Commit Graph

184 Commits

Author SHA1 Message Date
Literallie d51da8c12c
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
2017-10-22 00:03:46 +02:00
Literallie 91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Literallie 996cb37991
CSP: Workaround for ws:// protocol
The spec allows wss:// for 'self', but not ws:// :(
2017-10-22 00:03:45 +02:00
Literallie 4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Literallie 080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Literallie 5d2d3ec875
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie ba183ce654
Add basic CSP support 2017-10-22 00:03:44 +02:00
Literallie 56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Wu Cheng-Han c8d3951d32 Add support of Danish locale 2017-06-11 15:52:04 +08:00
Wu Cheng-Han cceb5b1a26 Fix import module name typo in app.js 2017-05-08 20:35:51 +08:00
Raccoon Li d79997808a fix(imageRouter): import missing dependency: getImageMimeType 2017-05-08 20:04:05 +08:00
BoHong Li 60ca6ed56c refactor: Rename checkURiVaild to checkURIValid to fit coding standard 2017-05-08 19:29:07 +08:00
BoHong Li 3919d4fc0e fix(app.js): Change config.maintenance to realtime.maintenance 2017-05-08 19:29:07 +08:00
BoHong Li ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li 4738ba7d36 fix: Add 'use strict' on app.js 2017-05-08 19:29:07 +08:00
BoHong Li aca01f064d refactor: Remove `require` extension filename 2017-05-08 19:29:06 +08:00
BoHong Li d88502e331 refactor(app.js): Move passport serialize and deserialize to auth module 2017-05-08 19:29:06 +08:00
BoHong Li 7ef17fd4e6 refactor(app.js): Extract tooBusy 2017-05-08 19:29:06 +08:00
BoHong Li 768943002c refactor(app.js): Extract upload image 2017-05-08 19:29:06 +08:00
BoHong Li d90bd6da31 fix(app.js): Fixed typo 2017-05-08 19:24:38 +08:00
BoHong Li 689bade730 refactor(app.js): Extract note action 2017-05-08 19:24:38 +08:00
BoHong Li e2ac73f5a3 refactor(app.js): Extract /me page 2017-05-08 19:24:38 +08:00
BoHong Li e3fde01e3a refactor(app.js): Remove unused modules 2017-05-08 19:24:38 +08:00
BoHong Li 706df11e23 refactor(app.js): Extract history api 2017-05-08 19:24:38 +08:00
BoHong Li c99ae8e1f8 refactor(app.js): Remove unused import modules 2017-05-08 19:24:38 +08:00
BoHong Li 69a9f7ca38 refactor(app.js, auth.js): Extract all auth method to individual modules 2017-05-08 19:24:38 +08:00
BoHong Li 766022378a refactor(app.js): Extract status pages 2017-05-08 19:24:37 +08:00
BoHong Li 66c68254b4 refactor(app.js): Extract index, 403, 404, 500 pages 2017-05-08 19:24:37 +08:00
BoHong Li 9f1f16c8e3 refactor(app.js): Extract urlencodedParser to utils module 2017-05-08 19:24:37 +08:00
BoHong Li dee77c459a refactor(app.js): Extract middleware to module
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li 7ba0d600f1 fix(app.js): Stream log
use logger instead of logger.stream
2017-05-08 19:24:37 +08:00
LluisArevalo 6e277100ca Add reference to utils library 2017-05-08 10:52:30 +02:00
LluisArevalo 03ef1bf4f0 Add Content-Type to the images uploaded to AWS S3 2017-05-08 10:22:52 +02:00
Wu Cheng-Han dde6e622a4 Fix front-end constants generation not getting config properly 2017-03-23 20:00:48 +08:00
Wu Cheng-Han 011d043b2a Update to indicate version in status API header 2017-03-22 23:44:09 +08:00
Wu Cheng-Han e751684aa3 Update to print info on exit term signals handled 2017-03-22 15:31:39 +08:00
Wu Cheng-Han 0bcd83576f Update to handle SIGQUIT 2017-03-22 15:26:35 +08:00
Wu Cheng-Han 7989b89591 Add support of Catalan locale 2017-03-20 14:52:25 +08:00
Wu Cheng-Han 19a64f6b06 Fix typo and possible wrong value on provider is false on generating front-end constants 2017-03-20 01:54:44 +08:00
Wu Cheng-Han 448b006194 Update to generate front-end constants on server startup
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han 506a381eca Add config option for gitlab api scope and auto adapt gitlab snippet feature on it 2017-03-14 18:04:23 +08:00
BoHong Li 4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
NV 90c83ebd5b Fix image path problem when using filesystem backend 2017-02-09 14:07:36 +09:00
Wu Cheng-Han 92ad67b813 Update to remove history cache to lower application coupling 2017-02-03 21:39:08 +08:00
Jan Kunzmann 20dc3127b1 Handle SIGTERM the same way SIGINT is handled 2017-01-20 02:13:09 +01:00
Max Wu 4851098477 Merge pull request #317 from SISheogorath/master+allowEmailRegister
Add `allowemailregister` option
2017-01-12 23:37:28 +08:00
Sheogorath 747629e549 Add `allowemailregister` option 2017-01-12 13:54:45 +01:00
Wu Cheng-Han fc788e805e Fix SIGINT checkClean should only log error instead throw error 2017-01-12 17:17:01 +08:00
Max Wu b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
James Stephenson ec1ae8c6b5 Added Esperanto translation
Translation by Jonathan Powell and James Stephenson
2016-12-30 22:02:57 -05:00
knjcode a2fbb3add9 Fix URL concatenation 2016-12-27 12:46:07 +09:00
S.Noda c8bcc4c1c3 fix #284 2016-12-18 18:58:21 +09:00
alecdwm fc8d709afb LDAP login improvements
- return bad request if no username or password given
- return to referer url on auth success
- flash error message on auth failure
2016-12-14 12:40:54 +01:00
alecdwm 02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han bb3ed8e249 Fix missing dependency in app.js 2016-12-12 13:02:53 +08:00
Wu Cheng-Han 38505491ae Fix redirection to url without trailing slashes not considering about config urlpath 2016-12-12 10:50:43 +08:00
Yukai Huang 9e6fd505e1 Remove bower occurences 2016-12-11 11:18:08 +08:00
Wu Cheng-Han 778b6f32b3 Update to handle request with invalid uri 2016-12-03 14:37:24 +08:00
Wu Cheng-Han 5958654ea4 Remove preprocess image on upload image or it will losing support of image some formats 2016-12-03 14:37:12 +08:00
Wu Cheng-Han a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Max Wu bd3d4958e4 Merge pull request #248 from hackmdio/file-upload-options
Support other options for image uploading
2016-11-27 10:54:00 +08:00
Yukai Huang 1a4f3950e6 Handle preprocess image error 2016-11-22 07:20:48 +08:00
Wu Cheng-Han f387bb312f Try to replace engine.io to uws in socket.io for better performance 2016-11-18 12:18:29 +08:00
Yukai Huang 2279986f97 Config sharp image preprocessing 2016-11-16 17:07:00 +08:00
Yukai Huang 518a4a120b upload image to s3 2016-11-16 12:05:24 +08:00
Yukai Huang 4d3672ae5d Join image path with config.serverurl 2016-11-16 10:50:07 +08:00
Yukai Huang 8db6624ae9 save to upload folder only when option enabled 2016-11-15 23:25:41 +08:00
Yukai Huang a5dad29300 support filesystem image upload 2016-11-14 17:07:07 +08:00
Yukai Huang 81b368c11c upload image to public/uploads 2016-11-14 16:45:57 +08:00
Wu Cheng-Han b9c4af8a65 Add to throw error when server not ready after db synced 2016-11-07 21:31:11 +08:00
Max Wu 7e05976a93 Revert "html minify in production environment" 2016-10-24 00:00:05 +08:00
Peter Dave Hello 731375c220 html minify in production environment 2016-10-23 23:31:04 +08:00
Wu Cheng-Han 215b5baa9f Update to support Swedish locale 2016-10-21 13:39:28 +08:00
Wu Cheng-Han 209534993a Fix socket disconnect might interrupt loop issue 2016-10-21 13:35:29 +08:00
Wu Cheng-Han dbd7449740 Update to support Hindi locale 2016-10-14 22:52:54 +08:00
Wu Cheng-Han bd6d69d7a7 Fix to handle checkAllNotesRevision might return null notes 2016-10-12 17:47:25 +08:00
Wu Cheng-Han 4ea5191d30 Fix fatal error should throw instead of return 2016-10-10 20:56:41 +08:00
Wu Cheng-Han cbf078494b Update to add post history by note id with data, delete all history and delete history by id and rename methods 2016-10-10 20:52:09 +08:00
Wu Cheng-Han af77bb8f59 Update to add cache to history 2016-10-10 20:51:46 +08:00
Wu Cheng-Han a5e6b5dd3b Update to support Ukrainian locale 2016-10-10 19:48:05 +08:00
Wu Cheng-Han 4c9dc5fa1f Add support of Italian, Turkish, Russian, Dutch, Croatian, Polish locales 2016-10-10 16:29:40 +08:00
Wu Cheng-Han aaf32dc4bf Update to support Greek and Portuguese locales 2016-10-02 10:34:10 +08:00
Jordan Matelsky 937e982109 Remove expiry from cookies
As per [this issue](https://github.com/expressjs/session/issues/365)
2016-09-26 12:13:24 -04:00
Wu Cheng-Han 79fd2d1364 Update to add revision saving policy 2016-09-18 16:50:20 +08:00
Wu Cheng-Han 0470a266fd Update to prevent caching and crawling status 2016-09-18 16:23:56 +08:00
Wu Cheng-Han 4cc00c6c40 Update to support French, Deutsch, Japanese and Spanish locales 2016-09-16 22:29:13 +08:00
robert 56a3a1d85d Removed redundant condition. 2016-09-06 14:37:05 +03:00
Wu Cheng-Han b9c59c454d Add support of i18n with related patches and support "en" and "zh" locales for now 2016-08-19 11:49:24 +08:00
Wu Cheng-Han 87f4d05e8e Update to use proper way to render view and fix upload image error should response with code 2016-08-19 11:31:23 +08:00
Wu Cheng-Han a013c9d3bc Update slide mode to show extra info and support url actions and support disqus via yaml-metadata 2016-08-15 11:25:27 +08:00
Wu Cheng-Han 7ea56c78a2 Update to support redirect back to previous url after signin 2016-08-01 00:06:07 +08:00
Wu Cheng-Han b5d3570b1a Update to raise the body-parser limit to fix "Error: request entity too large" issue 2016-07-30 11:13:13 +08:00
Max Wu 44e2dab9ee Fix the signin and logout redirect url might be empty 2016-07-08 13:37:41 +08:00
Wu Cheng-Han f7a4f8f8c2 Add rolling option on session to reset maxAge on every response to extend session life 2016-07-05 16:06:18 +08:00
Cheng-Han, Wu 8e351e7e33 Add revision api 2016-06-17 16:11:14 +08:00
Cheng-Han, Wu dbc126b156 Add support of saving note revision and improve app start and stop procedure to ensure data integrity 2016-06-17 16:09:33 +08:00
Cheng-Han, Wu 16d5e3ea80 Add maintenance mode and update to gracefully exit process on signal 2016-06-01 14:18:54 +08:00
Cheng-Han, Wu 6405bb5056 Add support of google signin 2016-05-21 22:48:00 +08:00
Cheng-Han, Wu 900141daff Remove unused passport authenticate callback function 2016-05-21 22:41:53 +08:00
Cheng-Han, Wu eb5873a94d Update to move gitlab api path to sub path and fix its find user method for PR #121 2016-05-16 18:16:45 +08:00