summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #1069 from SISheogorath/fix/to-markdownChristoph (Sheogorath) Kern2018-11-242-3/+8
|\ | | | | Update from to-markdown to turndown
| * Update from to-markdown to turndownSheogorath2018-11-212-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1071 from SISheogorath/fix/node-uuidChristoph (Sheogorath) Kern2018-11-241-1/+0
|\ \ | | | | | | Remove node-uuid
| * | Remove node-uuidSheogorath2018-11-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated in favor of `uuid`. It seems like we already switched a while ago, but somehow missed to remove the dependency. This patch does exactly that. It removes the dependency from `package.json` and this way removes the warning during install about `node-uuid` being deprecated. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update ko.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-231-3/+11
| | |
* | | Update it.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-231-1/+2
|/ /
* | Update yarn.lockSheogorath2018-11-211-1760/+1657
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1070 from SISheogorath/fix/configExampleChristoph (Sheogorath) Kern2018-11-211-1/+1
|\ \ | |/ |/| Fix typo in config.json.example
| * Fix typo in config.json.exampleSheogorath2018-11-211-1/+1
|/ | | | | | | | | | We recently added the new logging option. As it turns out, the new option was not added correctly, which points out that our current json linting is **not working**. It throws an error but doesn't break. This patch fixes the typo in the example. It does not fix the CI part. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1063 from SISheogorath/fix/nodeVersionChristoph (Sheogorath) Kern2018-11-212-1/+7
|\ | | | | After removing ws, node version 10 should work
| * After removing ws, node version 10 should workSheogorath2018-11-192-1/+7
| | | | | | | | | | | | | | | | | | | | In my local environment I switched to Fedora 29. Fedora 29 comes with NodeJS version 10. As far as I can say, it works, so let's try to remove the restriction to "<10.x" Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1066 from SISheogorath/update/scryptChristoph (Sheogorath) Kern2018-11-212-2/+2
|\ \ | | | | | | Switch scrypt library to a successor
| * | Switch scrypt library to a successorSheogorath2018-11-212-2/+2
|/ / | | | | | | | | | | | | | | | | | | | | | | | | Since our previous scrypt library is unmaintained since 3 years, it's time to look for an alternative. A refactoring towards another password algorithm was worked on and this is probably still the way to go. But for now the successor of our previous library should already be enough. https://www.npmjs.com/package/scrypt (old library) https://github.com/ml1nk/node-scrypt (new library) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1065 from SISheogorath/update/reveal.jsChristoph (Sheogorath) Kern2018-11-212-4/+4
|\ \ | | | | | | Update reveal.js to version 3.7.0
| * | Update reveal.js to version 3.7.0Sheogorath2018-11-192-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a new reveal.js version out. As we try to keep up with upstream, time to integreate it. This patch updates reveal.js in for CDN-using instances as well as the ones using the libraries. Checked that speaker view in slide mode still works, so no CSP change needed. https://github.com/hakimel/reveal.js/releases/tag/3.7.0 https://github.com/hackmdio/codimd/blob/2d241b93002a3a23f81ffe8fab82f2c6c98feca4/lib/csp.js#L72-L74 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #1064 from SISheogorath/fix/hstsSecondsChristoph (Sheogorath) Kern2018-11-212-2/+2
|\ \ \ | |/ / |/| | Fix wrong maxAgeSeconds multiplication
| * | Fix wrong maxAgeSeconds multiplicationSheogorath2018-11-192-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems like the inital work on the hsts module expected milliseconds. This has either changed or was never true. Either way, it caused that the current defaults resulted in theory in a 1000 year HSTS policy. Luckily helmet was smart enough to not go higher than 1 year. Anyway, this patch fixes the multiplication of the configured size with 1000 by removing this multiplication. Also to simplify the reading of the defaults, we split them into their components, 60 times 60 seconds so we get one hour. 24 of those hours so we get a day and finally 365 days to get our original wanted default of one year. Reference: https://github.com/hackmdio/CodiMD/commit/d69d65ea7434eee85db4b905f0852f4d8fa7ecce Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update yarn.lockSheogorath2018-11-191-397/+383
|/ / | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1043 from SISheogorath/fix/tocEmptyHeadChristoph (Sheogorath) Kern2018-11-193-6/+9
|\ \ | | | | | | Fix ToC breaking documents with empty h* elements
| * | Fix wrong anchorsSheogorath2018-11-192-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While experimenting with the ToC changes, it became obvious that anchors for those unnamed headers don't work. This patch fixes those links by running the autolinkify twice and make sure linkify only adds links to non-empty ids. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | Fix ToC breaking documents with empty h* elementsSheogorath2018-11-191-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now, the ToC has an undefined variable i that was an index in the original ToC code. Since the major rewrite in 4fe062085324c50f2cfa062258559cf31858ef5f it's a recursive function without this index. The variable `i` was wrongly copied into its current place from the old code. This patch replaces the variable `i` with the index of the header element. Fix the undefined variable problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #1061 from SISheogorath/feature/updateHintsChristoph (Sheogorath) Kern2018-11-191-0/+4
|\ \ \ | | | | | | | | Add hints about how to be informed about updates
| * | | Add hints about how to be informed about updatesSheogorath2018-11-181-0/+4
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Keeping people in the loop about new version of CodiMD is not easy. When people don't keep an eye on GitHub it's easy to miss new versions. To help people keeping their software up to date, this patch adds hints to check out our community channel or simply the GitHub Atom feed generated for based on the release page to get informed about new versions. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update de.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-103/+35
| | |
* | | Update fr.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-103/+35
| | |
* | | Update nl.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-103/+35
| | |
* | | Update zh-TW.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-103/+35
| | |
* | | Update zh-CN.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-103/+35
| | |
* | | Update de.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-33/+103
| | |
* | | Update fr.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-34/+103
| | |
* | | Update nl.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-10/+16
| | |
* | | Update zh-TW.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-107/+184
| | |
* | | Update zh-CN.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-108/+184
| | |
* | | Merge pull request #1060 from SISheogorath/fix/indexLinksChristoph (Sheogorath) Kern2018-11-181-3/+3
|\ \ \ | |/ / |/| | Fixing links on index page
| * | Fixing links on index pageSheogorath2018-11-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Seems like ids in Firefox are case sensitive. So linking in the current way fails. This patch fixes the links by using the exact matching version of the titles on the features page. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update nl.json (POEditor.com)Christoph (Sheogorath) Kern2018-11-181-105/+178
| | |
* | | Merge pull request #1053 from dsprenkels/robots.txtChristoph (Sheogorath) Kern2018-11-174-1/+5
|\ \ \ | | | | | | | | Disallow creation of robots.txt in freeurl
| * | | Disallow creation of robots.txt in freeurlDaan Sprenkels2018-11-174-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* | | | Merge pull request #943 from SISheogorath/feature/improveSetupChristoph (Sheogorath) Kern2018-11-172-5/+7
|\ \ \ \ | | | | | | | | | | Some minor improvements for setup script
| * | | | Run db migrations on startSheogorath2018-09-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should force db migrations to run on every start. This will minimize the impact of breaking migrations in future. While it may causes some issues with the next start since CodiMD won't start when the migrations fail. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | | | Some minor improvements for setup scriptSheogorath2018-09-061-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we use `yarn` for our container setup and try to enforce dependencies, we should also use yarn in the setup script. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | | Merge pull request #1040 from sunbit/masterChristoph (Sheogorath) Kern2018-11-178-8/+8
|\ \ \ \ \ | | | | | | | | | | | | Fix migration failure due to change on error messages
| * | | | | Update error message text checksCarles Bruguera2018-11-168-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Carles Bruguera <carlesba@gmail.com>
* | | | | | Merge pull request #1059 from SISheogorath/fix/winstonStreamingChristoph (Sheogorath) Kern2018-11-172-2/+10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix streaming for winston
| * | | | | | Fix streaming for winstonSheogorath2018-11-162-2/+10
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During the upgrade of winston in c3584770f24205d84b9399abd9535cb27dc7b00c a the class extension for streaming was removed. This caused silent crashes. Somehow winston simply called `process.exit(1)` whenever `logger.write()` was called. This is really bad and only easy to debug because of the testing right after upgrading. However, reimplementing the stream interface as it was, didn't work, due to the fact that `logger.write()` is already implemented and causes the mentioned problem. So we extent the object with an `stream` object that implements `write()` for streams and pass that to morgan. So this patch fixes unexpected exiting for streaming towards our logging module. References: https://www.digitalocean.com/community/tutorials/how-to-use-winston-to-log-node-js-applications https://github.com/hackmdio/codimd/commit/c3584770f24205d84b9399abd9535cb27dc7b00c https://stackoverflow.com/a/28824464 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | | | Merge pull request #1058 from ccoenen/bug/oauth2internalerrorChristoph (Sheogorath) Kern2018-11-161-4/+4
|\ \ \ \ \ \ | | | | | | | | | | | | | | InternalOAuthError is not part of passport, but of passport-oauth2 #1056
| * | | | | | InternalOAuthError is not part of passport, but of passport-oauth2Claudius Coenen2018-11-141-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes part of #1056: an error while obtaining the profile would have `502`-crashed the server. Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | | | | | | Merge pull request #1057 from ccoenen/eslintChristoph (Sheogorath) Kern2018-11-1613-44/+75
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | switching to eslint for code checking
| * | | | | | switching to eslint for code checkingClaudius Coenen2018-11-1413-44/+75
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | | | | | Merge pull request #1055 from SISheogorath/upgrade/winstonChristoph (Sheogorath) Kern2018-11-147-17/+25
|\ \ \ \ \ \ | | | | | | | | | | | | | | Upgrade winston / refactor logging