summaryrefslogtreecommitdiff
path: root/lib/config (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #854 from hackmdio/feature/disableGravatarChristoph (Sheogorath) Kern2018-06-242-0/+2
|\ | | | | Allow to disable gravatar
| * Allow to disable gravatarSheogorath2018-06-232-0/+2
| | | | | | | | | | | | | | | | | | Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Move config out of statics pathSheogorath2018-06-242-0/+2
|/ | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible error if HackMD is started with wrong workdirSheogorath2018-06-232-0/+2
| | | | | | | | | | In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix i18n writing locale files in productionSheogorath2018-06-051-0/+3
| | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-043-0/+18
|\ | | | | Add "generic" OAuth2 support
| * Add support for generic OAuth2 providersPedro Ferreira2018-03-263-0/+18
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Add Azure Blob Storage supportÁdám Hóka2018-06-014-3/+14
| | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-162-2/+0
| |
* | Merge pull request #813 from SISheogorath/fix/googleAPIChristoph (Sheogorath) Kern2018-05-102-0/+2
|\ \ | | | | | | Workaround Google API problems
| * | Use API key instead of clientSecretSheogorath2018-04-132-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix typos for `allowAnonymousEdits`Sheogorath2018-04-101-1/+1
|/ / | | | | | | | | | | | | | | | | Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #791 from SISheogorath/fix/extendedCSPPoliciesChristoph (Sheogorath) Kern2018-04-051-0/+2
|\ \ | | | | | | Fix CSP for disqus and Google Analytics
| * | Fix CSP for disqus and Google AnalyticsSheogorath2018-03-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Add session data to env varsSheogorath2018-03-291-0/+2
|/ / | | | | | | | | | | | | | | | | | | | | Currently the session secret can only be set by config.json or docker secrets. This creates a problem on Heroku hosted instances that can not set a session secret. Since we automatically generate them on startup this results in an logout of all users on every config change in Heroku. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #780 from SISheogorath/fix/sessionSecretChristoph (Sheogorath) Kern2018-03-282-0/+10
|\ \ | | | | | | Automatically generate a session secret if default is used
| * | Automatically generate a session secret if default is usedSheogorath2018-03-262-0/+10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix logical error in legacy config expressionSheogorath2018-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | We should check for an undefined and not just for a logical true or false. Example: When `usecdn` was set to false it was impossible to overwrite the new config value because the if statement becomes false. Thanks @davidmehren for pointing me to this issue. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Rename forgotten valuesSheogorath2018-03-261-4/+4
|/ | | | | | Looks like we forgot something during the migration. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-254-78/+131
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #771 from SISheogorath/refactor/imageRouterChristoph (Sheogorath) Kern2018-03-211-0/+7
|\ | | | | Refactoring imageRouter to modularity
| * Refactoring imageRouter to modularitySheogorath2018-03-201-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add helper function to fix number problemsSheogorath2018-03-162-3/+10
|/ | | | | | | | | As minio causes various problem if you configure it using environment variables and leave the port setting out, which will evaluate to NaN, this change should fix this in a clean way for this time and helps to support numbers in general in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #761 from SISheogorath/feature/reportURIChristoph (Sheogorath) Kern2018-03-142-2/+4
|\ | | | | Add config option for report URI in CSP
| * Add config option for report URI in CSPSheogorath2018-03-142-2/+4
| | | | | | | | | | | | | | | | This option is needed as it's currently not possible to add an report URI by the directives array. This option also allows to get CSP reports not only on docker based setup but also on our heroku instances. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Convert HMD_MINIO_PORT into Number type.vazontang2018-03-151-1/+1
|/ | | | | fix hackmdio/hackmd#763 Signed-off-by: Tang TsungYi <vazontang@gmail.com>
* Remove unused LDAP option `tokenSecret`Felix Schäfer2018-03-052-2/+0
| | | | | | hackmdio/hackmd#754 Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Introduce ldap.useridFieldDustin Frisch2018-03-012-0/+2
| | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Remove camel case from `imageuploadtype` in configSheogorath2018-01-273-4/+12
| | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #691 from SISheogorath/feature/uploadChristoph (Sheogorath) Kern2018-01-231-0/+20
|\ | | | | Allow more detailed configuration of upload mime types
| * Allow more detailed configuration of upload mime typesSheogorath2018-01-201-0/+20
| | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix broken port configSheogorath2018-01-231-1/+1
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-232-0/+14
|\ \ | | | | | | Add support for minio
| * | Add support for minioMarc Deop2017-08-302-0/+14
| | |
* | | Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-222-0/+10
|\ \ \ | | | | | | | | Implement basic CSP support
| * | | Change CSP config format to be more intuitiveLiterallie2017-10-222-9/+4
| | | |
| * | | CSP: Allow more content typesLiterallie2017-10-221-3/+7
| | | |
| * | | CSP: Upgrade insecure requests if possibleLiterallie2017-10-221-2/+3
| | | | | | | | | | | | | | | | Config option; default is to only upgrade if usessl
| * | | Add basic CSP supportLiterallie2017-10-221-0/+10
| | | |
* | | | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-203-1/+3
| |_|/ |/| | | | | | | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | | Merge pull request #686 from SISheogorath/feature/configVersionChristoph (Sheogorath) Kern2018-01-191-1/+3
|\ \ \ | | | | | | | | Load version from package.json
| * | | Load version from package.jsonSheogorath2018-01-191-1/+3
| | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Fix not passing app key correctly in dropbox configWu Cheng-Han2018-01-193-3/+6
|/ / /
* | | Release 1.0.0-ceSheogorath2018-01-181-1/+1
| | |
* | | Merge pull request #636 from laysdra7265/fix/sslcapathChristoph (Sheogorath) Kern2018-01-182-2/+5
|\ \ \ | | | | | | | | Fix sslcapath bug
| * | | Update index.jsChristoph (Sheogorath) Kern2017-12-221-1/+1
| | | |
| * | | Simplify loopChristoph (Sheogorath) Kern2017-12-221-8/+3
| | | |
| * | | fixed sslcapath bugLaysDragon2017-12-052-2/+10
| | | |
* | | | Merge branch 'master' into ldap-username-fieldChristoph (Sheogorath) Kern2017-12-122-5/+12
|\ \ \ \
| * | | | parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated arrayalecdwm2017-12-092-5/+12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alec WM <firstcontact@owls.io>