Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add token based security feature | Sheogorath | 2018-05-25 | 1 | -0/+4 |
| | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Fix requests for deleted users | Sheogorath | 2018-05-25 | 1 | -0/+3 |
| | | | | | | | When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Use cascaded deletes | Sheogorath | 2018-05-25 | 3 | -4/+12 |
| | | | | | | | When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Use hard delete instead of soft delete | Sheogorath | 2018-05-25 | 1 | -1/+1 |
| | | | | | | | Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Merge pull request #803 from SISheogorath/fix/letterAvatarCSP | Christoph (Sheogorath) Kern | 2018-04-17 | 1 | -5/+5 |
|\ | | | | | Move letter-avatars into own request | ||||
| * | Move letter-avatars into own request | Sheogorath | 2018-04-17 | 1 | -5/+5 |
| | | | | | | | | | | | | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | | Add check for noteId length | Sheogorath | 2018-04-10 | 1 | -0/+9 |
|/ | | | | | | | | | | As we know the length of an UUID we can check if the base64 string of the provided UUID is long enough for a legacy base64 encoded nodeId and stop processing it in legacy mode, if it's not the case. This should make the ugly warning way less common. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Change config to camel case with backwards compatibility | Sheogorath | 2018-03-25 | 2 | -8/+8 |
| | | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Fix to log instead of throwing error on parse note id | Max Wu | 2018-03-11 | 1 | -2/+4 |
| | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
* | Fix parseNoteId order to fix some edge case | Max Wu | 2018-03-10 | 1 | -7/+7 |
| | | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
* | Update to use buffer in encode/decode note id | Max Wu | 2018-02-27 | 1 | -2/+4 |
| | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
* | Remove and replace all note id compression in LZString with base64url | Max Wu | 2018-02-26 | 1 | -0/+27 |
| | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
* | Fix field type to prevent data truncation of authorship (#721) | Max Wu | 2018-02-09 | 2 | -2/+2 |
| | | | | * Fix field type to prevent data truncation of authorship | ||||
* | Ignore empty values for revision. | Sheogorath | 2018-01-18 | 1 | -2/+2 |
| | | | | Fixes #420 | ||||
* | Merge pull request #567 from ccoenen/fix-mysql-text-length | Christoph (Sheogorath) Kern | 2018-01-18 | 2 | -4/+4 |
|\ | | | | | converting all content fields to MEDIUMTEXT (affects MySQL only) | ||||
| * | Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent ↵ | Claudius Coenen | 2017-10-16 | 2 | -4/+4 |
| | | | | | | | | truncation of data. | ||||
* | | Initial support for SAML authentication | Norihito Nakae | 2017-11-28 | 1 | -0/+9 |
| | | |||||
* | | Add mattermost authentication | Christoph Witzany | 2017-10-31 | 1 | -0/+9 |
|/ | |||||
* | createdAt DESC with quotation marks did not work with MySQL fixes #565 | Claudius Coenen | 2017-10-09 | 1 | -4/+4 |
| | |||||
* | Fix broken profile images | Sheogorath | 2017-09-22 | 1 | -2/+6 |
| | |||||
* | Fix typo in the db config | Wu Cheng-Han | 2017-06-05 | 1 | -1/+1 |
| | |||||
* | refactor(config.js): Extract config file | BoHong Li | 2017-05-08 | 1 | -2/+3 |
| | | | | | * Separate different config source to each files * Freeze config object | ||||
* | refactor: Remove `require` extension filename | BoHong Li | 2017-05-08 | 4 | -9/+9 |
| | |||||
* | Fix strip null byte in model should cast to string to use replace function | Wu Cheng-Han | 2017-03-15 | 1 | -0/+1 |
| | |||||
* | Fix update doc from filesystem cause redundant authorship stringify | Wu Cheng-Han | 2017-03-14 | 1 | -1/+1 |
| | |||||
* | Use strict mode in all backend files | BoHong Li | 2017-03-14 | 6 | -0/+6 |
| | | | | add ‘use strict’ in all backend file | ||||
* | Use JavaScript Standard Style | BoHong Li | 2017-03-08 | 6 | -1033/+1010 |
| | | | | | Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. | ||||
* | Fix user profile photo might not replace to proper size | Wu Cheng-Han | 2017-02-18 | 1 | -4/+4 |
| | |||||
* | Add default permission config | NV | 2017-02-10 | 1 | -2/+2 |
| | |||||
* | Update to add biggerphoto on parsing user profile | Wu Cheng-Han | 2017-02-03 | 1 | -10/+26 |
| | |||||
* | Fix permission order and keep wording consistency | Wu Cheng-Han | 2017-01-12 | 1 | -1/+1 |
| | |||||
* | Merge pull request #313 from elct9620/feature/disable_anonymous_view | Max Wu | 2017-01-10 | 1 | -3/+3 |
|\ | | | | | WIP: Add options to limit anonymous view note | ||||
| * | Adjust permission order to more clarly | 蒼時弦也 | 2017-01-10 | 1 | -1/+1 |
| | | |||||
| * | Add limited and protected permission | 蒼時弦也 | 2017-01-10 | 1 | -3/+3 |
| | | |||||
* | | Merge pull request #279 from alecdwm/ldap-auth | Max Wu | 2017-01-09 | 1 | -0/+11 |
|\ \ | |/ |/| | Support for LDAP server authentication | ||||
| * | Profile pictures for LDAP users | alecdwm | 2017-01-06 | 1 | -0/+11 |
| | | |||||
* | | Fix and refactor extracting content using metaMarked directly might lead in ↵ | Wu Cheng-Han | 2017-01-04 | 1 | -23/+20 |
| | | | | | | | | invalid object | ||||
* | | Refactor data processing to model definition | Wu Cheng-Han | 2017-01-02 | 3 | -0/+27 |
| | | |||||
* | | Update to remove null byte before saving to DB and remove null byte on changes | Wu Cheng-Han | 2017-01-02 | 3 | -7/+35 |
| | | |||||
* | | Remove LZString compression for data storage | Wu Cheng-Han | 2017-01-02 | 2 | -17/+11 |
| | | |||||
* | | Use dburl to configurate | bananaappletw | 2016-12-22 | 1 | -2/+2 |
| | | |||||
* | | Simplify code for heroku | bananaappletw | 2016-12-22 | 1 | -1/+2 |
| | | |||||
* | | Fix #293 | bananaappletw | 2016-12-22 | 1 | -3/+4 |
|/ | |||||
* | Update sequelize init condition | Yukai Huang | 2016-12-12 | 1 | -5/+4 |
| | |||||
* | Simplify output with sequelize database argument | Yukai Huang | 2016-12-12 | 1 | -2/+8 |
| | |||||
* | Update to support optional email register and signin | Wu Cheng-Han | 2016-12-02 | 1 | -0/+33 |
| | |||||
* | Update to auto generate meta description based on content in publish note ↵ | Wu Cheng-Han | 2016-11-26 | 1 | -0/+3 |
| | | | | and slide | ||||
* | Add dmp worker to leverage CPU intensive calculation to child process | Wu Cheng-Han | 2016-11-18 | 1 | -102/+79 |
| | |||||
* | Change revision saving policy period | Wu Cheng-Han | 2016-10-15 | 1 | -2/+2 |
| | |||||
* | Fix note extract tags might get encoded HTML entity | Wu Cheng-Han | 2016-10-12 | 1 | -1/+1 |
| |