Gereon Dusella
56e01fa76e
added an Environment Variable `CMD_DEFAULT_TOC_DEPTH` to set default toc depth
...
Signed-off-by: Gereon Dusella <git@gereondusella.de>
2020-06-03 17:38:28 +02:00
Raccoon
ac6021a579
fix: returning 500 when getStatus failed
...
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-17 03:25:57 +08:00
Raccoon
a3742e4564
fix: getStatus should reject promise
...
1. reject promise when getStatus failed
2. change to use promise-way call getStatus in debug message
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-05-17 03:25:20 +08:00
Raccoon
54ab0a08de
Merge pull request #1512 from stregouet/oauth2-state
...
fix: add state parameter for oauth2
2020-05-13 16:26:26 +08:00
Raccoon
20bacfbaf1
Merge pull request #1507 from tarlety/feature-metrics-merge-develop
...
Exporting metrics for node.js, express, router, and codimd realtime status.
2020-05-13 16:25:38 +08:00
Samuel Trégouët
6ff6d215ab
fix: add state parameter for oauth2
...
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:
description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."
[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/
Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
2020-05-11 15:59:49 +02:00
tarlety
ac31e51d67
Fix session flood issue after prometheus metrics are implemented.
...
Root cause:
- prometheus metrics '/metrics/codimd' exported by 3ca0341 are still in 'routes need sessions' section.
- prometheus scrapes metrics repeatedly.
- new session created every time while prometheus scrapes metrics '/metrics/codimd'.
Solution:
- move /metrics/codimd from lib/routes.js to lib/metrics.js.
- move /metrics/codimd from section 'routes need sessions' of app.js to 'routes without sessions'.
Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-04 20:57:46 +08:00
tarlety
09eb8556db
Exporting metrics for node.js, express, router, and codimd realtime status.
...
1. **/metrics/router** : exporting node.js/express Prometheus metrics by
[prometheus-api-metrics](https://www.npmjs.com/package/prometheus-api-metrics )
2. **/metrics/codimd** : exporting codimd realtime status (/status) as
Prometheus metrics
Signed-off-by: tarlety <tarlety@gmail.com>
2020-05-01 22:17:22 +08:00
Lucas Druschke
bcd92f500f
return errorForbidden when anonymous user tries to create freeUrl pad ( closes #1499 )
...
Signed-off-by: Lucas Druschke <ldruschk@posteo.de>
2020-04-29 22:42:56 +02:00
Rafal Proszowski
e1977a1da7
Fix GitHub's avatar URL
...
At the moment, the URL is being composed and modified with the use of
string composition.
This causes issues, if the URL returned by GitHub slightly differs from
the time developer initially had a look into it.
In our case, the URL from GitHub has two query parameters in it, whilst
the codebase only expected one.
This change will take all of these parameters and only set the one we
care about, whilst leaving others intact and carry on with the full URL.
Fixes #1489
Signed-off-by: Rafal Proszowski <paroxp@gmail.com>
2020-04-20 12:25:32 +01:00
BinotaLIU
d4d0120ab7
prevert directly call of User.hashPassword()
...
this preverted changes made in 7b8576d. now we use hooks to hash password.
no need to call User.hashPassword() manually.
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
BinotaLIU
027195e973
add hooks for hash password
...
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:13 +08:00
BinotaLIU
f618576193
use async hashPassword/verifyPassword
...
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
BinotaLIU
ec206db173
add methods for password hashing in User model
...
Signed-off-by: BinotaLIU <me@binota.org>
2020-04-20 00:04:12 +08:00
Raccoon
2fe10a78b7
chore: change aws-sdk to @aws-sdk/client-s3-node, reduced module size
...
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-04-12 02:24:35 +08:00
Raccoon
421ccbfc25
fix: lutim not required properly
...
Signed-off-by: Raccoon <raccoon@hackmd.io>
2020-04-12 02:11:43 +08:00
Raccoon
e72bcfe0ea
Merge pull request #1459 from hackmdio/feat/improve-version-check
...
Improve version checker behavior
2020-04-05 15:36:10 +08:00
Raccoon
1b80245546
Merge pull request #1453 from moycat/feature/oauth-avatar
...
Support avatar for OAuth users
2020-03-26 05:17:27 +08:00
Mark Steve Samson
72c9d049f7
Fix check for creating free url notes
...
Signed-off-by: Mark Steve Samson <marksteve@thinkingmachin.es>
2020-03-17 21:00:16 +08:00
Raccoon
bd508b166f
Update lib/web/middleware/checkVersion.js
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-17 02:24:01 +08:00
BoHong Li
b49a4e24f1
feat(versionCheck): add timeout to 1s and change logger type to avoid log error to disturb user
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-17 01:24:38 +08:00
Kishan Mehta
a1a69a75c0
Add correct path for minio
...
This should fix #1452
Signed-off-by: Kishan Mehta <kishan@scrapinghub.com>
2020-03-13 18:22:40 +05:30
moycat
46fdb6a6f0
Support avatar for OAuth users
...
Signed-off-by: Moycat <i@moy.cat>
2020-03-12 13:48:18 +08:00
BoHong Li
3ae3cb191d
fix: some environment variables not in docker secret
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-06 20:51:25 +08:00
Max Wu
fc662661a8
fix: only enable dropbox directives when config is given
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-03-03 18:35:57 +08:00
Max Wu
e2c31e4cb3
fix: allow Dropbox dropins in CSP directives
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-03-03 17:25:36 +08:00
Max Wu
5c9438697a
Merge pull request #1435 from hackmdio/feat/remove-old-config
...
Remove old config and environment
2020-03-02 21:55:24 +08:00
BoHong Li
48582617ad
doc: remove HMD related and remove docs
...
All docs migrate to online documentation now and store in `codimd-docs`
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 18:35:25 +08:00
Max Wu
d658903d01
Merge pull request #1433 from hackmdio/feature/disable-include-subdomain-hsts
...
Disable HSTS IncludeSubdomain, to prevent unexpected behavior
2020-03-02 18:29:03 +08:00
BoHong Li
ffe0783869
feat: old config and environment is not use anymore
...
BREAKING CHANGE: remove old config and environment
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 12:06:28 +08:00
BoHong Li
ac0f5a9461
feat: change default anonymous setting
...
BREAKING CHANGE: change allowAnonymous to `false` and setup
allowAnonymousEdits and allowAnonymousViews to `true`
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 11:58:29 +08:00
BoHong Li
40b6b06f57
feat(hsts): trun includeSubdomain to false
...
BREAKING CHANGE: change default setting from `true` to `false`
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-03-02 11:53:35 +08:00
Max Wu
c9badcf2e4
Merge pull request #1426 from hackmdio/feat/support-google-hosted-name
...
Support hostedName in google OAuth provider
2020-02-28 18:03:19 +08:00
BoHong Li
b9f0e37eee
feat: support hostedName in google OAuth 2.0 provider
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 17:53:04 +08:00
Max Wu
371e985e29
Merge pull request #1289 from hackmdio/feature/embed-geolocation
...
Support embedding geolocation data
2020-02-28 17:37:23 +08:00
Yukai Huang
1a000226b0
fix: unwrap the geo div and throw error when input
...
location search not found
also fix the CSP rule that the img with data src might be violated
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
Co-authored-by: Max Wu <jackymaxj@gmail.com>
2020-02-28 15:48:09 +08:00
BoHong Li
72c5b0d14e
feat: support customize scope in OAuth2 provider
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 02:13:58 +08:00
BoHong Li
d5d0f3d820
fix: extractProfileAttribute not working correctly
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-28 01:53:25 +08:00
Raccoon
50cbf036e3
Merge pull request #1420 from hackmdio/feature/upgrade-reveal.js-3.9.2
...
Feature/upgrade reveal.js 3.9.2
2020-02-27 19:04:52 +08:00
BoHong Li
b8fb9dbb9e
fix: download pdf twice may crash server
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-27 00:02:18 +08:00
Max Wu
adf3503c31
feat: update CSP nonce for reveal.js 3.9.2 speaker notes feature
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-02-26 22:36:25 +08:00
BoHong Li
da3fd00577
refactor: change errorServiceUnavailable function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:26:56 +08:00
BoHong Li
13ed2e6b44
refactor: change errorInternalError function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:26:01 +08:00
BoHong Li
8787177991
refactor: change errorTooLong function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:23:55 +08:00
BoHong Li
35a2135b36
refactor: change errorBadRequest function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:22:59 +08:00
BoHong Li
09a353ffcc
refactor: change errorNotFound function signature to avoid parameter passing error
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:20:42 +08:00
BoHong Li
6b1ce381df
fix: change errorForbidden function signature, add req into function parameter
...
avoid incorrect function parameter passing
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 11:13:45 +08:00
BoHong Li
7870b82249
fix: server throw TypeError when user not sign-in
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 10:25:25 +08:00
BoHong Li
db615e5111
fix: page broken when shortId doesn't exists
...
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2020-02-26 10:25:25 +08:00
Raccoon
d22ea95fb6
Merge pull request #1399 from hackmdio/feature/version-check
...
Version check middleware & logging
2020-02-24 16:13:50 +08:00