summaryrefslogtreecommitdiff
path: root/lib/response.js (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-06-24Final replacementsSheogorath1-1/+1
Looks like I missed a few. This should be complete now. And make us ready for the repo rename and merging. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24Do final internal renameingSheogorath1-2/+2
A little minor change, by moving the CodiMD version header in its own middleware. Should simplify to determine the version number of the Backend in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24Rename HackMD view to CodiMDSheogorath1-1/+1
Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24Fix broken images in PDF caused by misconfigred server URLSheogorath1-1/+4
As it turns out, if the serverURL can't be generated correctly, HackMD will use relative paths in image upload. This causes broken links in PDF. With this commit we force absolute links during PDF creation which hopefully fixes the problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24Fix possible line-ending issues for init noteSheogorath1-1/+3
By uploading a malicous note currently it is possible to prevent this note from being edited. This happens when using Windows line endings. With this commit we remove all `\r` characters from the notes and this way prevent this problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-25Add token based security featureSheogorath1-4/+23
In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-24Add privacy and ToS linksSheogorath1-1/+4
To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-10Fix typos for `allowAnonymousEdits`Sheogorath1-2/+2
Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30Fix CSP for disqus and Google AnalyticsSheogorath1-1/+2
This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-27403: redirect user to login page if not logged inPedro Ferreira1-1/+7
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-26Add support for generic OAuth2 providersPedro Ferreira1-0/+4
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
2018-03-25Change config to camel case with backwards compatibilitySheogorath1-44/+44
This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-26Remove and replace all note id compression in LZString with base64urlMax Wu1-6/+5
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17Fix to show 500 message when got error in parseNoteIdMax Wu1-1/+2
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-01-26Fix ldap provider name in templateSheogorath1-0/+2
Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20Add option to enable `freely` permission in closed instanceDario Ernst1-0/+2
Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-18Allow posting new note with contentDustin Frisch1-1/+2
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2017-12-14Fix file permission, remove useless executablePeter Dave Hello1-0/+0
2017-11-28Initial support for SAML authenticationNorihito Nakae1-0/+2
2017-10-31Fix mattermost breaking notesSheogorath1-0/+1
2017-10-31Add mattermost authenticationChristoph Witzany1-0/+1
2017-10-25Adds 403 response if PDF export is disabledgeekyd1-1/+6
2017-10-25Adds PDF export via configgeekyd1-1/+3
2017-10-22CSP: Add nonce to slide view inline JSLiterallie1-1/+2
2017-06-05Fix slide might not provide slideOptions metaWu Cheng-Han1-1/+1
2017-06-01check if reveal theme existsbutlerx1-1/+2
2017-05-31add the ability to set slide theme in slide optionsbutlerx1-0/+1
2017-05-08refactor(config.js): Extract config fileBoHong Li1-16/+16
* Separate different config source to each files * Freeze config object
2017-05-08refactor: Remove `require` extension filenameBoHong Li1-2/+2
2017-03-14Use strict mode in all backend filesBoHong Li1-0/+1
add ‘use strict’ in all backend file
2017-03-08Use JavaScript Standard StyleBoHong Li1-547/+539
Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.
2017-01-16Refactor checkViewPermission to fix limited & protected permission check bug ↵Wu Cheng-Han1-3/+3
and fix code style
2017-01-16Fix missing config in hackmd responseWu Cheng-Han1-1/+2
2017-01-12Add `allowemailregister` optionSheogorath1-0/+1
2017-01-10Add limited and protected permission蒼時弦也1-2/+7
2017-01-10Recovery tariling spaces蒼時弦也1-2/+2
2017-01-10Remove temporary change蒼時弦也1-3/+0
2017-01-05Fix anonymouse view permission check蒼時弦也1-1/+4
2017-01-05Add limit for constrain anonymous view note蒼時弦也1-3/+3
2017-01-04Fix and refactor extracting content using metaMarked directly might lead in ↵Wu Cheng-Han1-45/+14
invalid object
2017-01-02Fix yaml metadata description not able to showWu Cheng-Han1-3/+3
2017-01-02Remove LZString compression for data storageWu Cheng-Han1-7/+7
2016-12-21Fixed typo: anonmyousFlorian Rhiem1-3/+3
2016-12-16Add support of allow free url config option with correspond modificationsWu Cheng-Han1-2/+9
2016-12-15Add support of allow anonymous config option with correspond modificationsWu Cheng-Han1-0/+4
2016-12-13Initial support for LDAP server authenticationalecdwm1-0/+2
Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale
2016-12-02Update to support optional email register and signinWu Cheng-Han1-6/+10
2016-11-26Update to auto generate meta description based on content in publish note ↵Wu Cheng-Han1-7/+14
and slide
2016-11-26Fix possible XSS in yaml-metadata and turn using ejs escape syntax than ↵Wu Cheng-Han1-5/+2
external lib [Security Issue]
2016-11-26Fix slide might trigger script when processing markdown which cause XSS ↵Wu Cheng-Han1-11/+1
[Security Issue]
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 11:46:34 +0000