 15:45:32 +09:00
Norihito Nakae 4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Sheogorath 8808399c48
Fix mattermost breaking notes 2017-10-31 13:48:35 +01:00
Christoph Witzany 5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Sheogorath 881e800fd8 Merge pull request #562 from SISheogorath/fix/LDAP
Fix LDAP problem about missing uidNumber
2017-10-27 12:48:45 +02:00
geekyd f7d2ef970a Adds 403 response if PDF export is disabled 2017-10-25 19:21:34 +05:30
geekyd d63e6780eb Adds PDF export via config 2017-10-25 19:19:37 +05:30
Literallie 04f5e3a341
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie 91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Literallie 0cbdc852cb
CSP: Allow more content types 2017-10-22 00:03:45 +02:00
Literallie 080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Literallie 5d2d3ec875
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie ba183ce654
Add basic CSP support 2017-10-22 00:03:44 +02:00
Claudius Coenen cc49ce55c8 Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent truncation of data. 2017-10-16 10:13:11 +02:00
Literallie 6bdc90d6ff
Add env vars for extra HSTS options 2017-10-13 01:42:05 +02:00
Literallie 1634d5c567
Add on/off env var for HSTS 2017-10-13 01:42:05 +02:00
Literallie 56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Sheogorath f93a14e3e1 Fix LDAP problem about missing uidNumber
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-12 14:52:28 +02:00
Sheogorath 53c2d0b5ca Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT
Fix missing boolean setting for HMD_URL_ADDPORT
2017-10-12 00:01:27 +02:00
Sheogorath 89c60d1331
Fix missing boolean setting for HMD_URL_ADDPORT
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2017-10-11 23:13:22 +02:00
Claudius Coenen 724a6bc26f createdAt DESC with quotation marks did not work with MySQL fixes #565 2017-10-09 14:03:33 +02:00
Sheogorath a99cac0cf0 Merge pull request #550 from SISheogorath/fix/gitlabAvatar
Fix broken profile images in GitLab

Fixes #549
2017-10-08 22:20:35 +02:00
Sheogorath 500207545f
Fix broken profile images 2017-09-22 12:40:43 +02:00
Kaiyu Shi 4ae8086301 Give google the correct name. 2017-09-04 16:04:20 +08:00
Marc Deop 2c780f53df
Add support for minio 2017-08-30 18:58:34 +02:00
Kotaro Yamamoto 1220bbe9f6 fix s3 us-east-1 region endpoint 2017-06-14 11:08:09 +09:00
Wu Cheng-Han 20c5c78c29 Fix typo in the db config 2017-06-05 03:52:25 +08:00
Wu Cheng-Han ca95901204 Fix slide might not provide slideOptions meta 2017-06-05 01:12:40 +08:00
Max Wu 38cf2f7535 Merge pull request #471 from butlerx/reveal/theme
add the ability to set slide theme in slide options
2017-06-03 12:51:03 +08:00
butlerx 0c827703c1
switch to __dirname 2017-06-02 11:34:35 +01:00
tkykm bf3512f8f6 Read to correct tlsca file path 2017-06-01 19:58:55 +09:00
butlerx c531d96f66
check if reveal theme exists 2017-06-01 10:12:40 +01:00
butlerx e5834c077f
add the ability to set slide theme in slide options 2017-05-31 23:28:43 +01:00
Max Wu 0a6793747c fix: export to gist occurred 404 not found 2017-05-17 02:42:44 +08:00
Raccoon Li 0c619fee91 fix(config): ssl environment configs not parse properly 2017-05-08 20:41:38 +08:00
Raccoon Li 826ad213d6 fix(config): some environment config not parse properly 2017-05-08 20:38:59 +08:00
Max Wu 0ef0e70579 Rename checkURiValid.js to checkURIValid.js 2017-05-08 20:13:55 +08:00
Raccoon Li d79997808a fix(imageRouter): import missing dependency: getImageMimeType 2017-05-08 20:04:05 +08:00
BoHong Li ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li aca01f064d refactor: Remove `require` extension filename 2017-05-08 19:29:06 +08:00
BoHong Li 34c9f07669 refactor(baseRouter.js): Adjust style fit standard 2017-05-08 19:29:06 +08:00
BoHong Li a7e3c4d535 refactor(auth.js): Remove base path 2017-05-08 19:29:06 +08:00
BoHong Li d88502e331 refactor(app.js): Move passport serialize and deserialize to auth module 2017-05-08 19:29:06 +08:00
BoHong Li 7ef17fd4e6 refactor(app.js): Extract tooBusy 2017-05-08 19:29:06 +08:00
BoHong Li 768943002c refactor(app.js): Extract upload image 2017-05-08 19:29:06 +08:00
BoHong Li 689bade730 refactor(app.js): Extract note action 2017-05-08 19:24:38 +08:00
BoHong Li e2ac73f5a3 refactor(app.js): Extract /me page 2017-05-08 19:24:38 +08:00
BoHong Li 706df11e23 refactor(app.js): Extract history api 2017-05-08 19:24:38 +08:00
BoHong Li 69a9f7ca38 refactor(app.js, auth.js): Extract all auth method to individual modules 2017-05-08 19:24:38 +08:00
BoHong Li 766022378a refactor(app.js): Extract status pages 2017-05-08 19:24:37 +08:00
BoHong Li 66c68254b4 refactor(app.js): Extract index, 403, 404, 500 pages 2017-05-08 19:24:37 +08:00
BoHong Li 9f1f16c8e3 refactor(app.js): Extract urlencodedParser to utils module 2017-05-08 19:24:37 +08:00
BoHong Li dee77c459a refactor(app.js): Extract middleware to module
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li 036b2414f3 refactor(logger): Refactor logger.js
Use class style implement write interface
2017-05-08 19:24:37 +08:00
LluisArevalo 6bf32afb0b Use single quotes 2017-05-08 11:00:45 +02:00
LluisArevalo 03ef1bf4f0 Add Content-Type to the images uploaded to AWS S3 2017-05-08 10:22:52 +02:00
BoHong Li e46874d04a fix: Other dialect duplicated add index problem
Detect is using SQLite to add index
2017-03-28 15:28:33 +08:00
BoHong Li e26bb0503f fix: Support SQlite
Move 'unique' constraint to another statement (SQLite don't support set unique when addColumn)
2017-03-28 15:16:09 +08:00
BoHong Li 6f14822413 fix: Add missing migration 2017-03-27 19:23:00 +08:00
BoHong Li 66fc817ad4 fix: Fixed sequelize-cli db:migration cannot stop when occur error
Up and Down method must return a Promise.

breaking changes: docker-hackmd cannot initialize, because db:migration will fail
2017-03-24 11:26:04 +08:00
Wu Cheng-Han dde6e622a4 Fix front-end constants generation not getting config properly 2017-03-23 20:00:48 +08:00
Wu Cheng-Han 7e3b74d0da Mark as 0.5.1 2017-03-23 00:22:44 +08:00
Wu Cheng-Han 448b006194 Update to generate front-end constants on server startup
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han 4a1d08c653 Fix strip null byte in model should cast to string to use replace function 2017-03-15 22:12:24 +08:00
Wu Cheng-Han 506a381eca Add config option for gitlab api scope and auto adapt gitlab snippet feature on it 2017-03-14 18:04:23 +08:00
Wu Cheng-Han baf13072c1 Fix update doc from filesystem cause redundant authorship stringify 2017-03-14 17:11:52 +08:00
BoHong Li 5870d988b5 Use strict mode in all backend files
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li 4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
BoHong Li 8f1c97f4a4 Fixed Syntax Error 2017-03-04 17:06:11 +08:00
Raccoon 48592d692c Merge branch 'master' into feature/addSecrets 2017-03-03 09:22:35 +08:00
Wu Cheng-Han 2aee0f267c Fix user profile photo might not replace to proper size 2017-02-18 20:07:15 +08:00
Mike d29aff6505 first envs then the config
or docker -e will not work
2017-02-15 10:22:38 +01:00
NV 5375fe5779 Add validation to defaultpermission in config 2017-02-10 11:46:10 +09:00
NV 0a7adaf35d Add default permission config 2017-02-10 10:16:38 +09:00
Wu Cheng-Han 1cc27e1794 Fix ldap config not initialize properly 2017-02-07 22:31:38 +08:00
Wu Cheng-Han bbbf64aae4 Fix HMD_LDAP_TLS_CA not passing correctly and update README.md 2017-02-07 21:17:05 +08:00
Sheogorath a8b99638b2 Add basics for secret management by Docker 1.13
See https://docs.docker.com/engine/swarm/secrets/
2017-02-07 02:46:23 +01:00
Wu Cheng-Han 8cfbfa4352 Update to add biggerphoto on parsing user profile 2017-02-03 21:48:36 +08:00
Wu Cheng-Han ef0ac7768d Update realtime to use timer to avoid memory leaks on busy tick 2017-02-03 21:47:38 +08:00
Wu Cheng-Han 92ad67b813 Update to remove history cache to lower application coupling 2017-02-03 21:39:08 +08:00
Yukai Huang 74b04d08b5 Merge branch 'master' into es6-integration 2017-01-21 12:55:45 +08:00
Wu Cheng-Han 6e8ff3de23 Fix redundant parameter to removeColumn in db migration scripts 2017-01-21 12:53:18 +08:00
Yukai Huang 4bbe035beb Merge branch 'master' into frontend-next 2017-01-21 12:08:52 +08:00
Wu Cheng-Han 1473437295 Refactor checkViewPermission to fix limited & protected permission check bug and fix code style 2017-01-16 23:47:53 +08:00
Wu Cheng-Han 3c0667813c Fix missing config in hackmd response 2017-01-16 12:41:34 +08:00
Yukai Huang a9a38c3d75 Recover config change in 0f833f0 2017-01-15 11:58:00 +08:00
Yukai Huang c0e8306961 Merge branch 'frontend-next' into t216-refactor-common 2017-01-15 11:33:22 +08:00
Yukai Huang 0f833f099f Update server google/dropbox config check 2017-01-14 19:05:54 +08:00
Wu Cheng-Han 6be875263a Fix allowemailregister config typo and default should be true 2017-01-12 23:53:22 +08:00
Wu Cheng-Han 3ee65cd38e Fix for limited and protected permissions should forbid guest in realtime events 2017-01-12 23:45:51 +08:00
Max Wu 4851098477 Merge pull request #317 from SISheogorath/master+allowEmailRegister
Add `allowemailregister` option
2017-01-12 23:37:28 +08:00
Sheogorath 747629e549 Add `allowemailregister` option 2017-01-12 13:54:45 +01:00
Wu Cheng-Han 5f65795e79 Fix permission order and keep wording consistency 2017-01-12 19:04:17 +08:00
Wu Cheng-Han 7e191acbde Fix author creation in operationCallback might cause unique constraint validation error 2017-01-12 17:18:24 +08:00
Max Wu a8068d38d5 Merge pull request #313 from elct9620/feature/disable_anonymous_view
WIP: Add options to limit anonymous view note
2017-01-10 20:23:47 +08:00
蒼時弦也 7b02c48d93 Adjust permission order to more clarly 2017-01-10 14:13:30 +08:00
蒼時弦也 be7696170f Fix syntax when use case 2017-01-10 10:19:18 +08:00
蒼時弦也 89b8ddeaba Add limited and protected permission 2017-01-10 10:02:37 +08:00
蒼時弦也 c21fb8e2a0 Recovery tariling spaces 2017-01-10 09:35:21 +08:00
蒼時弦也 f8e5b54767 Remove temporary change 2017-01-10 09:32:44 +08:00
neopostmodern ff545b2688 Allow displaying LDAP provider name on sign-in modal 2017-01-09 12:49:23 +01:00
Max Wu b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
alecdwm 94abfaba7c removed comma 2017-01-06 07:21:59 +01:00
alecdwm e4fe93249f dark avatar backgrounds only 2017-01-06 07:18:22 +01:00
alecdwm b044c2ae19 Use randomcolor not seedrandom for avatar backgrounds 2017-01-06 07:08:07 +01:00
alecdwm 01361afa7a Profile pictures for LDAP users 2017-01-06 05:37:40 +01:00
蒼時弦也 1fbecbb03d Fix anonymouse view permission check 2017-01-05 23:37:10 +08:00
蒼時弦也 aaf1ff4b2f Add limit for constrain anonymous view note 2017-01-05 22:36:40 +08:00
Wu Cheng-Han c1b5e74cf9 Fix and refactor extracting content using metaMarked directly might lead in invalid object 2017-01-04 23:57:16 +08:00
Wu Cheng-Han bd4335964d Mark as 0.5.0 2017-01-02 11:19:01 +08:00
Wu Cheng-Han 10a8448c6a Fix yaml metadata description not able to show 2017-01-02 11:13:41 +08:00
Wu Cheng-Han b1ec3ba748 Refactor data processing to model definition 2017-01-02 11:05:36 +08:00
Wu Cheng-Han d9e19b6029 Update to remove null byte before saving to DB and remove null byte on changes 2017-01-02 11:05:05 +08:00
Wu Cheng-Han c3a96ff112 Fix migration script of revision lacks of definition of primary key 2017-01-02 11:00:40 +08:00
Wu Cheng-Han 99628a5662 Fix to not use diff_cleanupSemantic, bug report refer to https://code.google.com/p/google-diff-match-patch/issues/detail?id=67 2017-01-02 11:00:08 +08:00
Wu Cheng-Han f6d8e3ab00 Remove LZString compression for data storage 2017-01-02 10:59:53 +08:00
Wu Cheng-Han c904083d1f Remove manual LZString compression for partial socket io event data 2017-01-02 10:52:47 +08:00
bananaappletw 96fb3743f3 Use dburl to configurate 2016-12-22 21:51:48 +08:00
bananaappletw 3a091ff9a5 Simplify code for heroku 2016-12-22 19:42:00 +08:00
bananaappletw acaeef172a Fix #293 2016-12-22 13:23:17 +08:00
Florian Rhiem fdea226159 Fixed typo: anonmyous 2016-12-21 14:36:54 +01:00
Wu Cheng-Han d140a140de Fix possible user is undefined in realtime events 2016-12-20 20:33:46 +08:00
Wu Cheng-Han ae2db1da16 Fix email option in config not parse correctly 2016-12-20 10:47:37 +08:00
Wu Cheng-Han 39521f25a7 Mark as 0.4.6 2016-12-19 17:30:33 +08:00
Wu Cheng-Han 62eccd48e5 Try to fix when server have heavy loading cache might not update to db properly 2016-12-18 22:52:30 +08:00
Wu Cheng-Han 5bb3de2675 Add support of allow free url config option with correspond modifications 2016-12-16 15:38:05 +08:00
Wu Cheng-Han 4b7b902806 Fix typo 2016-12-16 15:37:01 +08:00
Wu Cheng-Han 5c7eb48319 Add support of allow anonymous config option with correspond modifications 2016-12-15 14:11:23 +08:00
alecdwm 3491f97f7e LDAP auth use email if provided 2016-12-14 13:24:25 +01:00
alecdwm 3007163799 Tokens not required for ldap auth 2016-12-14 12:38:03 +01:00
alecdwm 6ba9a2f039 Added HMD_LDAP_TLS_CA env variable 2016-12-14 11:49:33 +01:00
alecdwm 02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Yukai Huang 5282bf491e Update sequelize init condition 2016-12-12 11:12:59 +08:00
Yukai Huang 74c1da4536 Simplify output with sequelize database argument 2016-12-12 10:36:24 +08:00
Wu Cheng-Han a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Max Wu bd3d4958e4 Merge pull request #248 from hackmdio/file-upload-options
Support other options for image uploading
2016-11-27 10:54:00 +08:00
Wu Cheng-Han 71a356552f Update to auto generate meta description based on content in publish note and slide 2016-11-26 23:04:29 +08:00
Wu Cheng-Han 9d4ede4cff Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue] 2016-11-26 22:55:31 +08:00
Wu Cheng-Han f86a9e0c4b Fix slide might trigger script when processing markdown which cause XSS [Security Issue] 2016-11-26 22:46:08 +08:00
Wu Cheng-Han c671d54d67 Add dmp worker to leverage CPU intensive calculation to child process 2016-11-18 12:09:58 +08:00
Yukai Huang 46a4fe10ab Add env config prefix 2016-11-17 16:28:02 +08:00
Yukai Huang 2b2c593531 Config s3 through env variables 2016-11-16 14:44:42 +08:00
Wu Cheng-Han c58162a2e7 Revert "Add workers for notes to leverage CPU intensive work loading"
This reverts commit 4ccfdfa538.
2016-11-16 13:58:59 +08:00
Wu Cheng-Han 7adb78aba8 Revert "Add workers for history to leverage CPU intensive work loading"
This reverts commit b5920fbbd1.
2016-11-16 13:58:54 +08:00
Yukai Huang 518a4a120b upload image to s3 2016-11-16 12:05:24 +08:00
Yukai Huang a5dad29300 support filesystem image upload 2016-11-14 17:07:07 +08:00
Wu Cheng-Han b5920fbbd1 Add workers for history to leverage CPU intensive work loading 2016-11-07 21:30:53 +08:00
Wu Cheng-Han 4ccfdfa538 Add workers for notes to leverage CPU intensive work loading 2016-11-07 21:30:40 +08:00
Wu Cheng-Han e6dfc749f6 Fix config.js use cdn option not parse properly and add missing cdn resources 2016-10-23 22:42:47 +08:00
Wu Cheng-Han d37321e28d Change use cdn config option default to be true 2016-10-23 22:27:02 +08:00
Wu Cheng-Han 223c0726cd Change to raise socket io timeout, heartbeat interval and timeout to lower offline period 2016-10-23 21:42:27 +08:00
Wu Cheng-Han 1e6de0b90e Change revision saving policy period 2016-10-15 13:54:16 +08:00
Wu Cheng-Han 1418b7a801 Fix socket disconnect might interrupt loop issue 2016-10-14 17:36:04 +08:00
Wu Cheng-Han c98d263928 Fix to handle undefined document on update history 2016-10-12 17:50:36 +08:00
Wu Cheng-Han 07673f0726 Fix note extract tags might get encoded HTML entity 2016-10-12 13:14:59 +08:00
Wu Cheng-Han c06b2f4838 Fix history time should save in UNIX timestamp to avoid time offset issue 2016-10-11 16:46:50 +08:00
Wu Cheng-Han 9a15cad42d Mark as 0.4.5 2016-10-11 11:01:05 +08:00
Wu Cheng-Han 510b125432 Fix new note with empty content not saving to history and remove debug code 2016-10-11 01:22:08 +08:00
Wu Cheng-Han bc74c1f0cb Fix doc updating revision not stringify and compress authorship before save 2016-10-11 00:55:38 +08:00
Wu Cheng-Han dfc8aeeba0 Add more environment variables for server configuration, update related section in README.md 2016-10-10 21:16:58 +08:00
Wu Cheng-Han b734eb9c85 Try to fix memory leaks by clear OT server before disconnect note 2016-10-10 21:05:49 +08:00
Wu Cheng-Han 12d5ed43a7 Update to support delete note 2016-10-10 21:04:24 +08:00
Wu Cheng-Han d6d2cf978a Update to send note title on emit check and refresh event 2016-10-10 20:56:22 +08:00
Wu Cheng-Han 36a1900ce3 Update to make note history count in server-side when user logged 2016-10-10 20:55:33 +08:00
Wu Cheng-Han 1d2a9826af Update to improve history api error and bad request handling 2016-10-10 20:52:31 +08:00
Wu Cheng-Han af77bb8f59 Update to add cache to history 2016-10-10 20:51:46 +08:00
Wu Cheng-Han b54b3cbe69 Add more comments in the code and remove unused code file 2016-10-10 20:48:56 +08:00
Wu Cheng-Han a090008d4a Update to make OT socket io handle error better, use delay to avoid wrong reversion on client 2016-10-10 20:40:45 +08:00
Wu Cheng-Han 11a8c0f9cf Workaround cheerio text method shouldn't preserve html tags on fetching note title 2016-10-10 20:38:14 +08:00
Wu Cheng-Han 55ac4dcccb Update to allow CORS as API on revision actions 2016-10-10 20:33:48 +08:00
Wu Cheng-Han 3175616573 Update to support showing owner on the infobar 2016-10-10 20:32:20 +08:00
Wu Cheng-Han 1cae0c5b7f Update to prevent duplicate socket push in queue in order to lower down server loading 2016-10-10 20:25:48 +08:00
Wu Cheng-Han d23ced1fba Update to move authorship calculation code to note model and support update authorship after making revision of docs 2016-10-10 20:23:33 +08:00
Wu Cheng-Han 79fd2d1364 Update to add revision saving policy 2016-09-18 16:50:20 +08:00
Wu Cheng-Han 0470a266fd Update to prevent caching and crawling status 2016-09-18 16:23:56 +08:00
Wu Cheng-Han 87f4d05e8e Update to use proper way to render view and fix upload image error should response with code 2016-08-19 11:31:23 +08:00
Wu Cheng-Han 4d7c3d2120 Add info api for note 2016-08-19 11:24:36 +08:00
Wu Cheng-Han a013c9d3bc Update slide mode to show extra info and support url actions and support disqus via yaml-metadata 2016-08-15 11:25:27 +08:00
Wu Cheng-Han e94810ff94 Update to change the last change user saving strategy 2016-08-15 11:01:35 +08:00
Wu Cheng-Han 9bf7b92707 Fix meta might be null issue 2016-08-15 10:59:40 +08:00
Wu Cheng-Han 3bcb36b46c Improve index layout and UX with UI adjustments and better wording 2016-08-15 10:56:14 +08:00
Wu Cheng-Han be81ee22ec Update slide mode, now respect all meta settings and update default styles 2016-08-14 15:02:05 +08:00
Wu Cheng-Han 8d24d9e97f Update to make doc only update while the filesystem content not equals db content 2016-08-14 11:22:54 +08:00
Wu Cheng-Han f35aa94b41 Mark as 0.4.4 2016-08-02 17:17:33 +08:00
Wu Cheng-Han 67474aa1d4 Update realtime check and refresh event, compress data using LZString UTF16 to minimize network delay 2016-08-02 17:16:01 +08:00
Wu Cheng-Han b367e110b6 Update to support slideOptions in the YAML metadata 2016-08-01 00:08:22 +08:00
Wu Cheng-Han f69a5361cb Update to make random color more discrete 2016-07-30 11:31:29 +08:00
Wu Cheng-Han d4804f7aa5 Fix user color is not following the author color 2016-07-30 11:29:03 +08:00
Wu Cheng-Han a14e7953b5 Add support of showing authorship in editor and adjust related styles 2016-07-30 11:28:24 +08:00
Wu Cheng-Han d5549c6a84 Add support of saving authorship to revision 2016-07-30 11:24:20 +08:00
Wu Cheng-Han 2f117a22cd Add support of saving authors and authorship 2016-07-30 11:21:38 +08:00
Wu Cheng-Han 44fd0a617b Fix typo 2016-07-30 11:15:44 +08:00
Wu Cheng-Han 725e98288b Fix realtime on forbidden not clean up properly and handle on updating note which already been clean up 2016-07-30 11:10:43 +08:00
Wu Cheng-Han 0f4f270193 Fix yaml metadata title should pass to generateWebTitle 2016-07-30 11:01:07 +08:00
Wu Cheng-Han b3ba512cea Fix potential memory leaks on realtime client disconnect not clean up server properly 2016-07-13 10:41:49 +08:00
Wu Cheng-Han 40478f4eff Fix realtime on finishConnection might not clear and connect next socket in queue and should use shift instead of pop on remove invalid socket in queue 2016-07-05 16:11:18 +08:00
Wu Cheng-Han da7b6a340d Reduce realtime timeout and heartbeat interval to handle stale clients quicker 2016-07-02 16:15:05 +08:00
Wu Cheng-Han 858b30c20c Try to solve potential memory leaks 2016-07-02 16:12:48 +08:00
Wu Cheng-Han 95c8f25fb5 Update response to force note, publish note, publish slide redirect to their expected url 2016-07-02 16:11:30 +08:00
Wu Cheng-Han 458d07dde7 Update to change server-side pre-rendering engine from marked to markdown-it 2016-07-02 16:11:06 +08:00
Wu Cheng-Han d39f1fc700 Update to make slide mode support all extra syntax and change it's rendering engine 2016-07-02 16:09:26 +08:00
Wu Cheng-Han d7d83c102b Mark as 0.4.3 2016-06-28 09:38:31 +08:00
Cheng-Han, Wu 558304ff62 Update to support new metadata: title, description, tags and google-analytics (GA) and refactor render publish slide response function 2016-06-21 21:42:03 +08:00
Cheng-Han, Wu ad6982e77e Remove robot meta on note edit page and html template, add prevent crawling header to enhance note privacy 2016-06-21 21:37:56 +08:00
Cheng-Han, Wu a125f80535 Fix pdf tmp path is missing a folder slash before timestamp 2016-06-17 16:33:58 +08:00
Cheng-Han, Wu 614a97376d Try to solve realtime connection get stock when lots of client try to connect at same moment 2016-06-17 16:32:33 +08:00
Cheng-Han, Wu 73f6d383b5 Add minimumCompatibleVersion and update refresh modal to show more detail informations 2016-06-17 16:31:36 +08:00
Cheng-Han, Wu 03e68f92eb Fix locked or private permission should block any operation if owner is null 2016-06-17 16:29:45 +08:00
Cheng-Han, Wu 18f7eb281c Fix create new note should not use default note created time 2016-06-17 16:28:04 +08:00
Cheng-Han, Wu 8e351e7e33 Add revision api 2016-06-17 16:11:14 +08:00
Cheng-Han, Wu dbc126b156 Add support of saving note revision and improve app start and stop procedure to ensure data integrity 2016-06-17 16:09:33 +08:00
Cheng-Han, Wu 03bdee23ff Update note model on create doc will use the created time of the doc in filesystem 2016-06-01 23:19:47 +08:00
Cheng-Han, Wu c439797efd Mark as 0.4.2 2016-06-01 20:44:19 +08:00
Cheng-Han, Wu 16d5e3ea80 Add maintenance mode and update to gracefully exit process on signal 2016-06-01 14:18:54 +08:00
Cheng-Han, Wu dfd2c6297c Update note model if doc in filesystem have newer modified will update it in db 2016-05-30 12:43:51 +08:00
Cheng-Han, Wu 16990e35a2 Update slide template using ejs instead of mustache to reduce similar package dependency 2016-05-29 17:54:24 +08:00
Cheng-Han, Wu 20fbc9957f Update project title 2016-05-28 01:51:45 +08:00
Cheng-Han, Wu f3418a619c Update to use bigger size of profile image 2016-05-21 22:48:21 +08:00
Cheng-Han, Wu 6405bb5056 Add support of google signin 2016-05-21 22:48:00 +08:00
Cheng-Han, Wu d74d7bc31b Update to use dropbox api version 2 2016-05-21 22:40:54 +08:00
Cheng-Han, Wu 40967ce7e2 Update to make user profile auto update on authentication 2016-05-20 03:02:07 +08:00
Cheng-Han, Wu bbc7e26e77 Update to use bigger avatar image and twitter now use screen_name based profile image url 2016-05-20 02:13:22 +08:00
Cheng-Han, Wu eb5873a94d Update to move gitlab api path to sub path and fix its find user method for PR #121 2016-05-16 18:16:45 +08:00
Cheng-Han, Wu 6b521b99d4 Fix code styles and user refreshToken might need update when accessToken not match 2016-05-16 12:46:48 +08:00
Cheng-Han, Wu baa946968d Add db migrations for PR #121 2016-05-15 12:20:42 +08:00
Cheng-Han, Wu 93c6205aa6 Fix merge conflicts 2016-05-15 11:17:02 +08:00
Cheng-Han, Wu 8a01b7242c Merge branch 'gitlab_snippets' of https://github.com/jccrofty30/hackmd into jccrofty30-gitlab_snippets
# Conflicts:
#	lib/response.js
2016-05-15 11:02:15 +08:00
Cheng-Han, Wu 73835763c6 Merge PR #118 2016-05-15 10:58:41 +08:00
Cheng-Han, Wu a70ebf7762 Update to move dropbox app key setting to common.js and will auto load client-side related scripts 2016-05-15 10:54:24 +08:00
Jason Croft 0adc0864d5 Retrieve GitLab avatar. 2016-05-12 13:26:50 -04:00
Jason Croft b96cc4eb94 Retrieve GitLab avatar. 2016-05-12 13:26:28 -04:00
Jason Croft a3876dfc92 Start extending to support GitLab authentication.
Add necessary dependency.
Add baseURL parameter for self-hosted GitLab
Add necessary require.
Add block for GitLab auth.
Fix typo
Update font-awesome dependency for GitLab icon.
Use a color closer to GitLab orange.
More direct TODO
2016-05-11 21:02:53 -04:00
Jason Croft e545de72a6 Add accessToken saving. 2016-05-11 17:06:05 -04:00
Jason Croft 17daf32239 Remove skeleton functions 2016-05-11 17:04:55 -04:00
Jason Croft a443490ee6 Add accessToken column 2016-05-11 17:04:45 -04:00
Jason Croft 521f96fb11 Skeletons for GitLab actions. 2016-05-09 17:07:23 -04:00
Jason Croft 079822dfec Start extending to support GitLab authentication.
Add necessary dependency.
Add baseURL parameter for self-hosted GitLab
Add necessary require.
Add block for GitLab auth.
Fix typo
Update font-awesome dependency for GitLab icon.
Use a color closer to GitLab orange.
More direct TODO
2016-05-09 16:27:35 -04:00
Jannik Lorenz 404e44649f
Fix error page (missing googleDrive config) 2016-04-23 14:15:24 +02:00
Jannik Lorenz d7648e9cea
Hide Dropbox and Google Drive in Import/ Export when disabled 2016-04-23 12:58:24 +02:00
Cheng-Han, Wu 60046200f8 Update to support when domain not provided will use relative path 2016-04-22 03:33:24 +08:00
Cheng-Han, Wu ff4698caf5 Update to support DOMAIN and URL_PATH environment variables 2016-04-22 03:33:09 +08:00
Cheng-Han, Wu 49b51e478f Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias) 2016-04-20 18:03:55 +08:00
Cheng-Han, Wu b6ca50072e Updated to add headers to prevent search engine crawl some unnecessary paths 2016-03-15 10:54:21 +08:00
Cheng-Han, Wu c5f6c2bab3 Updated to handle user address when server behind other services 2016-03-15 10:54:04 +08:00
Cheng-Han, Wu 845ef9bad6 Support export to and import from Google Drive 2016-03-04 23:17:35 +08:00
Cheng-Han, Wu c183002c14 Fixed note title might get wrong 2016-03-04 23:12:03 +08:00
Cheng-Han, Wu b2b1be3dda Support set url path and use relative url, move raphael to bower and fixed minor issue in history 2016-02-16 20:08:44 -08:00
Cheng-Han, Wu 3f2f063e9b Fixed export gist title might null and fake referer that redirect to gist html_url 2016-02-16 19:54:29 -08:00
Cheng-Han, Wu 4c4a0e0f3f Fixed prevent XSS might break lots of tags and only need after rendered 2016-02-11 03:45:13 -06:00
Cheng-Han, Wu 6700f033ab Prevent XSS in markdown rendering 2016-02-11 02:36:52 -06:00
Cheng-Han, Wu 1fb42bd276 Updated to allow CORS in download as API 2016-02-01 00:41:28 -06:00
Cheng-Han, Wu ff2fc76491 Supported export to gist 2016-01-31 15:42:26 -06:00
Cheng-Han, Wu 16dcd27b78 Fixed potential bug in realtime startConnection and bugs in note findOrNewNote, response showNote 2016-01-20 23:20:50 -06:00
Wu Cheng-Han 96931e6e3a Upgrade all dependencies and fixes afterward issues 2016-01-19 09:57:58 -06:00
Wu Cheng-Han 49c7dded45 Added private permission and clean up codes, solved potential race condition in realtime.js 2016-01-17 09:51:27 -06:00
Wu Cheng-Han 2ecec3b59a Support show last change user with profile and support YAML config inside the note with robots, lang, dir, breaks options 2016-01-12 08:01:42 -06:00