Commit Graph

701 Commits

Author SHA1 Message Date
Max Wu 6585976e4d
Merge pull request #1588 from tamo/google-oauth-verified 2021-05-11 17:41:33 +08:00
Yukai Huang ee1230b6f4
Merge pull request #1532 from freitagsrunde/feature/customTocLevel
Set TOC depth freely for every note by using YAML metadata or an option within `[toc]`
2021-05-11 17:30:31 +08:00
Yukai Huang 98bf5a6148
Fix async series been interrupted by parse alias
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-05-11 16:51:27 +08:00
Yukai Huang 0c3171b17d
Merge pull request #1570 from hackmdio/bugfix/update-history-usage
Use encoded noteId when calling updateHistory
2021-05-11 16:27:50 +08:00
Yukai Huang ab58cd45b4 Use encoded noteId in updateHistory call
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-05-11 16:21:46 +08:00
Raccoon 965cca9d39
fix: lint
Signed-off-by: Raccoon <raccoon@hackmd.io>
2021-04-28 17:37:43 +08:00
Raccoon 20b10b7bb7
refactor: beforeCreate and parseNoteId
Signed-off-by: Raccoon <raccoon@hackmd.io>
2021-04-27 19:25:46 +08:00
Raccoon d3bbdfc7d3
fix: can traversal any md files
Signed-off-by: Raccoon <raccoon@hackmd.io>
2021-04-27 18:25:06 +08:00
Yukai Huang bf5325b37f
Merge pull request #1609 from mic4ael/return-to-note-on-login
Better redirection after a successful login
2021-04-16 12:20:09 +08:00
Giuseppe Lo Presti dc37e5df63 Better update of the authorship of anonymous users
Co-authored-by: Yukai Huang <yukaihuangtw@gmail.com>
Signed-off-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
2021-03-18 09:13:22 +01:00
Giuseppe Lo Presti c9399f33d1 Support anonymous updates via API if allowAnonymousEdits is true
Signed-off-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
2021-03-09 12:32:54 +01:00
Yukai Huang de0f4588ac
Fix getImageMimeType mime usage
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 22:16:28 +08:00
Yukai Huang c9e23985d3
Check image type from file extension
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:46:19 +08:00
Yukai Huang e19e6642fb
Allow bmp/tiff image to be uploaded
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:45:49 +08:00
Yukai Huang c1a22a5318
Replace hard coded impl in getImageMimeType
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:43:14 +08:00
Yukai Huang 7a88f9d95a
Check upload image mime type
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-22 16:48:13 +08:00
Michal Kolodziejski 7d815cc90c Better redirection after a successful login
Signed-off-by: Michal Kolodziejski <michal.kolodziejski@cern.ch>
2020-10-17 12:57:23 +02:00
Tamotsu Takahashi f42d1c3e3e Add privacyPolicyURL (CMD_PRIVACY_POLICY_URL)
If you use Google OAuth, you need to add Privacy Policy to the top.
https://support.google.com/cloud/answer/9110914#all-apps-zippy
https://github.com/hackmdio/codimd/issues/1582#issuecomment-682270394

Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2020-09-01 20:54:08 +09:00
Yukai Huang ab0ac83582
Fix updateHistory parameter
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-12 18:10:39 +08:00
James Tsai 4792908169 Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-08-04 17:11:09 +08:00
James Tsai e7a4996cbe Update note title and history in update api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-08-04 16:48:33 +08:00
James Tsai 091c77bdb1 Refactor, change response type to json in update-api user online checking
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-30 18:56:57 +08:00
James Tsai 04fe74d520 Refactor, use body parser, adjust update api content column
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-30 18:14:10 +08:00
James Tsai 53526c154a Check online users, update authorships, save revisions in update note content API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai 96f8f06b00 Disconnect online users by delete API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai b3cf98b329 Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai b597dc9811 Add update note api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai 66d53956c4 Add delete note api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
Yukai Huang 8e72eb5aca
Merge pull request #1548 from hackmdio/feature/list-my-note-api
List-my-note API
2020-07-15 17:13:35 +08:00
James Tsai 03bc329b3f Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-14 17:34:32 +08:00
James Tsai a22cf73f60 Refactor, variable naming and myNoteList mapping
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-14 17:34:32 +08:00
James Tsai dcf48e749e Update route of list-my-notes api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-14 17:34:32 +08:00
gereon 3438c5701b removed default value for toc depth
seems to be set elsewhere

Co-authored-by: Yukai Huang <yukaihuangtw@gmail.com>
Signed-off-by: Gereon Dusella <git@gereondusella.de>
2020-07-13 11:04:46 +02:00
Yukai Huang 91fb54539a
Merge pull request #1546 from schokotets/develop
feature: pass-through yaml metadata image to html meta tag
2020-07-10 10:33:55 +08:00
Yukai Huang 3e09c7a21f
Merge pull request #1505 from daniele-athome/pr/feature/tags-array
Use array for tags when available (close #1496)
2020-07-09 15:50:57 +08:00
James Tsai 07f32f5bbf Fix standard
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-01 11:42:28 +08:00
James Tsai 2973bfbceb Add list-my-note API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-01 11:42:28 +08:00
schokotets 2c9f73cfb2
feature: pass-through yaml metadata image to html meta tag
Signed-off-by: schokotets <moritzleni@gmail.com>
2020-06-27 17:22:11 +02:00
Gereon Dusella 1248bc9cd4 added default value `3` to CMD_DEFAULT_TOC_DEPTH
Signed-off-by: Gereon Dusella <git@gereondusella.de>
2020-06-03 20:17:06 +02:00
Gereon Dusella 56e01fa76e added an Environment Variable `CMD_DEFAULT_TOC_DEPTH` to set default toc depth
Signed-off-by: Gereon Dusella <git@gereondusella.de>
2020-06-03 17:38:28 +02:00
Raccoon 8b67d6916d
fix: improve image upload to filesystem may caused app crash
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-31 00:41:01 +08:00
Raccoon ac6021a579 fix: returning 500 when getStatus failed
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-17 03:25:57 +08:00
Raccoon a3742e4564 fix: getStatus should reject promise
1. reject promise when getStatus failed
2. change to use promise-way call getStatus in debug message

Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-17 03:25:20 +08:00
Raccoon 54ab0a08de
Merge pull request #1512 from stregouet/oauth2-state
fix: add state parameter for oauth2
2020-05-13 16:26:26 +08:00
Raccoon 20bacfbaf1
Merge pull request #1507 from tarlety/feature-metrics-merge-develop
Exporting metrics for node.js, express, router, and codimd realtime status.
2020-05-13 16:25:38 +08:00
Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
2020-05-11 15:59:49 +02:00
tarlety ac31e51d67
Fix session flood issue after prometheus metrics are implemented.
Root cause:
- prometheus metrics '/metrics/codimd' exported by 3ca0341 are still in 'routes need sessions' section.
- prometheus scrapes metrics repeatedly.
- new session created every time while prometheus scrapes metrics '/metrics/codimd'.

Solution:
- move /metrics/codimd from lib/routes.js to lib/metrics.js.
- move /metrics/codimd from section 'routes need sessions' of app.js to 'routes without sessions'.

Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-04 20:57:46 +08:00
tarlety 09eb8556db
Exporting metrics for node.js, express, router, and codimd realtime status.
1. **/metrics/router** : exporting node.js/express Prometheus metrics by
[prometheus-api-metrics](https://www.npmjs.com/package/prometheus-api-metrics)

2. **/metrics/codimd** : exporting codimd realtime status (/status) as
Prometheus metrics

Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-01 22:17:22 +08:00
Daniele Ricci 5463c8412c Use array for tags when available (close #1496)
Signed-off-by: Daniele Ricci <daniele@casaricci.it>
2020-04-30 20:31:22 +02:00
Lucas Druschke bcd92f500f return errorForbidden when anonymous user tries to create freeUrl pad (closes #1499)
Signed-off-by: Lucas Druschke <ldruschk@posteo.de>
2020-04-29 22:42:56 +02:00