hedgedoc - Hedgedoc with support for CindyScript

	Commit message (Collapse)	Author	Age	Files	Lines
*	Further improvement of error handling for LZString	Sheogorath	2018-07-27	1	-1/+5
\| \| \| \| \| \| \|	This does some more in depth check on the error message and minimizes the log noise that is caused by LZString. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Rebrand HackMD to CodiMD	Sheogorath	2018-06-24	1	-1/+1
\| \| \| \|	Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Allow to disable gravatar	Sheogorath	2018-06-23	1	-25/+5
\| \| \| \| \| \| \| \| \|	Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #830 from SISheogorath/feature/GDPR	Christoph (Sheogorath) Kern	2018-06-17	4	-5/+20
\|\ \| \| \| \|	GDPR compliant part 1
\| *	Add token based security feature	Sheogorath	2018-05-25	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
\| *	Fix requests for deleted users	Sheogorath	2018-05-25	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
\| *	Use cascaded deletes	Sheogorath	2018-05-25	3	-4/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
\| *	Use hard delete instead of soft delete	Sheogorath	2018-05-25	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Merge pull request #784 from pferreir/add-oauth2-support	Christoph (Sheogorath) Kern	2018-06-04	1	-2/+2
\|\ \ \| \|/ \|/\|	Add "generic" OAuth2 support
\| *	Use TEXT instead of STRING for tokens	Pedro Ferreira	2018-03-26	1	-2/+2
\| \| \| \| \| \| \| \|	Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* \|	Merge pull request #803 from SISheogorath/fix/letterAvatarCSP	Christoph (Sheogorath) Kern	2018-04-17	1	-5/+5
\|\ \ \| \| \| \| \| \|	Move letter-avatars into own request
\| * \|	Move letter-avatars into own request	Sheogorath	2018-04-17	1	-5/+5
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* /	Add check for noteId length	Sheogorath	2018-04-10	1	-0/+9
\|/ \| \| \| \| \| \| \| \| \|	As we know the length of an UUID we can check if the base64 string of the provided UUID is long enough for a legacy base64 encoded nodeId and stop processing it in legacy mode, if it's not the case. This should make the ugly warning way less common. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Change config to camel case with backwards compatibility	Sheogorath	2018-03-25	2	-8/+8
\| \| \| \| \| \| \| \|	This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Fix to log instead of throwing error on parse note id	Max Wu	2018-03-11	1	-2/+4
\| \| \| \|	Signed-off-by: Max Wu <jackymaxj@gmail.com>
*	Fix parseNoteId order to fix some edge case	Max Wu	2018-03-10	1	-7/+7
\| \| \| \| \| \|	that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
*	Update to use buffer in encode/decode note id	Max Wu	2018-02-27	1	-2/+4
\| \| \| \|	Signed-off-by: Max Wu <jackymaxj@gmail.com>
*	Remove and replace all note id compression in LZString with base64url	Max Wu	2018-02-26	1	-0/+27
\| \| \| \|	Signed-off-by: Max Wu <jackymaxj@gmail.com>
*	Fix field type to prevent data truncation of authorship (#721)	Max Wu	2018-02-09	2	-2/+2
\| \| \| \|	* Fix field type to prevent data truncation of authorship
*	Ignore empty values for revision.	Sheogorath	2018-01-18	1	-2/+2
\| \| \| \|	Fixes #420
*	Merge pull request #567 from ccoenen/fix-mysql-text-length	Christoph (Sheogorath) Kern	2018-01-18	2	-4/+4
\|\ \| \| \| \|	converting all content fields to MEDIUMTEXT (affects MySQL only)
\| *	Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent ↵	Claudius Coenen	2017-10-16	2	-4/+4
\| \| \| \| \| \| \| \|	truncation of data.
* \|	Initial support for SAML authentication	Norihito Nakae	2017-11-28	1	-0/+9
\| \|
* \|	Add mattermost authentication	Christoph Witzany	2017-10-31	1	-0/+9
\|/
*	createdAt DESC with quotation marks did not work with MySQL fixes #565	Claudius Coenen	2017-10-09	1	-4/+4
\|
*	Fix broken profile images	Sheogorath	2017-09-22	1	-2/+6
\|
*	Fix typo in the db config	Wu Cheng-Han	2017-06-05	1	-1/+1
\|
*	refactor(config.js): Extract config file	BoHong Li	2017-05-08	1	-2/+3
\| \| \| \| \|	* Separate different config source to each files * Freeze config object
*	refactor: Remove `require` extension filename	BoHong Li	2017-05-08	4	-9/+9
\|
*	Fix strip null byte in model should cast to string to use replace function	Wu Cheng-Han	2017-03-15	1	-0/+1
\|
*	Fix update doc from filesystem cause redundant authorship stringify	Wu Cheng-Han	2017-03-14	1	-1/+1
\|
*	Use strict mode in all backend files	BoHong Li	2017-03-14	6	-0/+6
\| \| \| \|	add ‘use strict’ in all backend file
*	Use JavaScript Standard Style	BoHong Li	2017-03-08	6	-1033/+1010
\| \| \| \| \|	Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.
*	Fix user profile photo might not replace to proper size	Wu Cheng-Han	2017-02-18	1	-4/+4
\|
*	Add default permission config	NV	2017-02-10	1	-2/+2
\|
*	Update to add biggerphoto on parsing user profile	Wu Cheng-Han	2017-02-03	1	-10/+26
\|
*	Fix permission order and keep wording consistency	Wu Cheng-Han	2017-01-12	1	-1/+1
\|
*	Merge pull request #313 from elct9620/feature/disable_anonymous_view	Max Wu	2017-01-10	1	-3/+3
\|\ \| \| \| \|	WIP: Add options to limit anonymous view note
\| *	Adjust permission order to more clarly	蒼時弦也	2017-01-10	1	-1/+1
\| \|
\| *	Add limited and protected permission	蒼時弦也	2017-01-10	1	-3/+3
\| \|
* \|	Merge pull request #279 from alecdwm/ldap-auth	Max Wu	2017-01-09	1	-0/+11
\|\ \ \| \|/ \|/\|	Support for LDAP server authentication
\| *	Profile pictures for LDAP users	alecdwm	2017-01-06	1	-0/+11
\| \|
* \|	Fix and refactor extracting content using metaMarked directly might lead in ↵	Wu Cheng-Han	2017-01-04	1	-23/+20
\| \| \| \| \| \| \| \|	invalid object
* \|	Refactor data processing to model definition	Wu Cheng-Han	2017-01-02	3	-0/+27
\| \|
* \|	Update to remove null byte before saving to DB and remove null byte on changes	Wu Cheng-Han	2017-01-02	3	-7/+35
\| \|
* \|	Remove LZString compression for data storage	Wu Cheng-Han	2017-01-02	2	-17/+11
\| \|
* \|	Use dburl to configurate	bananaappletw	2016-12-22	1	-2/+2
\| \|
* \|	Simplify code for heroku	bananaappletw	2016-12-22	1	-1/+2
\| \|
* \|	Fix #293	bananaappletw	2016-12-22	1	-3/+4
\|/
*	Update sequelize init condition	Yukai Huang	2016-12-12	1	-5/+4
\|