summaryrefslogtreecommitdiff
path: root/lib/models (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add token based security featureSheogorath2018-05-251-0/+4
| | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix requests for deleted usersSheogorath2018-05-251-0/+3
| | | | | | | When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Use cascaded deletesSheogorath2018-05-253-4/+12
| | | | | | | When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Use hard delete instead of soft deleteSheogorath2018-05-251-1/+1
| | | | | | | Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #803 from SISheogorath/fix/letterAvatarCSPChristoph (Sheogorath) Kern2018-04-171-5/+5
|\ | | | | Move letter-avatars into own request
| * Move letter-avatars into own requestSheogorath2018-04-171-5/+5
| | | | | | | | | | | | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add check for noteId lengthSheogorath2018-04-101-0/+9
|/ | | | | | | | | | As we know the length of an UUID we can check if the base64 string of the provided UUID is long enough for a legacy base64 encoded nodeId and stop processing it in legacy mode, if it's not the case. This should make the ugly warning way less common. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-252-8/+8
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to log instead of throwing error on parse note idMax Wu2018-03-111-2/+4
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix parseNoteId order to fix some edge caseMax Wu2018-03-101-7/+7
| | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update to use buffer in encode/decode note idMax Wu2018-02-271-2/+4
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-261-0/+27
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix field type to prevent data truncation of authorship (#721)Max Wu2018-02-092-2/+2
| | | | * Fix field type to prevent data truncation of authorship
* Ignore empty values for revision.Sheogorath2018-01-181-2/+2
| | | | Fixes #420
* Merge pull request #567 from ccoenen/fix-mysql-text-lengthChristoph (Sheogorath) Kern2018-01-182-4/+4
|\ | | | | converting all content fields to MEDIUMTEXT (affects MySQL only)
| * Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent ↵Claudius Coenen2017-10-162-4/+4
| | | | | | | | truncation of data.
* | Initial support for SAML authenticationNorihito Nakae2017-11-281-0/+9
| |
* | Add mattermost authenticationChristoph Witzany2017-10-311-0/+9
|/
* createdAt DESC with quotation marks did not work with MySQL fixes #565Claudius Coenen2017-10-091-4/+4
|
* Fix broken profile imagesSheogorath2017-09-221-2/+6
|
* Fix typo in the db configWu Cheng-Han2017-06-051-1/+1
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-2/+3
| | | | | * Separate different config source to each files * Freeze config object
* refactor: Remove `require` extension filenameBoHong Li2017-05-084-9/+9
|
* Fix strip null byte in model should cast to string to use replace functionWu Cheng-Han2017-03-151-0/+1
|
* Fix update doc from filesystem cause redundant authorship stringifyWu Cheng-Han2017-03-141-1/+1
|
* Use strict mode in all backend filesBoHong Li2017-03-146-0/+6
| | | | add ‘use strict’ in all backend file
* Use JavaScript Standard StyleBoHong Li2017-03-086-1033/+1010
| | | | | Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.
* Fix user profile photo might not replace to proper sizeWu Cheng-Han2017-02-181-4/+4
|
* Add default permission configNV2017-02-101-2/+2
|
* Update to add biggerphoto on parsing user profileWu Cheng-Han2017-02-031-10/+26
|
* Fix permission order and keep wording consistencyWu Cheng-Han2017-01-121-1/+1
|
* Merge pull request #313 from elct9620/feature/disable_anonymous_viewMax Wu2017-01-101-3/+3
|\ | | | | WIP: Add options to limit anonymous view note
| * Adjust permission order to more clarly蒼時弦也2017-01-101-1/+1
| |
| * Add limited and protected permission蒼時弦也2017-01-101-3/+3
| |
* | Merge pull request #279 from alecdwm/ldap-authMax Wu2017-01-091-0/+11
|\ \ | |/ |/| Support for LDAP server authentication
| * Profile pictures for LDAP usersalecdwm2017-01-061-0/+11
| |
* | Fix and refactor extracting content using metaMarked directly might lead in ↵Wu Cheng-Han2017-01-041-23/+20
| | | | | | | | invalid object
* | Refactor data processing to model definitionWu Cheng-Han2017-01-023-0/+27
| |
* | Update to remove null byte before saving to DB and remove null byte on changesWu Cheng-Han2017-01-023-7/+35
| |
* | Remove LZString compression for data storageWu Cheng-Han2017-01-022-17/+11
| |
* | Use dburl to configuratebananaappletw2016-12-221-2/+2
| |
* | Simplify code for herokubananaappletw2016-12-221-1/+2
| |
* | Fix #293bananaappletw2016-12-221-3/+4
|/
* Update sequelize init conditionYukai Huang2016-12-121-5/+4
|
* Simplify output with sequelize database argumentYukai Huang2016-12-121-2/+8
|
* Update to support optional email register and signinWu Cheng-Han2016-12-021-0/+33
|
* Update to auto generate meta description based on content in publish note ↵Wu Cheng-Han2016-11-261-0/+3
| | | | and slide
* Add dmp worker to leverage CPU intensive calculation to child processWu Cheng-Han2016-11-181-102/+79
|
* Change revision saving policy periodWu Cheng-Han2016-10-151-2/+2
|
* Fix note extract tags might get encoded HTML entityWu Cheng-Han2016-10-121-1/+1
|