| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
|
|
|
|
|
|
|
|
|
| |
This mitigates unintended note creation by bots or humans through a
simple GET call.
See discussion in #754.
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
|
|\
| |
| | |
Remove pdf export code
|
| |
| |
| |
| | |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|/
|
|
| |
Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
|
|
|
|
| |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
|
|
|
|
|
|
|
| |
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.
Signed-off-by: Victor Berger <victor.berger@m4x.org>
|
|
|
|
|
|
|
|
| |
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3
Signed-off-by: ike <developer@ikewat.com>
|
|
|
|
| |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
|\
| |
| | |
make aws s3 endpoint configurable
|
| |
| |
| |
| | |
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.
There should no functional change be introduced.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.
This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| | |
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
disableRequestedAuthnContext: true|false
By default only Password authmethod is accepted, this option allows any other method.
Issue and option described here:
https://github.com/bergie/passport-saml/issues/226
Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
|
|/
|
|
|
|
|
| |
Seem like also environment variables are affected. This patch fixes that
as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Disallow creation of robots.txt in freeurl
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.
This commit fixes #1052.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|/
|
|
|
|
|
|
|
| |
Our log library got a new major version which should be implemented.
That's exactly what this patch does. Implementing the new version of the
logging library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we only provide the version from `package.json`. This means
that during updates of instances, e.g. the demo instance, which runs
latest master instead of a stable release, changes are not reflected to
the webclient.
This patch adds a fullversion string that contains the current commit
and this way makes that clients are notified about changes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Make oauth2 provider name accessible
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Right now the feature exists but is almost not usable since the only way
to configure it is to know that it exists from reading the source code
and add it to config.json. This patch provides all needed changes so it
can be used by everyone including documentation.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
| |
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
|
|
|
|
|
|
|
|
| |
As we are no longer HackMD the short tag `HMD` doesn't match anymore. We
move it to the matching prefix `CMD` and inform our users about the
change.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
| |
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.
This commit also simplifies and optimizes the avatar code.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add "generic" OAuth2 support
|
| |
| |
| |
| | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| |
| |
| |
| | |
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
Currently the session secret can only be set by config.json or docker
secrets. This creates a problem on Heroku hosted instances that can not
set a session secret.
Since we automatically generate them on startup this results in an
logout of all users on every config change in Heroku.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
| |
As minio causes various problem if you configure it using environment
variables and leave the port setting out, which will evaluate to NaN,
this change should fix this in a clean way for this time and helps to
support numbers in general in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add config option for report URI in CSP
|
| |
| |
| |
| |
| |
| |
| |
| | |
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
| |
fix hackmdio/hackmd#763
Signed-off-by: Tang TsungYi <vazontang@gmail.com>
|
|
|
|
|
|
| |
hackmdio/hackmd#754
Signed-off-by: Felix Schäfer <felix@thegcat.net>
|
|
|
|
| |
Signed-off-by: Dustin Frisch <fooker@lab.sh>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the only camel cased option of the config options
**we** added to the config.json.
In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.
Fixes #315
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add support for minio
|
| | |
|
|\ \
| | |
| | | |
Implement basic CSP support
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.
Signed-off-by: Dario Ernst <dario@kanojo.de>
|
| | | |
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Alec WM <firstcontact@owls.io>
|