summaryrefslogtreecommitdiff
path: root/lib/config (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Config: Remove image/jpgPhilip Molares2021-03-281-2/+0
| | | | | | This was done because both .jpg and .jpeg get the mime type 'image/jpeg' by FileType Signed-off-by: Philip Molares <philip.molares@udo.edu>
* Linter: Fix all lint errorsPhilip Molares2021-02-151-8/+8
| | | | Signed-off-by: Philip Molares <philip.molares@udo.edu>
* Don't add new config option in hackmd compatibility layerNicolas Dietrich2021-01-231-1/+0
| | | | Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
* Keep JS and env varibale name in sync (requireFreeURLAuthentication)Nicolas Dietrich2021-01-231-1/+1
| | | | Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
* Add config option which requires authentication in FreeURL modeNicolas Dietrich2021-01-223-0/+3
| | | | | | | | | This mitigates unintended note creation by bots or humans through a simple GET call. See discussion in #754. Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
* Merge pull request #597 from hedgedoc/fix/install-docsDavid Mehren2020-11-291-3/+3
|\
| * Replace mentions of `config.js` with `config.json`David Mehren2020-11-271-3/+3
| | | | | | | | Signed-off-by: David Mehren <git@herrmehren.de>
* | Merge pull request #596 from hedgedoc/remove-pdf-export-codeDavid Mehren2020-11-275-13/+2
|\ \ | | | | | | Remove pdf export code
| * | Remove pdf export codeTilman Vatteroth2020-11-265-13/+2
| |/ | | | | | | Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* / Add oauth2 authorizationJoachim Mathes2020-11-251-1/+4
|/ | | | Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
* apply review suggestionsTilman Vatteroth2020-11-151-1/+1
|
* Correct repo nameTilman Vatteroth2020-11-141-1/+1
| | | | Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* Replace CodiMD with HedgeDocErik Michelson2020-11-142-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in public/views Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in README Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in SECURITY.md Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in LICENSE Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in docs/configuration.md Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in bin/setup Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/guides Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/dev Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/guides/auth Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/setup Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update various links in code to the new GitHub org. Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/setup/yunohost Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rebrand to HedgeDoc: Add banner and logo Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Remove note in docs/guides/auth/github Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace links in public/docs/features Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add todo placeholder in docs/history Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace github link in public/views/index/body Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace github link in README Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add logo to README Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add note about the renaming to the front page Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Removed Travis from README.md and change CodiMD to HedgeDoc in some places Signed-off-by: Yannick Bungers <git@innay.de> Some more renaming to HedgeDoc - Fixed capitalization of HedgeDoc - Added renaming for etherpad migration doc Signed-off-by: Yannick Bungers <git@innay.de> Changed Repo name to hedgedoc Signed-off-by: Yannick Bungers <git@innay.de>
* Update documentation and messages to new default valueErik Michelson2020-09-081-1/+1
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Changed default policy from 'strict' to 'lax' due to the reasons mentioned ↵Erik Michelson2020-08-272-2/+2
| | | | | | in 3d1fab05 Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Add config option for cookie SameSite policyErik Michelson2020-08-273-0/+7
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* allow to set a saml client certificateSimeon Keske2020-07-112-0/+2
| | | | Signed-off-by: Simeon Keske <git@n0emis.eu>
* Backport of #278 for 1.6.1Victor Berger2020-06-203-3/+6
| | | | | | | This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org>
* Update CDN defaultsSheogorath2020-02-091-1/+1
| | | | | | | | | | | | | | | | | | As we noticed in our poll about CDN usage, that most people intentionally turn it off, but very little intetionally turn it on or leave it on. [1] There is also strong indicators that CDNs don't really provide any benefits in loading time and due to the small deployments of CodiMD, there is no big savings due to CDNs either. [2] Therefore this patch changes the CDN default settings to off in order to reduce the exposed user data. [1]: https://community.codimd.org/t/poll-on-cdn-usage/28 [2]: https://csswizardry.com/2019/05/self-host-your-static-assets/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add Google oauth variable: hostedDomainike2020-02-083-3/+6
| | | | | | | | Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com>
* allow to define header link generation style via environment varhoijui2019-10-301-1/+2
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* document `linkifyHeaderStyle` in default.jshoijui2019-10-301-0/+13
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Allow to generate lower case header references through the confighoijui2019-10-221-1/+2
| | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Updated forbiddenNoteIDsErik Michelson2019-09-181-1/+1
| | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* Merge pull request #168 from dargmuesli/fix/docker-secret-bufferSheogorath2019-09-031-1/+1
|\ | | | | Config: Return String Instead Of Buffer For Docker Secrets
| * Docker Secrets: Use Encoding Parameter DirectlyJonas Thelemann2019-09-031-1/+1
| | | | | | | | Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
| * Config: Return String Instead Of Buffer For Docker SecretsJonas Thelemann2019-09-031-1/+1
| | | | | | | | | | | | Prevents "TypeError: Cannot freeze array buffer views with elements". Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* | Docker Secrets: Correct Source PathJonas Thelemann2019-09-021-1/+1
|/ | | | Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* Merge pull request #32 from codimd/aws-endpointsSheogorath2019-09-021-1/+2
|\ | | | | make aws s3 endpoint configurable
| * make aws s3 endpoint configurableMathias Merscher2019-02-111-1/+2
| | | | | | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* | Disable PDF export due to security issueSheogorath2019-08-151-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future. I hope you can live with this solution for this release because I'm super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix variable names for docker secretsSheogorath2019-08-151-5/+5
| | | | | | | | | | | | | | It seems like since we switched to camelcase we missed to update some variable names in the config section. This patch fixes those. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Docker Secrets: Add DB URL SupportJonas Thelemann2019-07-011-0/+1
| | | | | | | | | | | | As the connection string may include a password it should be supported by Docker Secrets. Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* | Fix eslint warningsSheogorath2019-05-314-9/+9
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add config for toobusy middlewareSheogorath2019-05-252-0/+3
| | | | | | | | | | | | | | | | | | | | With very low CPU frequency or bad IO situation, as well as not-loaded JS CodiMD happens to present unneeded "I'm busy"-messages to users. This patch allows to configure the lag. The default is taken from the libray but set in our own default configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add lutim supportDylan Dervaux2019-04-103-3/+9
| | | | | | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* | Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-063-0/+3
| | | | | | | | | | | | | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* | Update links to new repositoriesSheogorath2019-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix shown but broken GitLab snippetsSheogorath2019-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | To provide a GitLab integration we need the GitLab integration to be configured. Otherwise we shouldn't show the Snippet button. This patch adds the requirement to the variable that decides if the import from snippets button shows up or not. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix wrong value type for HSTS environment variableSheogorath2019-03-042-2/+2
|/ | | | | | | Seem like also environment variables are affected. This patch fixes that as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Disable OpenID by defaultSheogorath2019-01-251-1/+1
| | | | | | | | | We talked about that during a community call. It turned out that not everyone likes to have OpenID on their instance. This patch disables OpenID by default. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update upload provider error messageDaan Sprenkels2018-12-211-1/+1
| | | | | | Fixes #1107. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Warn on missing serverURLSheogorath2018-11-281-0/+4
| | | | | | | | | | | We see some issues that are based on not properly configured `config.serverURL`. This patch adds a warning when `config.serverURL` is an empty value. This should provide users direct feedback about how to improve their configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix wrong maxAgeSeconds multiplicationSheogorath2018-11-191-1/+1
| | | | | | | | | | | | | | | | | | | It seems like the inital work on the hsts module expected milliseconds. This has either changed or was never true. Either way, it caused that the current defaults resulted in theory in a 1000 year HSTS policy. Luckily helmet was smart enough to not go higher than 1 year. Anyway, this patch fixes the multiplication of the configured size with 1000 by removing this multiplication. Also to simplify the reading of the defaults, we split them into their components, 60 times 60 seconds so we get one hour. 24 of those hours so we get a day and finally 365 days to get our original wanted default of one year. Reference: https://github.com/hackmdio/CodiMD/commit/d69d65ea7434eee85db4b905f0852f4d8fa7ecce Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1053 from dsprenkels/robots.txtChristoph (Sheogorath) Kern2018-11-172-0/+2
|\ | | | | Disallow creation of robots.txt in freeurl
| * Disallow creation of robots.txt in freeurlDaan Sprenkels2018-11-172-0/+2
| | | | | | | | | | | | | | | | | | | | | | Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* | Upgrade winstonSheogorath2018-11-143-0/+8
|/ | | | | | | | | Our log library got a new major version which should be implemented. That's exactly what this patch does. Implementing the new version of the logging library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1051 from SISheogorath/feature/fullversionChristoph (Sheogorath) Kern2018-11-121-1/+1
|\ | | | | Fix wrong reading from commit
| * Fix wrong reading from commitSheogorath2018-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | Right now we use a substr after reading the commit. That's definitely wrong and leads to wrong commit hashes since the first 5 chars are missing. This patch removes the substr usage here and this way fixes the generated links. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #961 from SISheogorath/feature/osTEMPChristoph (Sheogorath) Kern2018-11-111-1/+3
|\ \ | |/ |/| Use OS based tmp dir