summaryrefslogtreecommitdiff
path: root/lib/models (follow)
Commit message (Collapse)AuthorAgeFilesLines
* getting password hashing into a hook where it could be asyncClaudius2019-05-131-6/+14
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Switch scrypt library to a successorSheogorath2018-11-211-1/+1
| | | | | | | | | | | | | Since our previous scrypt library is unmaintained since 3 years, it's time to look for an alternative. A refactoring towards another password algorithm was worked on and this is probably still the way to go. But for now the successor of our previous library should already be enough. https://www.npmjs.com/package/scrypt (old library) https://github.com/ml1nk/node-scrypt (new library) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* switching to eslint for code checkingClaudius Coenen2018-11-142-1/+2
| | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* lib/models/revision.js: make independent of exec-pathWilliButz2018-09-261-1/+2
| | | | | | | | | | | Previously calling `app.js` from another directory than the base directory of CodiMD would result in an error being thrown because `lib/workers/dmpWorker.js` could not be found. This change makes the function call independent of the path CodiMD is started from. Signed-off-by: WilliButz <wbutz@cyberfnord.de>
* Further improvement of error handling for LZStringSheogorath2018-07-271-1/+5
| | | | | | | This does some more in depth check on the error message and minimizes the log noise that is caused by LZString. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rebrand HackMD to CodiMDSheogorath2018-06-241-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Allow to disable gravatarSheogorath2018-06-231-25/+5
| | | | | | | | | Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-174-5/+20
|\ | | | | GDPR compliant part 1
| * Add token based security featureSheogorath2018-05-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix requests for deleted usersSheogorath2018-05-251-0/+3
| | | | | | | | | | | | | | When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use cascaded deletesSheogorath2018-05-253-4/+12
| | | | | | | | | | | | | | When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use hard delete instead of soft deleteSheogorath2018-05-251-1/+1
| | | | | | | | | | | | | | Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-041-2/+2
|\ \ | |/ |/| Add "generic" OAuth2 support
| * Use TEXT instead of STRING for tokensPedro Ferreira2018-03-261-2/+2
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Merge pull request #803 from SISheogorath/fix/letterAvatarCSPChristoph (Sheogorath) Kern2018-04-171-5/+5
|\ \ | | | | | | Move letter-avatars into own request
| * | Move letter-avatars into own requestSheogorath2018-04-171-5/+5
| |/ | | | | | | | | | | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Add check for noteId lengthSheogorath2018-04-101-0/+9
|/ | | | | | | | | | As we know the length of an UUID we can check if the base64 string of the provided UUID is long enough for a legacy base64 encoded nodeId and stop processing it in legacy mode, if it's not the case. This should make the ugly warning way less common. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-252-8/+8
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to log instead of throwing error on parse note idMax Wu2018-03-111-2/+4
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix parseNoteId order to fix some edge caseMax Wu2018-03-101-7/+7
| | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update to use buffer in encode/decode note idMax Wu2018-02-271-2/+4
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-261-0/+27
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix field type to prevent data truncation of authorship (#721)Max Wu2018-02-092-2/+2
| | | | * Fix field type to prevent data truncation of authorship
* Ignore empty values for revision.Sheogorath2018-01-181-2/+2
| | | | Fixes #420
* Merge pull request #567 from ccoenen/fix-mysql-text-lengthChristoph (Sheogorath) Kern2018-01-182-4/+4
|\ | | | | converting all content fields to MEDIUMTEXT (affects MySQL only)
| * Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent ↵Claudius Coenen2017-10-162-4/+4
| | | | | | | | truncation of data.
* | Initial support for SAML authenticationNorihito Nakae2017-11-281-0/+9
| |
* | Add mattermost authenticationChristoph Witzany2017-10-311-0/+9
|/
* createdAt DESC with quotation marks did not work with MySQL fixes #565Claudius Coenen2017-10-091-4/+4
|
* Fix broken profile imagesSheogorath2017-09-221-2/+6
|
* Fix typo in the db configWu Cheng-Han2017-06-051-1/+1
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-2/+3
| | | | | * Separate different config source to each files * Freeze config object
* refactor: Remove `require` extension filenameBoHong Li2017-05-084-9/+9
|
* Fix strip null byte in model should cast to string to use replace functionWu Cheng-Han2017-03-151-0/+1
|
* Fix update doc from filesystem cause redundant authorship stringifyWu Cheng-Han2017-03-141-1/+1
|
* Use strict mode in all backend filesBoHong Li2017-03-146-0/+6
| | | | add ‘use strict’ in all backend file
* Use JavaScript Standard StyleBoHong Li2017-03-086-1033/+1010
| | | | | Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.
* Fix user profile photo might not replace to proper sizeWu Cheng-Han2017-02-181-4/+4
|
* Add default permission configNV2017-02-101-2/+2
|
* Update to add biggerphoto on parsing user profileWu Cheng-Han2017-02-031-10/+26
|
* Fix permission order and keep wording consistencyWu Cheng-Han2017-01-121-1/+1
|
* Merge pull request #313 from elct9620/feature/disable_anonymous_viewMax Wu2017-01-101-3/+3
|\ | | | | WIP: Add options to limit anonymous view note
| * Adjust permission order to more clarly蒼時弦也2017-01-101-1/+1
| |
| * Add limited and protected permission蒼時弦也2017-01-101-3/+3
| |
* | Merge pull request #279 from alecdwm/ldap-authMax Wu2017-01-091-0/+11
|\ \ | |/ |/| Support for LDAP server authentication
| * Profile pictures for LDAP usersalecdwm2017-01-061-0/+11
| |
* | Fix and refactor extracting content using metaMarked directly might lead in ↵Wu Cheng-Han2017-01-041-23/+20
| | | | | | | | invalid object
* | Refactor data processing to model definitionWu Cheng-Han2017-01-023-0/+27
| |
* | Update to remove null byte before saving to DB and remove null byte on changesWu Cheng-Han2017-01-023-7/+35
| |
* | Remove LZString compression for data storageWu Cheng-Han2017-01-022-17/+11
| |