| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
As it was requested to be more visable, this commit adds a migration
section about the introduced config style changes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
| |
Providing release notes for version 1.1.0-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Automatically generate a session secret if default is used
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The session secret is used to sign and authenticate the session cookie
and this way very important for the authentication process.
By default the session secret is set to `secret` and never changes. This
commit will add a generator for a dynamic session secret if it stays
unchanged.
It prevents session hijacking this way and will warn the user about
the missing secret.
This also implies that on a restart without configured session secret
will log out all users. While it may seems annoying, it's for the users
best.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Fix some issues with legacy config compatiblity
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should check for an undefined and not just for a logical true or
false.
Example: When `usecdn` was set to false it was impossible to overwrite
the new config value because the if statement becomes false.
Thanks @davidmehren for pointing me to this issue.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Looks like we forgot something during the migration. This should fix it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \ \
| | | |
| | | | |
Add documentation for setting up authentication with a self-hosted GitLab
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: mcnesium <git@mcnesium.com>
|
| |\ \ \
| |/ /
|/| | |
Allow embedding of video and audio tags
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adding mediaSrc to CSP so video and audio files can be embedded without
problems.
From a security perspective it should be fine to load audio and video
data without introducing a high security issue. Only from a privacy
perspective it allows another way to track users if there are data
embedded. But it doesn't introduce any new attack vector as pictures are
also allowed from everywhere.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| |/
|/| |
Fix night mode button after restore
|
| |/
|
|
|
|
|
|
|
|
|
| |
The night mode toggle doesn't get the right state after restore from
local storage. This results in the need to toggle twice to disable night
mode.
This patch adds the needed class so the toggleNightMode function gets
the right state on execution.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Change config to camel case with backwards compatibility
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| |/
|/| |
Persist nightmode so we can re-enable it on reload
|
| |/
|
|
|
|
|
|
|
| |
Right now the night mode is possible to set by a toggle in the menu bar
but needs to be re-enabled on every document switch, reload, etc.. This
is super annoying so we should keep this state in local storage or
a cookie.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Some fixes for inline-Attachments in Codemirror
|
| | |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Refactoring imageRouter to modularity
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This should make the imageRouter more modular and easier to extent. Also
a lot of code duplication was removed which should simplify maintenance
in future.
In the new setup we only need to provide a new module file which exports
a function called `uploadImage` and takes a filePath and a callback as
argument. The callback itself takes an error and an url as parameter.
This eliminates the need of a try-catch-block around the statement and
re-enabled the optimization in NodeJS.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Add check for undefined UUID
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This check is needed at there are tons of LDAP implementations out there
and none has at least one guaranteed unique field. As we currently check
three fields and added an option to select one yourself, it's still not
said that any of these fields is set. This will now create an error
and fail the authentication instead of letting people may get access to
other people's notes which are stored under a this way deterministic
wrong userid named `LDAP-undefined`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Fix to use url-safe base64 in note url
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
that LZString note url could be parsed by base64url note url and thus return wrong note id
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Add missing migration for permissions
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Add helper function to fix number problems
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As minio causes various problem if you configure it using environment
variables and leave the port setting out, which will evaluate to NaN,
this change should fix this in a clean way for this time and helps to
support numbers in general in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \ \
| | | |
| | | | |
Add config option for report URI in CSP
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Convert HMD_MINIO_PORT into Number type.
|
| |/ / / /
| | | |
| | | |
| | | |
| | | | |
fix hackmdio/hackmd#763
Signed-off-by: Tang TsungYi <vazontang@gmail.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Multiple emails from LDAP are already an Array
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Felix Schäfer <felix@thegcat.net>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \ \
| |/ /
|/| | |
Remove engine.io-client dependency
|
| |/ /
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Remove unused LDAP option `tokenSecret`
fixes #754
|
| |/ /
| |
| |
| |
| |
| | |
hackmdio/hackmd#754
Signed-off-by: Felix Schäfer <felix@thegcat.net>
|
