summaryrefslogtreecommitdiff
path: root/lib/config/environment.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Keep JS and env varibale name in sync (requireFreeURLAuthentication)Nicolas Dietrich2021-01-231-1/+1
| | | | Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
* Add config option which requires authentication in FreeURL modeNicolas Dietrich2021-01-221-0/+1
| | | | | | | | | This mitigates unintended note creation by bots or humans through a simple GET call. See discussion in #754. Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
* Merge pull request #596 from hedgedoc/remove-pdf-export-codeDavid Mehren2020-11-271-1/+0
|\ | | | | Remove pdf export code
| * Remove pdf export codeTilman Vatteroth2020-11-261-1/+0
| | | | | | | | Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* | Add oauth2 authorizationJoachim Mathes2020-11-251-1/+4
|/ | | | Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
* Add config option for cookie SameSite policyErik Michelson2020-08-271-0/+1
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* allow to set a saml client certificateSimeon Keske2020-07-111-0/+1
| | | | Signed-off-by: Simeon Keske <git@n0emis.eu>
* Backport of #278 for 1.6.1Victor Berger2020-06-201-1/+2
| | | | | | | This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org>
* Add Google oauth variable: hostedDomainike2020-02-081-1/+2
| | | | | | | | Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com>
* allow to define header link generation style via environment varhoijui2019-10-301-1/+2
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Merge pull request #32 from codimd/aws-endpointsSheogorath2019-09-021-1/+2
|\ | | | | make aws s3 endpoint configurable
| * make aws s3 endpoint configurableMathias Merscher2019-02-111-1/+2
| | | | | | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* | Fix eslint warningsSheogorath2019-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add config for toobusy middlewareSheogorath2019-05-251-0/+1
| | | | | | | | | | | | | | | | | | | | With very low CPU frequency or bad IO situation, as well as not-loaded JS CodiMD happens to present unneeded "I'm busy"-messages to users. This patch allows to configure the lag. The default is taken from the libray but set in our own default configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add lutim supportDylan Dervaux2019-04-101-0/+3
| | | | | | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* | Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* | Fix wrong value type for HSTS environment variableSheogorath2019-03-041-1/+1
|/ | | | | | | Seem like also environment variables are affected. This patch fixes that as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1053 from dsprenkels/robots.txtChristoph (Sheogorath) Kern2018-11-171-0/+1
|\ | | | | Disallow creation of robots.txt in freeurl
| * Disallow creation of robots.txt in freeurlDaan Sprenkels2018-11-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* | Upgrade winstonSheogorath2018-11-141-0/+1
|/ | | | | | | | | Our log library got a new major version which should be implemented. That's exactly what this patch does. Implementing the new version of the logging library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add full version stringSheogorath2018-11-111-0/+1
| | | | | | | | | | | | Currently we only provide the version from `package.json`. This means that during updates of instances, e.g. the demo instance, which runs latest master instead of a stable release, changes are not reflected to the webclient. This patch adds a fullversion string that contains the current commit and this way makes that clients are notified about changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #990 from SISheogorath/fix/oauthProviderNameChristoph (Sheogorath) Kern2018-10-091-0/+1
|\ | | | | Make oauth2 provider name accessible
| * Make oauth2 provider name accessibleSheogorath2018-10-041-0/+1
| | | | | | | | | | | | | | | | | | Right now the feature exists but is almost not usable since the only way to configure it is to know that it exists from reading the source code and add it to config.json. This patch provides all needed changes so it can be used by everyone including documentation. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add OpenID to CodiMDSheogorath2018-10-051-1/+2
|/ | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Support 'host' & 'path' config optionsMiranda Kastemaa2018-07-271-0/+2
| | | | Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
* Rename environment variables and add legacy support.Sheogorath2018-06-241-86/+86
| | | | | | | | As we are no longer HackMD the short tag `HMD` doesn't match anymore. We move it to the matching prefix `CMD` and inform our users about the change. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Allow to disable gravatarSheogorath2018-06-231-0/+1
| | | | | | | | | Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-041-0/+11
|\ | | | | Add "generic" OAuth2 support
| * Add support for generic OAuth2 providersPedro Ferreira2018-03-261-0/+11
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Add Azure Blob Storage supportÁdám Hóka2018-06-011-0/+4
| | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-161-1/+0
| |
* | Use API key instead of clientSecretSheogorath2018-04-131-0/+1
| | | | | | | | | | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add session data to env varsSheogorath2018-03-291-0/+2
|/ | | | | | | | | | | Currently the session secret can only be set by config.json or docker secrets. This creates a problem on Heroku hosted instances that can not set a session secret. Since we automatically generate them on startup this results in an logout of all users on every config change in Heroku. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-251-14/+14
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add helper function to fix number problemsSheogorath2018-03-161-3/+3
| | | | | | | | | As minio causes various problem if you configure it using environment variables and leave the port setting out, which will evaluate to NaN, this change should fix this in a clean way for this time and helps to support numbers in general in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #761 from SISheogorath/feature/reportURIChristoph (Sheogorath) Kern2018-03-141-1/+2
|\ | | | | Add config option for report URI in CSP
| * Add config option for report URI in CSPSheogorath2018-03-141-1/+2
| | | | | | | | | | | | | | | | This option is needed as it's currently not possible to add an report URI by the directives array. This option also allows to get CSP reports not only on docker based setup but also on our heroku instances. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Convert HMD_MINIO_PORT into Number type.vazontang2018-03-151-1/+1
|/ | | | | fix hackmdio/hackmd#763 Signed-off-by: Tang TsungYi <vazontang@gmail.com>
* Remove unused LDAP option `tokenSecret`Felix Schäfer2018-03-051-1/+0
| | | | | | hackmdio/hackmd#754 Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Introduce ldap.useridFieldDustin Frisch2018-03-011-0/+1
| | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Remove camel case from `imageuploadtype` in configSheogorath2018-01-271-1/+1
| | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken port configSheogorath2018-01-231-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-231-0/+7
|\ | | | | Add support for minio
| * Add support for minioMarc Deop2017-08-301-0/+7
| |
* | Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-221-0/+3
|\ \ | | | | | | Implement basic CSP support
| * | Change CSP config format to be more intuitiveLiterallie2017-10-221-0/+3
| | |
* | | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | | Fix not passing app key correctly in dropbox configWu Cheng-Han2018-01-191-1/+2
| | |
* | | Merge branch 'master' into ldap-username-fieldChristoph (Sheogorath) Kern2017-12-121-5/+5
|\ \ \
| * | | parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated arrayalecdwm2017-12-091-5/+5
| | | | | | | | | | | | | | | | Signed-off-by: Alec WM <firstcontact@owls.io>