diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | app.js | 1 | ||||
| -rw-r--r-- | lib/config/default.js | 4 | ||||
| -rw-r--r-- | lib/config/environment.js | 1 | ||||
| -rw-r--r-- | lib/config/index.js | 11 | ||||
| -rw-r--r-- | lib/config/utils.js | 33 | ||||
| -rw-r--r-- | lib/realtime.js | 2 | ||||
| -rw-r--r-- | lib/web/statusRouter.js | 2 | ||||
| -rw-r--r-- | locales/en.json | 5 | ||||
| -rw-r--r-- | public/js/render.js | 7 | ||||
| -rw-r--r-- | public/js/reveal-markdown.js | 4 | ||||
| -rw-r--r-- | public/views/index/body.ejs | 2 | ||||
| -rw-r--r-- | tmp/.keep | 0 | ||||
| -rw-r--r-- | webpack.common.js | 6 | ||||
| -rw-r--r-- | yarn.lock | 38 |
15 files changed, 74 insertions, 44 deletions
@@ -260,6 +260,7 @@ There are some config settings you need to change in the files below. | `CMD_HSTS_PRELOAD` | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) | | `CMD_CSP_ENABLE` | `true` | whether to enable Content Security Policy (directives cannot be configured with environment variables) | | `CMD_CSP_REPORTURI` | `https://<someid>.report-uri.com/r/d/csp/enforce` | Allows to add a URL for CSP reports in case of violations | +| `CMD_SOURCE_URL` | `https://github.com/hackmdio/codimd/tree/<current commit>` | Provides the link to the source code of CodiMD on the entry page (Please, make sure you change this when you run a modified version) | ***Note:** Due to the rename process we renamed all `HMD_`-prefix variables to be `CMD_`-prefixed. The old ones continue to work.* @@ -310,6 +311,7 @@ There are some config settings you need to change in the files below. | `minio` | `{ "accessKey": "YOUR_MINIO_ACCESS_KEY", "secretKey": "YOUR_MINIO_SECRET_KEY", "endpoint": "YOUR_MINIO_HOST", port: 9000, secure: true }` | When `imageUploadType` is set to `minio`, you need to set this key. Also checkout our [Minio Image Upload Guide](docs/guides/minio-image-upload.md) | | `s3` | `{ "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", "secretAccessKey": "YOUR_S3_ACCESS_KEY", "region": "YOUR_S3_REGION" }` | When `imageuploadtype` be set to `s3`, you would also need to setup this key, check our [S3 Image Upload Guide](docs/guides/s3-image-upload.md) | | `s3bucket` | `YOUR_S3_BUCKET_NAME` | bucket name when `imageUploadType` is set to `s3` or `minio` | +| `sourceURL` | `https://github.com/hackmdio/codimd/tree/<current commit>` | Provides the link to the source code of CodiMD on the entry page (Please, make sure you change this when you run a modified version) | <sup>1</sup>: relative paths are based on CodiMD's base directory @@ -178,6 +178,7 @@ app.set('view engine', 'ejs') // set generally available variables for all views app.locals.useCDN = config.useCDN app.locals.serverURL = config.serverURL +app.locals.sourceURL = config.sourceURL app.locals.allowAnonymous = config.allowAnonymous app.locals.allowAnonymousEdits = config.allowAnonymousEdits app.locals.allowPDFExport = config.allowPDFExport diff --git a/lib/config/default.js b/lib/config/default.js index c3ada982..15f11aaa 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -1,5 +1,7 @@ 'use strict' +const os = require('os') + module.exports = { domain: '', urlPath: '', @@ -39,7 +41,7 @@ module.exports = { dhParamPath: '', // other path viewPath: './public/views', - tmpPath: './tmp', + tmpPath: os.tmpdir(), defaultNotePath: './public/default.md', docsPath: './public/docs', uploadsPath: './public/uploads', diff --git a/lib/config/environment.js b/lib/config/environment.js index 6737637c..0c7c9a4f 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -3,6 +3,7 @@ const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils') module.exports = { + sourceURL: process.env.CMD_SOURCE_URL, domain: process.env.CMD_DOMAIN, urlPath: process.env.CMD_URL_PATH, host: process.env.CMD_HOST, diff --git a/lib/config/index.js b/lib/config/index.js index 501fdca3..4e1fa50d 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -8,6 +8,7 @@ const {merge} = require('lodash') const deepFreeze = require('deep-freeze') const {Environment, Permission} = require('./enum') const logger = require('../logger') +const {getGitCommit, getGitHubURL} = require('./utils') const appRootPath = path.resolve(__dirname, '../../') const env = process.env.NODE_ENV || Environment.development @@ -16,11 +17,17 @@ const debugConfig = { } // Get version string from package.json -const {version} = require(path.join(appRootPath, 'package.json')) +const {version, repository} = require(path.join(appRootPath, 'package.json')) + +const commitID = getGitCommit(appRootPath) +const sourceURL = getGitHubURL(repository.url, commitID || version) +const fullversion = commitID ? `${version}-${commitID}` : version const packageConfig = { version: version, - minimumCompatibleVersion: '0.5.0' + minimumCompatibleVersion: '0.5.0', + fullversion: fullversion, + sourceURL: sourceURL } const configFilePath = path.resolve(appRootPath, process.env.CMD_CONFIG_FILE || diff --git a/lib/config/utils.js b/lib/config/utils.js index b2406cf1..9646f8c0 100644 --- a/lib/config/utils.js +++ b/lib/config/utils.js @@ -1,5 +1,8 @@ 'use strict' +const fs = require('fs') +const path = require('path') + exports.toBooleanConfig = function toBooleanConfig (configValue) { if (configValue && typeof configValue === 'string') { return (configValue === 'true') @@ -20,3 +23,33 @@ exports.toIntegerConfig = function toIntegerConfig (configValue) { } return configValue } + +exports.getGitCommit = function getGitCommit (repodir) { + if (!fs.existsSync(repodir + '/.git/HEAD')) { + return undefined + } + let reference = fs.readFileSync(repodir + '/.git/HEAD', 'utf8') + if (reference.startsWith('ref: ')) { + reference = reference.substr(5).replace('\n', '') + reference = fs.readFileSync(path.resolve(repodir + '/.git', reference), 'utf8') + } + reference = reference.replace('\n', '') + return reference +} + +exports.getGitHubURL = function getGitHubURL (repo, reference) { + // if it's not a github reference, we handle handle that anyway + if (!repo.startsWith('https://github.com') && !repo.startsWith('git@github.com')) { + return repo + } + if (repo.startsWith('git@github.com') || repo.startsWith('ssh://git@github.com')) { + repo = repo.replace(/^(ssh:\/\/)?git@github.com:/, 'https://github.com/') + } + + if (repo.endsWith('.git')) { + repo = repo.replace(/\.git$/, '/') + } else if (!repo.endsWith('/')) { + repo = repo + '/' + } + return repo + 'tree/' + reference +} diff --git a/lib/realtime.js b/lib/realtime.js index f6c62d4e..8541bafa 100644 --- a/lib/realtime.js +++ b/lib/realtime.js @@ -887,7 +887,7 @@ function connection (socket) { // check version socket.on('version', function () { socket.emit('version', { - version: config.version, + version: config.fullversion, minimumCompatibleVersion: config.minimumCompatibleVersion }) }) diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js index fb2609ea..2b9cb65f 100644 --- a/lib/web/statusRouter.js +++ b/lib/web/statusRouter.js @@ -96,7 +96,7 @@ statusRouter.get('/config', function (req, res) { domain: config.domain, urlpath: config.urlPath, debug: config.debug, - version: config.version, + version: config.fullversion, DROPBOX_APP_KEY: config.dropbox.appKey, allowedUploadMimeTypes: config.allowedUploadMimeTypes } diff --git a/locales/en.json b/locales/en.json index 100f4f54..ead7ce2f 100644 --- a/locales/en.json +++ b/locales/en.json @@ -112,5 +112,6 @@ "This will delete your account, all notes that are owned by you and remove all references to your account from other notes.": "This will delete your account, all notes that are owned by you and remove all references to your account from other notes.", "Delete user": "Delete user", "Export user data": "Export user data", - "Help us translating on %s": "Help us translating on %s" -}
\ No newline at end of file + "Help us translating on %s": "Help us translating on %s", + "Source Code": "Source Code" +} diff --git a/public/js/render.js b/public/js/render.js index 23b8934e..ff5e2bf2 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -1,6 +1,8 @@ /* eslint-env browser, jquery */ -/* global filterXSS */ // allow some attributes + +var filterXSS = require('xss') + var whiteListAttr = ['id', 'class', 'style'] window.whiteListAttr = whiteListAttr // allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript:// @@ -71,5 +73,6 @@ function preventXSS (html) { window.preventXSS = preventXSS module.exports = { - preventXSS: preventXSS + preventXSS: preventXSS, + escapeAttrValue: filterXSS.escapeAttrValue } diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js index d15b5ebd..ad5bfd04 100644 --- a/public/js/reveal-markdown.js +++ b/public/js/reveal-markdown.js @@ -1,6 +1,6 @@ /* eslint-env browser, jquery */ -import { preventXSS } from './render' +import { preventXSS, escapeAttrValue } from './render' import { md } from './extra' /** @@ -259,7 +259,7 @@ import { md } from './extra' while ((matchesClass = mardownClassRegex.exec(classes))) { var name = matchesClass[1] var value = matchesClass[2] - if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, window.filterXSS.escapeAttrValue(value)) } + if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) { elementTarget.setAttribute(name, escapeAttrValue(value)) } } return true } diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 907cc1a8..43582d78 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -150,7 +150,7 @@ <option value="id">Bahasa Indonesia</option> </select> <p> - Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- serverURL %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- serverURL %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- serverURL %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %> + Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- serverURL %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a>| <a href="<%- sourceURL %>" target="_blank" rel="noopener"><%= __('Source Code') %></a><% if(privacyStatement) { %> | <a href="<%- serverURL %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- serverURL %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %> </p> <h6 class="social-foot"> <%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank" rel="noopener"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank" rel="noopener"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank" rel="noopener"><i class="fa fa-globe"></i> POEditor</a>') %> diff --git a/tmp/.keep b/tmp/.keep deleted file mode 100644 index e69de29b..00000000 --- a/tmp/.keep +++ /dev/null diff --git a/webpack.common.js b/webpack.common.js index 1fbf247d..1e9c0707 100644 --- a/webpack.common.js +++ b/webpack.common.js @@ -202,7 +202,6 @@ module.exports = { 'babel-polyfill', 'script-loader!jquery-ui-resizable', 'script-loader!js-url', - 'expose-loader?filterXSS!xss', 'script-loader!Idle.Js', 'expose-loader?LZString!lz-string', 'script-loader!codemirror', @@ -253,7 +252,6 @@ module.exports = { 'script-loader!handlebars', 'expose-loader?hljs!highlight.js', 'expose-loader?emojify!emojify.js', - 'expose-loader?filterXSS!xss', 'script-loader!Idle.Js', 'script-loader!gist-embed', 'expose-loader?LZString!lz-string', @@ -273,7 +271,6 @@ module.exports = { ], pretty: [ 'babel-polyfill', - 'expose-loader?filterXSS!xss', 'flowchart.js', 'js-sequence-diagrams', 'expose-loader?RevealMarkdown!reveal-markdown', @@ -298,7 +295,6 @@ module.exports = { 'script-loader!handlebars', 'expose-loader?hljs!highlight.js', 'expose-loader?emojify!emojify.js', - 'expose-loader?filterXSS!xss', 'script-loader!gist-embed', 'flowchart.js', 'js-sequence-diagrams', @@ -310,7 +306,6 @@ module.exports = { slide: [ 'babel-polyfill', 'bootstrap-tooltip', - 'expose-loader?filterXSS!xss', 'flowchart.js', 'js-sequence-diagrams', 'expose-loader?RevealMarkdown!reveal-markdown', @@ -338,7 +333,6 @@ module.exports = { 'script-loader!handlebars', 'expose-loader?hljs!highlight.js', 'expose-loader?emojify!emojify.js', - 'expose-loader?filterXSS!xss', 'script-loader!gist-embed', 'flowchart.js', 'js-sequence-diagrams', @@ -716,10 +716,10 @@ autolinker@~0.15.0: resolved "https://registry.yarnpkg.com/autolinker/-/autolinker-0.15.3.tgz#342417d8f2f3461b14cf09088d5edf8791dc9832" integrity sha1-NCQX2PLzRhsUzwkIjV7fh5HcmDI= -aws-sdk@^2.7.20: - version "2.266.1" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.266.1.tgz#1d0f14cbf82c95cec97752cd5b00df0315a67ff4" - integrity sha512-b8lisloCETh0Fx0il540i+Hbgf3hyegQ6ezoJFggfc1HIbqzvIjVJYJhOsYl1fL1o+iMUaVU4ZH8cSyoMFR2Tw== +aws-sdk@^2.345.0: + version "2.353.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.353.0.tgz#3c809d2b02834d892a3f5c3f1171273b336e5692" + integrity sha512-c5MwJhfcHwA2lC1Wq9csQvP9gz8dVGpZ64s5j9f/sWY6eZiDCQ6OWjxj+VJfpnCmfxyC/pdZO7JDGwems7dqIQ== dependencies: buffer "4.9.1" events "1.1.1" @@ -729,7 +729,7 @@ aws-sdk@^2.7.20: sax "1.2.1" url "0.10.3" uuid "3.1.0" - xml2js "0.4.17" + xml2js "0.4.19" aws-sign2@~0.6.0: version "0.6.0" @@ -7883,11 +7883,12 @@ passport-oauth@^1.0.0: passport-oauth1 "1.x.x" passport-oauth2 "1.x.x" -passport-saml@^0.31.0: - version "0.31.0" - resolved "https://registry.yarnpkg.com/passport-saml/-/passport-saml-0.31.0.tgz#e4d654cab30f018bfd39056efe7bcfa770aab463" - integrity sha1-5NZUyrMPAYv9OQVu/nvPp3CqtGM= +passport-saml@^0.35.0: + version "0.35.0" + resolved "https://registry.yarnpkg.com/passport-saml/-/passport-saml-0.35.0.tgz#06a4952bde9e003923e80efa5c6faffcf7d4f7e0" + integrity sha512-WvLhFeMhAy9GaJvuORR2M6NiW0L9KxSlQRbiTajHBJRMziJ/Yg7uZosrwpoDwhztYaB8PpG0tCuMRG43WWYoCQ== dependencies: + debug "^3.1.0" passport-strategy "*" q "^1.5.0" xml-crypto "^0.10.1" @@ -9184,7 +9185,7 @@ request@2.x, request@^2.40.0, request@^2.79.0, request@^2.81.0, request@^2.86.0: tunnel-agent "^0.6.0" uuid "^3.1.0" -request@^2.61.0: +request@^2.61.0, request@^2.88.0: version "2.88.0" resolved "https://registry.yarnpkg.com/request/-/request-2.88.0.tgz#9c2fca4f7d35b592efe57c7f0a55e81052124fef" integrity sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg== @@ -11402,15 +11403,7 @@ xml2js@0.2.8: dependencies: sax "0.5.x" -xml2js@0.4.17: - version "0.4.17" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.17.tgz#17be93eaae3f3b779359c795b419705a8817e868" - integrity sha1-F76T6q4/O3eTWceVtBlwWogX6Gg= - dependencies: - sax ">=0.6.0" - xmlbuilder "^4.1.0" - -xml2js@0.4.x, xml2js@^0.4.15: +xml2js@0.4.19, xml2js@0.4.x, xml2js@^0.4.15: version "0.4.19" resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7" integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q== @@ -11428,13 +11421,6 @@ xmlbuilder@0.4.3: resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-0.4.3.tgz#c4614ba74e0ad196e609c9272cd9e1ddb28a8a58" integrity sha1-xGFLp04K0ZbmCcknLNnh3bKKilg= -xmlbuilder@^4.1.0: - version "4.2.1" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-4.2.1.tgz#aa58a3041a066f90eaa16c2f5389ff19f3f461a5" - integrity sha1-qlijBBoGb5DqoWwvU4n/GfP0YaU= - dependencies: - lodash "^4.0.0" - xmlbuilder@^9.0.4, xmlbuilder@~9.0.1: version "9.0.7" resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" |