summaryrefslogtreecommitdiff
path: root/lib/config (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-063-0/+3
| | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* Update links to new repositoriesSheogorath2019-03-271-1/+1
| | | | | | | | | | | | After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix shown but broken GitLab snippetsSheogorath2019-03-051-1/+1
| | | | | | | | | | To provide a GitLab integration we need the GitLab integration to be configured. Otherwise we shouldn't show the Snippet button. This patch adds the requirement to the variable that decides if the import from snippets button shows up or not. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix wrong value type for HSTS environment variableSheogorath2019-03-042-2/+2
| | | | | | | Seem like also environment variables are affected. This patch fixes that as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Disable OpenID by defaultSheogorath2019-01-251-1/+1
| | | | | | | | | We talked about that during a community call. It turned out that not everyone likes to have OpenID on their instance. This patch disables OpenID by default. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update upload provider error messageDaan Sprenkels2018-12-211-1/+1
| | | | | | Fixes #1107. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Warn on missing serverURLSheogorath2018-11-281-0/+4
| | | | | | | | | | | We see some issues that are based on not properly configured `config.serverURL`. This patch adds a warning when `config.serverURL` is an empty value. This should provide users direct feedback about how to improve their configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix wrong maxAgeSeconds multiplicationSheogorath2018-11-191-1/+1
| | | | | | | | | | | | | | | | | | | It seems like the inital work on the hsts module expected milliseconds. This has either changed or was never true. Either way, it caused that the current defaults resulted in theory in a 1000 year HSTS policy. Luckily helmet was smart enough to not go higher than 1 year. Anyway, this patch fixes the multiplication of the configured size with 1000 by removing this multiplication. Also to simplify the reading of the defaults, we split them into their components, 60 times 60 seconds so we get one hour. 24 of those hours so we get a day and finally 365 days to get our original wanted default of one year. Reference: https://github.com/hackmdio/CodiMD/commit/d69d65ea7434eee85db4b905f0852f4d8fa7ecce Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1053 from dsprenkels/robots.txtChristoph (Sheogorath) Kern2018-11-172-0/+2
|\ | | | | Disallow creation of robots.txt in freeurl
| * Disallow creation of robots.txt in freeurlDaan Sprenkels2018-11-172-0/+2
| | | | | | | | | | | | | | | | | | | | | | Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* | Upgrade winstonSheogorath2018-11-143-0/+8
|/ | | | | | | | | Our log library got a new major version which should be implemented. That's exactly what this patch does. Implementing the new version of the logging library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1051 from SISheogorath/feature/fullversionChristoph (Sheogorath) Kern2018-11-121-1/+1
|\ | | | | Fix wrong reading from commit
| * Fix wrong reading from commitSheogorath2018-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | Right now we use a substr after reading the commit. That's definitely wrong and leads to wrong commit hashes since the first 5 chars are missing. This patch removes the substr usage here and this way fixes the generated links. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #961 from SISheogorath/feature/osTEMPChristoph (Sheogorath) Kern2018-11-111-1/+3
|\ \ | |/ |/| Use OS based tmp dir
| * Use OS based tmp dirSheogorath2018-10-311-1/+3
| | | | | | | | | | | | | | | | | | | | We should use the official OS temp directory instead of an own one, to not run into conflicts. Also various dependencies already use the OS temp directory, which makes it pointless to use a different for our internal purposes then. This commit provides the changes needed to use the OS tmp directory by default. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add full version stringSheogorath2018-11-113-2/+43
| | | | | | | | | | | | | | | | | | | | | | | | Currently we only provide the version from `package.json`. This means that during updates of instances, e.g. the demo instance, which runs latest master instead of a stable release, changes are not reflected to the webclient. This patch adds a fullversion string that contains the current commit and this way makes that clients are notified about changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix menu for github and dropboxCédric Couralet2018-11-071-0/+2
|/ | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Merge pull request #990 from SISheogorath/fix/oauthProviderNameChristoph (Sheogorath) Kern2018-10-092-0/+2
|\ | | | | Make oauth2 provider name accessible
| * Make oauth2 provider name accessibleSheogorath2018-10-042-0/+2
| | | | | | | | | | | | | | | | | | Right now the feature exists but is almost not usable since the only way to configure it is to know that it exists from reading the source code and add it to config.json. This patch provides all needed changes so it can be used by everyone including documentation. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add OpenID to CodiMDSheogorath2018-10-053-2/+5
| | | | | | | | | | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #940 from WilliButz/fix-configurable-pathsChristoph (Sheogorath) Kern2018-10-052-22/+12
|\ \ | |/ |/| enhance configurabiltiy of paths & make execution path-independent
| * removing superfluous config parameters for template filesClaudius2018-09-262-14/+3
| | | | | | | | Signed-off-by: Claudius <opensource@amenthes.de>
| * lib/config: use `path.resolve` instead of `path.join`WilliButz2018-09-261-14/+14
| | | | | | | | | | | | | | | | | | | | | | While paths like `tmpPath` could previously be configured, they were all interpreted relative to `appRootPath` because of `path.join`. Now the configurable paths can be canonical and therefore independent of the `appRootPath`. Signed-off-by: WilliButz <wbutz@cyberfnord.de>
| * lib/config: add environment variable to set config fileWilliButz2018-09-261-1/+2
| | | | | | | | | | | | | | | | | | | | Previously it was assumed that `config.json` would be placed in the same directory as the rest of CodiMD without any optional override. This allows to override the path to the `config.json` by setting `CMD_CONFIG_FILE` to the canonical path of the desired config file. Signed-off-by: WilliButz <wbutz@cyberfnord.de>
* | Set default to `v4`Sheogorath2018-09-271-1/+2
|/ | | | | | | Seems like we didn't fix the problem with the last patch. This should finally fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Omit unneeded warning if no gitlab is configuredSheogorath2018-09-251-1/+1
| | | | | | | This patch should fix the unneeded warning of the wrong API version, when gitlab isn't configured at all. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* BUGFIX: wrong version check for gitlab apiAlexander Hesse2018-08-231-2/+2
| | | | Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-0/+6
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Support 'host' & 'path' config optionsMiranda Kastemaa2018-07-272-0/+3
| | | | Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
* Upload images to the filesystem by default, rather than to imgurMaxence Ahlouche2018-07-091-1/+1
| | | | Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
* Rename HackMD view to CodiMDSheogorath2018-06-242-2/+2
| | | | | | | | Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rename environment variables and add legacy support.Sheogorath2018-06-243-86/+216
| | | | | | | | As we are no longer HackMD the short tag `HMD` doesn't match anymore. We move it to the matching prefix `CMD` and inform our users about the change. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #854 from hackmdio/feature/disableGravatarChristoph (Sheogorath) Kern2018-06-242-0/+2
|\ | | | | Allow to disable gravatar
| * Allow to disable gravatarSheogorath2018-06-232-0/+2
| | | | | | | | | | | | | | | | | | Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Move config out of statics pathSheogorath2018-06-242-0/+2
|/ | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible error if HackMD is started with wrong workdirSheogorath2018-06-232-0/+2
| | | | | | | | | | In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix i18n writing locale files in productionSheogorath2018-06-051-0/+3
| | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-043-0/+18
|\ | | | | Add "generic" OAuth2 support
| * Add support for generic OAuth2 providersPedro Ferreira2018-03-263-0/+18
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Add Azure Blob Storage supportÁdám Hóka2018-06-014-3/+14
| | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-162-2/+0
| |
* | Merge pull request #813 from SISheogorath/fix/googleAPIChristoph (Sheogorath) Kern2018-05-102-0/+2
|\ \ | | | | | | Workaround Google API problems
| * | Use API key instead of clientSecretSheogorath2018-04-132-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix typos for `allowAnonymousEdits`Sheogorath2018-04-101-1/+1
|/ / | | | | | | | | | | | | | | | | Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #791 from SISheogorath/fix/extendedCSPPoliciesChristoph (Sheogorath) Kern2018-04-051-0/+2
|\ \ | | | | | | Fix CSP for disqus and Google Analytics
| * | Fix CSP for disqus and Google AnalyticsSheogorath2018-03-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Add session data to env varsSheogorath2018-03-291-0/+2
|/ / | | | | | | | | | | | | | | | | | | | | Currently the session secret can only be set by config.json or docker secrets. This creates a problem on Heroku hosted instances that can not set a session secret. Since we automatically generate them on startup this results in an logout of all users on every config change in Heroku. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #780 from SISheogorath/fix/sessionSecretChristoph (Sheogorath) Kern2018-03-282-0/+10
|\ \ | | | | | | Automatically generate a session secret if default is used
| * | Automatically generate a session secret if default is usedSheogorath2018-03-262-0/+10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix logical error in legacy config expressionSheogorath2018-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | We should check for an undefined and not just for a logical true or false. Example: When `usecdn` was set to false it was impossible to overwrite the new config value because the if statement becomes false. Thanks @davidmehren for pointing me to this issue. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>