summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Automatically generate a session secret if default is usedSheogorath2018-03-262-0/+10
| | | | | | | | | | | | | | | | | | The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #758 from SISheogorath/cleanup/configChristoph (Sheogorath) Kern2018-03-2529-238/+291
|\ | | | | Change config to camel case with backwards compatibility
| * Change config to camel case with backwards compatibilitySheogorath2018-03-2529-238/+291
| | | | | | | | | | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #775 from SISheogorath/feature/nightModeChristoph (Sheogorath) Kern2018-03-241-3/+18
|\ \ | |/ |/| Persist nightmode so we can re-enable it on reload
| * Persist nightmode so we can re-enable itSheogorath2018-03-231-3/+18
|/ | | | | | | | | Right now the night mode is possible to set by a toggle in the menu bar but needs to be re-enabled on every document switch, reload, etc.. This is super annoying so we should keep this state in local storage or a cookie. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #772 from SISheogorath/fix/chromeFileErrorChristoph (Sheogorath) Kern2018-03-211-4/+7
|\ | | | | Some fixes for inline-Attachments in Codemirror
| * Reorganize usage of `getAsFile()`Sheogorath2018-03-181-2/+5
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix typo in vedor extensionSheogorath2018-03-181-2/+2
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #771 from SISheogorath/refactor/imageRouterChristoph (Sheogorath) Kern2018-03-217-132/+190
|\ \ | | | | | | Refactoring imageRouter to modularity
| * | Refactoring imageRouter to modularitySheogorath2018-03-207-132/+190
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update yarn.lockSheogorath2018-03-181-0/+4
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #770 from SISheogorath/fix/ldapUUIDChristoph (Sheogorath) Kern2018-03-181-1/+8
|\ \ | | | | | | Add check for undefined UUID
| * | Add check for undefined UUIDSheogorath2018-03-181-1/+8
| |/ | | | | | | | | | | | | | | | | | | | | | | This check is needed at there are tons of LDAP implementations out there and none has at least one guaranteed unique field. As we currently check three fields and added an option to select one yourself, it's still not said that any of these fields is set. This will now create an error and fail the authentication instead of letting people may get access to other people's notes which are stored under a this way deterministic wrong userid named `LDAP-undefined`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64Christoph (Sheogorath) Kern2018-03-187-10/+101
|\ \ | | | | | | Fix to use url-safe base64 in note url
| * | Fix typoMax Wu2018-03-111-1/+1
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to show log on migrate LZString type note url in historyMax Wu2018-03-111-1/+1
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Fix to log instead of throwing error on parse note idMax Wu2018-03-111-2/+4
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Fix parseNoteId order to fix some edge caseMax Wu2018-03-101-7/+7
| | | | | | | | | | | | | | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Improve history migration performanceMax Wu2018-03-101-11/+5
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to migrate note url in the history of browser storage and cookieMax Wu2018-03-032-0/+47
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to use buffer in encode/decode note idMax Wu2018-02-271-2/+4
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Add migration for LZString compressed note id in historyMax Wu2018-02-261-1/+21
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-264-8/+34
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | | Merge pull request #757 from SISheogorath/fix/migrationChristoph (Sheogorath) Kern2018-03-171-0/+11
|\ \ \ | | | | | | | | Add missing migration for permissions
| * | | Add missing migration for permissionsSheogorath2018-03-061-0/+11
| | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #769 from SISheogorath/fix/minioIntegerChristoph (Sheogorath) Kern2018-03-172-3/+10
|\ \ \ \ | |_|_|/ |/| | | Add helper function to fix number problems
| * | | Add helper function to fix number problemsSheogorath2018-03-162-3/+10
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | As minio causes various problem if you configure it using environment variables and leave the port setting out, which will evaluate to NaN, this change should fix this in a clean way for this time and helps to support numbers in general in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #761 from SISheogorath/feature/reportURIChristoph (Sheogorath) Kern2018-03-144-2/+12
|\ \ \ | | | | | | | | Add config option for report URI in CSP
| * | | Add config option for report URI in CSPSheogorath2018-03-144-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This option is needed as it's currently not possible to add an report URI by the directives array. This option also allows to get CSP reports not only on docker based setup but also on our heroku instances. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #765 from vazontang/masterChristoph (Sheogorath) Kern2018-03-141-1/+1
|\ \ \ \ | | | | | | | | | | Convert HMD_MINIO_PORT into Number type.
| * | | | Convert HMD_MINIO_PORT into Number type.vazontang2018-03-151-1/+1
|/ / / / | | | | | | | | | | | | | | | | fix hackmdio/hackmd#763 Signed-off-by: Tang TsungYi <vazontang@gmail.com>
* | | | Merge pull request #760 from thegcat/fix/support_multiple_emails_in_ldapChristoph (Sheogorath) Kern2018-03-101-1/+1
|\ \ \ \ | |/ / / |/| | | Multiple emails from LDAP are already an Array
| * | | Multiple emails from LDAP are already an ArrayFelix Schäfer2018-03-091-1/+1
|/ / / | | | | | | | | | Signed-off-by: Felix Schäfer <felix@thegcat.net>
* | | Update yarn.lockSheogorath2018-03-071-77/+0
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #756 from davidmehren/masterChristoph (Sheogorath) Kern2018-03-072-7/+4
|\ \ \ | |/ / |/| | Remove engine.io-client dependency
| * | Remove engine.io-client dependency and fix webpack configDavid Mehren2018-03-062-7/+4
|/ / | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Merge pull request #755 from thegcat/fix/remove_unused_ldap_optionsChristoph (Sheogorath) Kern2018-03-064-4/+0
|\ \ | | | | | | | | | | | | Remove unused LDAP option `tokenSecret` fixes #754
| * | Remove unused LDAP option `tokenSecret`Felix Schäfer2018-03-054-4/+0
|/ / | | | | | | | | | | hackmdio/hackmd#754 Signed-off-by: Felix Schäfer <felix@thegcat.net>
* | Merge pull request #753 from senk/patch-1Christoph (Sheogorath) Kern2018-03-051-1/+1
|\ \ | | | | | | Fix small typo
| * | Fix small typoRobin Naundorf2018-03-051-1/+1
|/ / | | | | | | Signed-off-by: Robin Naundorf <r.naundorf@fh-muenster.de>
* | Merge pull request #750 from fooker/masterChristoph (Sheogorath) Kern2018-03-035-3/+10
|\ \ | | | | | | Use ldap.usernameField over hardcoded uid fields
| * | Introduce ldap.useridFieldDustin Frisch2018-03-015-3/+10
|/ / | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | Merge pull request #744 from hackmdio/add-more-html5-tagsChristoph (Sheogorath) Kern2018-02-262-5/+17
|\ \ | |/ |/| Support more html5 tags and styles
| * Update styles of details, summary and figureMax Wu2018-02-261-2/+14
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Update to allow rp tag for rubyMax Wu2018-02-261-0/+2
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Remove manual allow details tag since default already allow itMax Wu2018-02-261-3/+1
|/ | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Merge pull request #740 from SISheogorath/feature/moreHTML5Christoph (Sheogorath) Kern2018-02-252-1/+20
|\ | | | | Extend HTML5 support by whitelisting various tags
| * Extend HTML5 support by whitelisting various tagsSheogorath2018-02-252-1/+20
|/ | | | | | | | | | | | HTML5 provides a wide feature set of useful elements. Since Markdown usually supports HTML it should be able to use these HTML5 tags as well. As they were requested by some users and they where checked for being safe, whitelisting them isn't a problem. To make the experience the same as on GitHub when it comes to the basic look and feel of the rendered markdown, some CSS was added to make the summary and the details tag look like on GitHub. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #739 from SISheogorath/fix/sublime-escChristoph (Sheogorath) Kern2018-02-251-3/+3
|\ | | | | Allow the usage of the esc-key by codemirror
| * Allow the usage of the esc-key by codemirrorSheogorath2018-02-241-3/+3
|/ | | | | | | | | | | | | This change allows all input modes of codemirror to use the information from an input esc-key and make this way vim and sublime more functional. To prevent this change from breaking the return from the fullscreen mode, it catches the esc-key in this case. Hopefully this is an acceptable solution. As before the vim-mode is handled different in fulltext-mode as it is esc-key heavy. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>