status-im/codimd
2
0
Fork 0
mirror of https://github.com/status-im/codimd.git synced 2025-01-29 19:54:58 +00:00
Code Issues Projects Releases Wiki Activity
2,640 Commits 23 Branches 35 Tags 26 MiB
Commit Graph

2640 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Raccoon
a3742e4564 fix: getStatus should reject promise 
1. reject promise when getStatus failed
2. change to use promise-way call getStatus in debug message

Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-05-17 03:25:20 +08:00
Raccoon
54ab0a08de
Merge pull request #1512 from stregouet/oauth2-state 
fix: add state parameter for oauth2
 2020-05-13 16:26:26 +08:00
Raccoon
20bacfbaf1
Merge pull request #1507 from tarlety/feature-metrics-merge-develop 
Exporting metrics for node.js, express, router, and codimd realtime status.
 2020-05-13 16:25:38 +08:00
Samuel Trégouët
6ff6d215ab fix: add state parameter for oauth2 
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
 2020-05-11 15:59:49 +02:00
Raccoon
a6c7582aa2
Merge pull request #1500 from ldruschk/fix-internal-server-error-freeurl-not-logged-in 
return errorForbidden when anonymous user tries to create freeUrl pad
 2020-05-11 16:05:20 +08:00
tarlety
ac31e51d67
Fix session flood issue after prometheus metrics are implemented. 
Root cause:
- prometheus metrics '/metrics/codimd' exported by 3ca0341 are still in 'routes need sessions' section.
- prometheus scrapes metrics repeatedly.
- new session created every time while prometheus scrapes metrics '/metrics/codimd'.

Solution:
- move /metrics/codimd from lib/routes.js to lib/metrics.js.
- move /metrics/codimd from section 'routes need sessions' of app.js to 'routes without sessions'.

Signed-off-by: tarlety <tarlety@gmail.com>
 2020-05-04 20:57:46 +08:00
tarlety
6c4fd144f5
Fix test:ci error in app.js. 
Signed-off-by: tarlety <tarlety@gmail.com>
 2020-05-02 00:31:34 +08:00
tarlety
09eb8556db
Exporting metrics for node.js, express, router, and codimd realtime status. 
1. **/metrics/router** : exporting node.js/express Prometheus metrics by
[prometheus-api-metrics](https://www.npmjs.com/package/prometheus-api-metrics)

2. **/metrics/codimd** : exporting codimd realtime status (/status) as
Prometheus metrics

Signed-off-by: tarlety <tarlety@gmail.com>
 2020-05-01 22:17:22 +08:00
Lucas Druschke
bcd92f500f return errorForbidden when anonymous user tries to create freeUrl pad (closes #1499) 
Signed-off-by: Lucas Druschke <ldruschk@posteo.de>
 2020-04-29 22:42:56 +02:00
Yukai Huang
4fd6293963
Merge pull request #1490 from alphagov/fix-avatars 2020-04-25 14:53:57 +08:00
Yukai Huang
662bb87268
Merge pull request #1488 from hackmdio/feature/fence-params 2020-04-25 14:40:03 +08:00
Rafal Proszowski
e1977a1da7
Fix GitHub's avatar URL 
At the moment, the URL is being composed and modified with the use of
string composition.

This causes issues, if the URL returned by GitHub slightly differs from
the time developer initially had a look into it.

In our case, the URL from GitHub has two query parameters in it, whilst
the codebase only expected one.

This change will take all of these parameters and only set the one we
care about, whilst leaving others intact and carry on with the full URL.

Fixes #1489

Signed-off-by: Rafal Proszowski <paroxp@gmail.com>
 2020-04-20 12:25:32 +01:00
Yukai Huang
d7cc95129d
Merge pull request #1474 from binotaliu/switch-scrypt-kdf 
Replace scrypt with scrypt-kdf
 2020-04-20 00:19:51 +08:00
BinotaLIU
d4d0120ab7
prevert directly call of User.hashPassword() 
this preverted changes made in 7b8576d. now we use hooks to hash password.
no need to call User.hashPassword() manually.

Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:13 +08:00
BinotaLIU
027195e973
add hooks for hash password 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:13 +08:00
BinotaLIU
d99346f037
update minimal required node version to 10 (Debnium) 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:12 +08:00
BinotaLIU
f618576193
use async hashPassword/verifyPassword 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:12 +08:00
BinotaLIU
ec206db173
add methods for password hashing in User model 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:12 +08:00
BinotaLIU
527c3ae7d9
remove scrypt && install scrypt-kdf 
Signed-off-by: BinotaLIU <me@binota.org>
 2020-04-20 00:04:12 +08:00
Yukai Huang
4a748cb53f
Merge pull request #1484 from hackmdio:feat/optimize-module-size 
Feat/optimize module size
 2020-04-19 20:14:15 +08:00
Yukai Huang
77f4b0590a
Support brace wrapped param in fence lang 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-04-19 16:52:24 +08:00
Raccoon
2fe10a78b7
chore: change aws-sdk to @aws-sdk/client-s3-node, reduced module size 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-04-12 02:24:35 +08:00
Raccoon
a048b587af
chore: move frontend package to devDependencies 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-04-12 02:21:22 +08:00
Raccoon
421ccbfc25
fix: lutim not required properly 
Signed-off-by: Raccoon <raccoon@hackmd.io>
 2020-04-12 02:11:43 +08:00
Raccoon
e72bcfe0ea
Merge pull request #1459 from hackmdio/feat/improve-version-check 
Improve version checker behavior
 2020-04-05 15:36:10 +08:00
Max Wu
c1028f3ccd
Merge pull request #1473 from hackmdio/fix/imgur 
fix: cannot upload image via imgur
 2020-04-05 15:17:41 +08:00
BoHong Li
439e3bde32
fix: cannot upload image via imgur 
Signed-off-by: BoHong Li <raccoon@hackmd.io>
 2020-04-05 15:06:32 +08:00
Max Wu
2be9db9bf2
Update README.md to avoid confusion 2020-04-01 10:37:00 +08:00
Raccoon
1b80245546
Merge pull request #1453 from moycat/feature/oauth-avatar 
Support avatar for OAuth users
 2020-03-26 05:17:27 +08:00
Raccoon
a8da6329a8
Merge pull request #1460 from thinkingmachines/fix/create-note 
Fix check for creating free url notes
 2020-03-26 05:15:07 +08:00
Mark Steve Samson
72c9d049f7
Fix check for creating free url notes 
Signed-off-by: Mark Steve Samson <marksteve@thinkingmachin.es>
 2020-03-17 21:00:16 +08:00
Raccoon
bd508b166f
Update lib/web/middleware/checkVersion.js 
Signed-off-by: BoHong Li <raccoon@hackmd.io>
 2020-03-17 02:24:01 +08:00
BoHong Li
b49a4e24f1
feat(versionCheck): add timeout to 1s and change logger type to avoid log error to disturb user 
Signed-off-by: BoHong Li <raccoon@hackmd.io>
 2020-03-17 01:24:38 +08:00
Max Wu
4c7497960a
Merge pull request #1457 from kishan3/fix_module_not_found_uncaught_exception 
Add correct path for minio
 2020-03-13 21:22:37 +08:00
Kishan Mehta
a1a69a75c0 Add correct path for minio 
This should fix #1452

Signed-off-by: Kishan Mehta <kishan@scrapinghub.com>
 2020-03-13 18:22:40 +05:30
moycat
46fdb6a6f0
Support avatar for OAuth users 
Signed-off-by: Moycat <i@moy.cat>
 2020-03-12 13:48:18 +08:00
Max Wu
af5ad36167
Merge pull request #1449 from pkrasicki/ui-contrast 
Improve visibility of some UI elements
 2020-03-10 17:17:06 +08:00
pkrasicki
ba4ddca67c
Improve visibility of some UI elements 
Partially fixes #1441

Signed-off-by: pkrasicki <pkrasicki@protonmail.com>
 2020-03-10 09:06:58 +00:00
Yukai Huang
f0fbd09fa0
Merge pull request #1448 from hackmdio/feature/spoiler-inline-markdown 
Allow inline markdown in spoiler summary syntax
 2020-03-09 20:31:38 +08:00
Yukai Huang
8f4ccb967d
Support inline markdown in spoiler summary 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-03-09 10:15:01 +08:00
Raccoon
42ae89cc72
Merge pull request #1446 from hackmdio/fix/docker-secret-not-complete 
Fix not all config in docker secret
2.0.1-rc.1 		2020-03-06 21:01:04 +08:00
BoHong Li
3ae3cb191d
fix: some environment variables not in docker secret 
Signed-off-by: BoHong Li <raccoon@hackmd.io>
 2020-03-06 20:51:25 +08:00
Max Wu
9ec6dad461
Merge pull request #1443 from Lin-Buo-Ren/patch-1 
Fix Wikipedia link in 2.0.0 release notes
 2020-03-05 15:45:52 +08:00
林博仁(Buo-ren Lin)
297c1f1085 Fix Wikipedia link in 2.0.0 release notes 
Fixes the problem where the link opens the same release notes page.

Signed-off-by: 林博仁(Buo-ren, Lin) <Buo.Ren.Lin@gmail.com>
 2020-03-05 13:41:35 +08:00
Max Wu
2ba5b74c32 Merge branch 'master' into develop 2020-03-03 18:48:20 +08:00
Yukai Huang
16b9409ef5
Merge pull request #1439 from hackmdio/release/2.0.0 
Release 2.0.0
2.0.0 		2020-03-03 18:43:42 +08:00
Max Wu
fc662661a8 fix: only enable dropbox directives when config is given 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2020-03-03 18:35:57 +08:00
Max Wu
e2c31e4cb3 fix: allow Dropbox dropins in CSP directives 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2020-03-03 17:25:36 +08:00
Yukai Huang
118b11a4fa
Update highlights of refreshed documentation 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-03-03 15:02:24 +08:00
Yukai Huang
9bb683a96f
Update image html alignment 
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
 2020-03-03 13:58:01 +08:00