summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md1
-rw-r--r--lib/config/default.js3
-rw-r--r--lib/config/environment.js9
-rw-r--r--lib/config/utils.js7
-rw-r--r--lib/csp.js7
-rw-r--r--lib/web/auth/ldap/index.js2
-rw-r--r--package.json1
-rw-r--r--webpackBaseConfig.js10
-rw-r--r--yarn.lock77
9 files changed, 27 insertions, 90 deletions
diff --git a/README.md b/README.md
index e65eec3e..7c577bbc 100644
--- a/README.md
+++ b/README.md
@@ -207,6 +207,7 @@ There are some config settings you need to change in the files below.
| `HMD_HSTS_MAX_AGE` | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
| `HMD_HSTS_PRELOAD` | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
| `HMD_CSP_ENABLE` | `true` | whether to enable Content Security Policy (directives cannot be configured with environment variables) |
+| `HMD_CSP_REPORTURI` | `https://<someid>.report-uri.com/r/d/csp/enforce` | Allows to add a URL for CSP reports in case of violations |
## Application settings `config.json`
diff --git a/lib/config/default.js b/lib/config/default.js
index 06e887f4..7407ec60 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -18,7 +18,8 @@ module.exports = {
directives: {
},
addDefaults: true,
- upgradeInsecureRequests: 'auto'
+ upgradeInsecureRequests: 'auto',
+ reportURI: undefined
},
protocolusessl: false,
usecdn: true,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index b83c67e5..ddc09e10 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -1,11 +1,11 @@
'use strict'
-const {toBooleanConfig, toArrayConfig} = require('./utils')
+const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils')
module.exports = {
domain: process.env.HMD_DOMAIN,
urlpath: process.env.HMD_URL_PATH,
- port: process.env.HMD_PORT,
+ port: toIntegerConfig(process.env.HMD_PORT),
urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT),
usessl: toBooleanConfig(process.env.HMD_USESSL),
hsts: {
@@ -15,7 +15,8 @@ module.exports = {
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
},
csp: {
- enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
+ enable: toBooleanConfig(process.env.HMD_CSP_ENABLE),
+ reportURI: process.env.HMD_CSP_REPORTURI
},
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
@@ -39,7 +40,7 @@ module.exports = {
secretKey: process.env.HMD_MINIO_SECRET_KEY,
endPoint: process.env.HMD_MINIO_ENDPOINT,
secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
- port: process.env.HMD_MINIO_PORT
+ port: toIntegerConfig(process.env.HMD_MINIO_PORT)
},
s3bucket: process.env.HMD_S3_BUCKET,
facebook: {
diff --git a/lib/config/utils.js b/lib/config/utils.js
index 9ff2f96d..b2406cf1 100644
--- a/lib/config/utils.js
+++ b/lib/config/utils.js
@@ -13,3 +13,10 @@ exports.toArrayConfig = function toArrayConfig (configValue, separator = ',', fa
}
return fallback
}
+
+exports.toIntegerConfig = function toIntegerConfig (configValue) {
+ if (configValue && typeof configValue === 'string') {
+ return parseInt(configValue)
+ }
+ return configValue
+}
diff --git a/lib/csp.js b/lib/csp.js
index 509bc530..b46ae8ef 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -30,6 +30,7 @@ CspStrategy.computeDirectives = function () {
addInlineScriptExceptions(directives)
}
addUpgradeUnsafeRequestsOptionTo(directives)
+ addReportURI(directives)
return directives
}
@@ -72,6 +73,12 @@ function addUpgradeUnsafeRequestsOptionTo (directives) {
}
}
+function addReportURI (directives) {
+ if (config.csp.reportURI) {
+ directives.reportUri = config.csp.reportURI
+ }
+}
+
CspStrategy.addNonceToLocals = function (req, res, next) {
res.locals.nonce = uuid.v4()
next()
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index c6746473..1a5c9938 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -37,7 +37,7 @@ passport.use(new LDAPStrategy({
id: 'LDAP-' + uuid,
username: username,
displayName: user.displayName,
- emails: user.mail ? [user.mail] : [],
+ emails: user.mail ? Array.isArray(user.mail) ? user.mail : [user.mail] : [],
avatarUrl: null,
profileUrl: null,
provider: 'ldap'
diff --git a/package.json b/package.json
index ba8b05d7..18c985b6 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,6 @@
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
"ejs": "^2.5.5",
"emojify.js": "~1.1.0",
- "engine.io-client": "^1.8.2",
"express": ">=4.14",
"express-session": "^1.14.2",
"file-saver": "^1.3.3",
diff --git a/webpackBaseConfig.js b/webpackBaseConfig.js
index 41a63e7d..e8630841 100644
--- a/webpackBaseConfig.js
+++ b/webpackBaseConfig.js
@@ -355,10 +355,7 @@ module.exports = {
},
resolve: {
- modulesDirectories: [
- path.resolve(__dirname, 'src'),
- path.resolve(__dirname, 'node_modules')
- ],
+ modulesDirectories: ['node_modules'],
extensions: ['', '.js'],
alias: {
codemirror: path.join(__dirname, 'node_modules/codemirror/codemirror.min.js'),
@@ -374,7 +371,8 @@ module.exports = {
'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'),
'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
- abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js')
+ abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
+ raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')
}
},
@@ -407,7 +405,7 @@ module.exports = {
loader: ExtractTextPlugin.extract('style-loader', 'less-loader')
}, {
test: require.resolve('js-sequence-diagrams'),
- loader: 'imports?_=lodash&Raphael=raphael'
+ loader: 'imports?_=lodash&Raphael=raphael&eve=eve'
}, {
test: /\.eot(\?v=\d+\.\d+\.\d+)?$/,
loader: 'file'
diff --git a/yarn.lock b/yarn.lock
index 9d3e1167..b19ecaa8 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -230,10 +230,6 @@ array.prototype.find@^2.0.1:
define-properties "^1.1.2"
es-abstract "^1.7.0"
-arraybuffer.slice@0.0.6:
- version "0.0.6"
- resolved "https://registry.yarnpkg.com/arraybuffer.slice/-/arraybuffer.slice-0.0.6.tgz#f33b2159f0532a3f3107a272c0ccfbd1ad2979ca"
-
arraybuffer.slice@~0.0.7:
version "0.0.7"
resolved "https://registry.yarnpkg.com/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz#3bbc4275dd584cc1b10809b89d4e8b63a69e7675"
@@ -1720,12 +1716,6 @@ debug@2.2.0:
dependencies:
ms "0.7.1"
-debug@2.3.3:
- version "2.3.3"
- resolved "https://registry.yarnpkg.com/debug/-/debug-2.3.3.tgz#40c453e67e6e13c901ddec317af8986cda9eff8c"
- dependencies:
- ms "0.7.2"
-
debug@2.6.7:
version "2.6.7"
resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.7.tgz#92bad1f6d05bbb6bba22cca88bcd0ec894c2861e"
@@ -2020,23 +2010,6 @@ end-of-stream@~0.1.5:
dependencies:
once "~1.3.0"
-engine.io-client@^1.8.2:
- version "1.8.4"
- resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-1.8.4.tgz#9fe85dee25853ca6babe25bd2ad68710863e91c2"
- dependencies:
- component-emitter "1.2.1"
- component-inherit "0.0.3"
- debug "2.3.3"
- engine.io-parser "1.3.2"
- has-cors "1.1.0"
- indexof "0.0.1"
- parsejson "0.0.3"
- parseqs "0.0.5"
- parseuri "0.0.5"
- ws "1.1.2"
- xmlhttprequest-ssl "1.5.3"
- yeast "0.1.2"
-
engine.io-client@~3.1.0:
version "3.1.4"
resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-3.1.4.tgz#4fcf1370b47163bd2ce9be2733972430350d4ea1"
@@ -2053,17 +2026,6 @@ engine.io-client@~3.1.0:
xmlhttprequest-ssl "~1.5.4"
yeast "0.1.2"
-engine.io-parser@1.3.2:
- version "1.3.2"
- resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-1.3.2.tgz#937b079f0007d0893ec56d46cb220b8cb435220a"
- dependencies:
- after "0.8.2"
- arraybuffer.slice "0.0.6"
- base64-arraybuffer "0.1.5"
- blob "0.0.4"
- has-binary "0.1.7"
- wtf-8 "1.0.0"
-
engine.io-parser@~2.1.0, engine.io-parser@~2.1.1:
version "2.1.2"
resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-2.1.2.tgz#4c0f4cff79aaeecbbdcfdea66a823c6085409196"
@@ -3149,12 +3111,6 @@ has-binary2@~1.0.2:
dependencies:
isarray "2.0.1"
-has-binary@0.1.7:
- version "0.1.7"
- resolved "https://registry.yarnpkg.com/has-binary/-/has-binary-0.1.7.tgz#68e61eb16210c9545a0a5cce06a873912fe1e68c"
- dependencies:
- isarray "0.0.1"
-
has-color@~0.1.0:
version "0.1.7"
resolved "https://registry.yarnpkg.com/has-color/-/has-color-0.1.7.tgz#67144a5260c34fc3cca677d041daf52fe7b78b2f"
@@ -4728,10 +4684,6 @@ ms@0.7.1:
version "0.7.1"
resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098"
-ms@0.7.2:
- version "0.7.2"
- resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.2.tgz#ae25cf2512b3885a1d95d7f037868d8431124765"
-
ms@2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
@@ -5051,10 +5003,6 @@ optionator@^0.8.1, optionator@^0.8.2:
type-check "~0.3.2"
wordwrap "~1.0.0"
-options@>=0.0.5:
- version "0.0.6"
- resolved "https://registry.yarnpkg.com/options/-/options-0.0.6.tgz#ec22d312806bb53e731773e7cdaefcf1c643128f"
-
orchestrator@^0.3.0:
version "0.3.8"
resolved "https://registry.yarnpkg.com/orchestrator/-/orchestrator-0.3.8.tgz#14e7e9e2764f7315fbac184e506c7aa6df94ad7e"
@@ -5176,12 +5124,6 @@ parse5@^1.5.1:
version "1.5.1"
resolved "https://registry.yarnpkg.com/parse5/-/parse5-1.5.1.tgz#9b7f3b0de32be78dc2401b17573ccaf0f6f59d94"
-parsejson@0.0.3:
- version "0.0.3"
- resolved "https://registry.yarnpkg.com/parsejson/-/parsejson-0.0.3.tgz#ab7e3759f209ece99437973f7d0f1f64ae0e64ab"
- dependencies:
- better-assert "~1.0.0"
-
parseqs@0.0.5:
version "0.0.5"
resolved "https://registry.yarnpkg.com/parseqs/-/parseqs-0.0.5.tgz#d5208a3738e46766e291ba2ea173684921a8b89d"
@@ -7205,10 +7147,6 @@ uid2@0.0.x:
version "0.0.3"
resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.3.tgz#483126e11774df2f71b8b639dcd799c376162b82"
-ultron@1.0.x:
- version "1.0.2"
- resolved "https://registry.yarnpkg.com/ultron/-/ultron-1.0.2.tgz#ace116ab557cd197386a4e88f4685378c8b2e4fa"
-
ultron@~1.1.0:
version "1.1.1"
resolved "https://registry.yarnpkg.com/ultron/-/ultron-1.1.1.tgz#9fe1536a10a664a65266a1e3ccf85fd36302bc9c"
@@ -7647,13 +7585,6 @@ write@^0.2.1:
dependencies:
mkdirp "^0.5.1"
-ws@1.1.2:
- version "1.1.2"
- resolved "https://registry.yarnpkg.com/ws/-/ws-1.1.2.tgz#8a244fa052401e08c9886cf44a85189e1fd4067f"
- dependencies:
- options ">=0.0.5"
- ultron "1.0.x"
-
ws@~3.3.1:
version "3.3.3"
resolved "https://registry.yarnpkg.com/ws/-/ws-3.3.3.tgz#f1cf84fe2d5e901ebce94efaece785f187a228f2"
@@ -7662,10 +7593,6 @@ ws@~3.3.1:
safe-buffer "~5.1.0"
ultron "~1.1.0"
-wtf-8@1.0.0:
- version "1.0.0"
- resolved "https://registry.yarnpkg.com/wtf-8/-/wtf-8-1.0.0.tgz#392d8ba2d0f1c34d1ee2d630f15d0efb68e1048a"
-
x-xss-protection@1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/x-xss-protection/-/x-xss-protection-1.0.0.tgz#898afb93869b24661cf9c52f9ee8db8ed0764dd9"
@@ -7731,10 +7658,6 @@ xmldom@=0.1.19:
version "0.1.19"
resolved "https://registry.yarnpkg.com/xmldom/-/xmldom-0.1.19.tgz#631fc07776efd84118bf25171b37ed4d075a0abc"
-xmlhttprequest-ssl@1.5.3:
- version "1.5.3"
- resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.3.tgz#185a888c04eca46c3e4070d99f7b49de3528992d"
-
xmlhttprequest-ssl@~1.5.4:
version "1.5.5"
resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz#c2876b06168aadc40e57d97e81191ac8f4398b3e"