summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Release 1.1.0-ceSheogorath2018-04-061-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge branch 'feature/releaseNotes1.1.0'Sheogorath2018-04-062-12/+83
|\
| * Minor fixes in relase notesSheogorath2018-04-061-9/+10
| | | | | | | | | | | | | | Fix some spelling and style issues as well as adding the latest changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add migration section to README.mdSheogorath2018-04-061-2/+9
| | | | | | | | | | | | | | As it was requested to be more visable, this commit adds a migration section about the introduced config style changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Update release notesSheogorath2018-03-301-10/+73
| | | | | | | | | | | | Providing release notes for version 1.1.0-ce Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge branch 'docs/features-1.1.0-ce'Sheogorath2018-04-061-3/+8
|\ \
| * | Provide feature changes in 1.1.0-ceSheogorath2018-03-301-3/+8
| |/ | | | | | | | | | | | | Adding some documentation for night mode and upload times. Extend the contact section for community support. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #796 from SISheogorath/feature/addMatrixChristoph (Sheogorath) Kern2018-04-065-5/+7
|\ \ | | | | | | Add matrix.org / Riot link
| * | Add matrix.org / Riot linkSheogorath2018-04-055-5/+7
|/ / | | | | | | | | | | | | | | | | | | | | | | | | As an active part of the community prefers Matrix.org over Gitter, we should link Matrix.org as a place to meet us. As the matrix and gitter channels are interconnected. We don't loose any message if a person decides to go for one or another. We use an more universal way of translation to make it easier to provide a link to various platforms. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #790 from SISheogorath/fix/nightModeCSSChristoph (Sheogorath) Kern2018-04-052-2/+21
|\ \ | | | | | | Fix modal and panel colors in night mode
| * | Fix code blocks color in night modeSheogorath2018-04-051-0/+5
| | | | | | | | | | | | | | | | | | This provides more eye-friendly code boxes when night mode is active. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | Fix modal and panel colors in night modeSheogorath2018-03-291-2/+16
| |/ | | | | | | | | | | | | | | Night mode provides a generally, dark interface. This fix provides the needed CSS to also turn modal and panels into night mode design as well. This mainly effects the help modal. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #791 from SISheogorath/fix/extendedCSPPoliciesChristoph (Sheogorath) Kern2018-04-056-9/+25
|\ \ | | | | | | Fix CSP for disqus and Google Analytics
| * | Fix CSP for disqus and Google AnalyticsSheogorath2018-03-306-9/+25
| |/ | | | | | | | | | | | | | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #789 from SISheogorath/fix/sessionSecretEnvChristoph (Sheogorath) Kern2018-03-293-0/+8
|\ \ | |/ |/| Add session data to env vars
| * Add session data to env varsSheogorath2018-03-293-0/+8
|/ | | | | | | | | | | Currently the session secret can only be set by config.json or docker secrets. This creates a problem on Heroku hosted instances that can not set a session secret. Since we automatically generate them on startup this results in an logout of all users on every config change in Heroku. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #780 from SISheogorath/fix/sessionSecretChristoph (Sheogorath) Kern2018-03-282-0/+10
|\ | | | | Automatically generate a session secret if default is used
| * Automatically generate a session secret if default is usedSheogorath2018-03-262-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #786 from SISheogorath/fix/compatiblityConfigChristoph (Sheogorath) Kern2018-03-272-6/+6
|\ \ | | | | | | Fix some issues with legacy config compatiblity
| * | Fix logical error in legacy config expressionSheogorath2018-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should check for an undefined and not just for a logical true or false. Example: When `usecdn` was set to false it was impossible to overwrite the new config value because the if statement becomes false. Thanks @davidmehren for pointing me to this issue. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | Rename forgotten valuesSheogorath2018-03-261-4/+4
| | | | | | | | | | | | | | | | | | Looks like we forgot something during the migration. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #788 from mcnesium/docs/gitlabChristoph (Sheogorath) Kern2018-03-274-0/+29
|\ \ \ | | | | | | | | Add documentation for setting up authentication with a self-hosted GitLab
| * | | Add documentation for setting up authentication with a self-hosted GitLabmcnesium2018-03-274-0/+29
|/ / / | | | | | | | | | Signed-off-by: mcnesium <git@mcnesium.com>
* | | Merge pull request #779 from SISheogorath/fix/cspForVideoChristoph (Sheogorath) Kern2018-03-261-0/+1
|\ \ \ | |/ / |/| | Allow embedding of video and audio tags
| * | Allow embedding of video and audio tagsSheogorath2018-03-251-0/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Adding mediaSrc to CSP so video and audio files can be embedded without problems. From a security perspective it should be fine to load audio and video data without introducing a high security issue. Only from a privacy perspective it allows another way to track users if there are data embedded. But it doesn't introduce any new attack vector as pictures are also allowed from everywhere. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #778 from SISheogorath/fix/nightModeToggleChristoph (Sheogorath) Kern2018-03-261-0/+1
|\ \ | |/ |/| Fix night mode button after restore
| * Fix night mode button after restoreSheogorath2018-03-251-0/+1
|/ | | | | | | | | | | The night mode toggle doesn't get the right state after restore from local storage. This results in the need to toggle twice to disable night mode. This patch adds the needed class so the toggleNightMode function gets the right state on execution. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #758 from SISheogorath/cleanup/configChristoph (Sheogorath) Kern2018-03-2529-238/+291
|\ | | | | Change config to camel case with backwards compatibility
| * Change config to camel case with backwards compatibilitySheogorath2018-03-2529-238/+291
| | | | | | | | | | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #775 from SISheogorath/feature/nightModeChristoph (Sheogorath) Kern2018-03-241-3/+18
|\ \ | |/ |/| Persist nightmode so we can re-enable it on reload
| * Persist nightmode so we can re-enable itSheogorath2018-03-231-3/+18
|/ | | | | | | | | Right now the night mode is possible to set by a toggle in the menu bar but needs to be re-enabled on every document switch, reload, etc.. This is super annoying so we should keep this state in local storage or a cookie. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #772 from SISheogorath/fix/chromeFileErrorChristoph (Sheogorath) Kern2018-03-211-4/+7
|\ | | | | Some fixes for inline-Attachments in Codemirror
| * Reorganize usage of `getAsFile()`Sheogorath2018-03-181-2/+5
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix typo in vedor extensionSheogorath2018-03-181-2/+2
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #771 from SISheogorath/refactor/imageRouterChristoph (Sheogorath) Kern2018-03-217-132/+190
|\ \ | | | | | | Refactoring imageRouter to modularity
| * | Refactoring imageRouter to modularitySheogorath2018-03-207-132/+190
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update yarn.lockSheogorath2018-03-181-0/+4
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #770 from SISheogorath/fix/ldapUUIDChristoph (Sheogorath) Kern2018-03-181-1/+8
|\ \ | | | | | | Add check for undefined UUID
| * | Add check for undefined UUIDSheogorath2018-03-181-1/+8
| |/ | | | | | | | | | | | | | | | | | | | | | | This check is needed at there are tons of LDAP implementations out there and none has at least one guaranteed unique field. As we currently check three fields and added an option to select one yourself, it's still not said that any of these fields is set. This will now create an error and fail the authentication instead of letting people may get access to other people's notes which are stored under a this way deterministic wrong userid named `LDAP-undefined`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64Christoph (Sheogorath) Kern2018-03-187-10/+101
|\ \ | | | | | | Fix to use url-safe base64 in note url
| * | Fix typoMax Wu2018-03-111-1/+1
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to show log on migrate LZString type note url in historyMax Wu2018-03-111-1/+1
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Fix to log instead of throwing error on parse note idMax Wu2018-03-111-2/+4
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Fix parseNoteId order to fix some edge caseMax Wu2018-03-101-7/+7
| | | | | | | | | | | | | | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Improve history migration performanceMax Wu2018-03-101-11/+5
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to migrate note url in the history of browser storage and cookieMax Wu2018-03-032-0/+47
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to use buffer in encode/decode note idMax Wu2018-02-271-2/+4
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Add migration for LZString compressed note id in historyMax Wu2018-02-261-1/+21
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-264-8/+34
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | | Merge pull request #757 from SISheogorath/fix/migrationChristoph (Sheogorath) Kern2018-03-171-0/+11
|\ \ \ | | | | | | | | Add missing migration for permissions