summaryrefslogtreecommitdiff
path: root/lib/config/index.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Changed default policy from 'strict' to 'lax' due to the reasons mentioned ↵Erik Michelson2020-08-271-1/+1
| | | | | | in 3d1fab05 Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Add config option for cookie SameSite policyErik Michelson2020-08-271-0/+5
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Disable PDF export due to security issueSheogorath2019-08-151-0/+6
| | | | | | | | | | | | As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future. I hope you can live with this solution for this release because I'm super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix eslint warningsSheogorath2019-05-311-6/+6
| | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add lutim supportDylan Dervaux2019-04-101-2/+2
| | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* Update links to new repositoriesSheogorath2019-03-271-1/+1
| | | | | | | | | | | | After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix shown but broken GitLab snippetsSheogorath2019-03-051-1/+1
| | | | | | | | | | To provide a GitLab integration we need the GitLab integration to be configured. Otherwise we shouldn't show the Snippet button. This patch adds the requirement to the variable that decides if the import from snippets button shows up or not. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update upload provider error messageDaan Sprenkels2018-12-211-1/+1
| | | | | | Fixes #1107. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Warn on missing serverURLSheogorath2018-11-281-0/+4
| | | | | | | | | | | We see some issues that are based on not properly configured `config.serverURL`. This patch adds a warning when `config.serverURL` is an empty value. This should provide users direct feedback about how to improve their configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Upgrade winstonSheogorath2018-11-141-0/+6
| | | | | | | | | Our log library got a new major version which should be implemented. That's exactly what this patch does. Implementing the new version of the logging library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add full version stringSheogorath2018-11-111-2/+9
| | | | | | | | | | | | Currently we only provide the version from `package.json`. This means that during updates of instances, e.g. the demo instance, which runs latest master instead of a stable release, changes are not reflected to the webclient. This patch adds a fullversion string that contains the current commit and this way makes that clients are notified about changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix menu for github and dropboxCédric Couralet2018-11-071-0/+2
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Add OpenID to CodiMDSheogorath2018-10-051-0/+1
| | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* removing superfluous config parameters for template filesClaudius2018-09-261-8/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* lib/config: use `path.resolve` instead of `path.join`WilliButz2018-09-261-14/+14
| | | | | | | | | | | While paths like `tmpPath` could previously be configured, they were all interpreted relative to `appRootPath` because of `path.join`. Now the configurable paths can be canonical and therefore independent of the `appRootPath`. Signed-off-by: WilliButz <wbutz@cyberfnord.de>
* lib/config: add environment variable to set config fileWilliButz2018-09-261-1/+2
| | | | | | | | | | Previously it was assumed that `config.json` would be placed in the same directory as the rest of CodiMD without any optional override. This allows to override the path to the `config.json` by setting `CMD_CONFIG_FILE` to the canonical path of the desired config file. Signed-off-by: WilliButz <wbutz@cyberfnord.de>
* Omit unneeded warning if no gitlab is configuredSheogorath2018-09-251-1/+1
| | | | | | | This patch should fix the unneeded warning of the wrong API version, when gitlab isn't configured at all. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* BUGFIX: wrong version check for gitlab apiAlexander Hesse2018-08-231-2/+2
| | | | Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-0/+6
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Upload images to the filesystem by default, rather than to imgurMaxence Ahlouche2018-07-091-1/+1
| | | | Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
* Rename HackMD view to CodiMDSheogorath2018-06-241-1/+1
| | | | | | | | Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rename environment variables and add legacy support.Sheogorath2018-06-241-0/+6
| | | | | | | | As we are no longer HackMD the short tag `HMD` doesn't match anymore. We move it to the matching prefix `CMD` and inform our users about the change. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Move config out of statics pathSheogorath2018-06-241-0/+1
| | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible error if HackMD is started with wrong workdirSheogorath2018-06-231-0/+1
| | | | | | | | | | In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix i18n writing locale files in productionSheogorath2018-06-051-0/+3
| | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-041-0/+1
|\ | | | | Add "generic" OAuth2 support
| * Add support for generic OAuth2 providersPedro Ferreira2018-03-261-0/+1
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Add Azure Blob Storage supportÁdám Hóka2018-06-011-2/+2
| | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | Fix typos for `allowAnonymousEdits`Sheogorath2018-04-101-1/+1
| | | | | | | | | | | | | | | | | | Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #780 from SISheogorath/fix/sessionSecretChristoph (Sheogorath) Kern2018-03-281-0/+9
|\ \ | | | | | | Automatically generate a session secret if default is used
| * | Automatically generate a session secret if default is usedSheogorath2018-03-261-0/+9
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Fix logical error in legacy config expressionSheogorath2018-03-261-2/+2
|/ | | | | | | | | | | | We should check for an undefined and not just for a logical true or false. Example: When `usecdn` was set to false it was impossible to overwrite the new config value because the if statement becomes false. Thanks @davidmehren for pointing me to this issue. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-251-29/+42
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Refactoring imageRouter to modularitySheogorath2018-03-201-0/+7
| | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove camel case from `imageuploadtype` in configSheogorath2018-01-271-2/+8
| | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #691 from SISheogorath/feature/uploadChristoph (Sheogorath) Kern2018-01-231-0/+20
|\ | | | | Allow more detailed configuration of upload mime types
| * Allow more detailed configuration of upload mime typesSheogorath2018-01-201-0/+20
| | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-201-1/+1
|/ | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* Load version from package.jsonSheogorath2018-01-191-1/+3
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release 1.0.0-ceSheogorath2018-01-181-1/+1
|
* Merge pull request #636 from laysdra7265/fix/sslcapathChristoph (Sheogorath) Kern2018-01-181-1/+4
|\ | | | | Fix sslcapath bug
| * Update index.jsChristoph (Sheogorath) Kern2017-12-221-1/+1
| |
| * Simplify loopChristoph (Sheogorath) Kern2017-12-221-8/+3
| |
| * fixed sslcapath bugLaysDragon2017-12-051-1/+9
| |
* | Initial support for SAML authenticationNorihito Nakae2017-11-281-0/+1
|/
* Add mattermost authenticationChristoph Witzany2017-10-311-0/+1
|
* Adds PDF export via configgeekyd2017-10-251-1/+3
|
* Read to correct tlsca file pathtkykm2017-06-011-2/+2
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-0/+112
* Separate different config source to each files * Freeze config object