| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.
This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.
This should later-on extended towards other document content (i.e.
iframe based content).
The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.
There should no functional change be introduced.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
| |
Add "both" mode to URLs because I assume most people want to straight away see the code when they click the "edit" button in a published note.
Fixes https://github.com/codimd/server/issues/27
Not tested, followed instructions from @ccoenen , please do review! :)
Signed-off-by: Stéphane Guillou <stephane.guillou@member.fsf.org>
|
|
|
|
| |
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.
This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.
This commit fixes #1052.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\
| |
| | |
Add download action to published notes
|
| |
| |
| |
| | |
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
|
|/
|
|
|
|
| |
app.local
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
|
|
| |
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|
|
|
|
|
|
|
| |
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
enhance configurabiltiy of paths & make execution path-independent
|
| |
| |
| |
| | |
Signed-off-by: Claudius <opensource@amenthes.de>
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
| |
We recently introduced a new way to create notes using a post requeest
to the `/new` endpoint. This is not limited in size, other than pasting
a note in the editor. This patch should enforce this limit also on this
way.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
| |
`markdown-pdf` seems to fail to provide the PDFs on tmpfs. This leads
crashing codimd which expects the file to be there. This patch should
add some proper error handling when expectation and reality don't fit
together.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)
Default gitlab api version to v4
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|
|
|
|
|
|
| |
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
A little minor change, by moving the CodiMD version header in its own
middleware. Should simplify to determine the version number of the
Backend in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
Even when it looks a bit weird in first place to rename all internals
step by step, it makes sense to do so, because we run into confusion
afterwards.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix possible line-ending issues for init note
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By uploading a malicous note currently it is possible to prevent this
note from being edited. This happens when using Windows line endings.
With this commit we remove all `\r` characters from the notes and this
way prevent this problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
As it turns out, if the serverURL can't be generated correctly, HackMD
will use relative paths in image upload. This causes broken links in
PDF.
With this commit we force absolute links during PDF creation which
hopefully fixes the problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
GDPR compliant part 1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.
Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.
This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Add "generic" OAuth2 support
|
| | |
| | |
| | |
| | | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
|\ \ \
| |_|/
|/| | |
403: Redirect user to login page if not logged in
|
| |/
| |
| |
| | |
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Looks like we lost some variables during the refactoring of the configs
to camel case.
This should fix it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
This commit should fix existing problems with Disqus and Google
Analytics enabled in the meta-yaml section of a note.
Before this commit they were blocked by the strict CSP. It's still
possible to disable the added directives using `addDisqus` and
`addGoogleAnalytics` in the `csp` config section.
They are enabled by default to prevent breaking changes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
|
|
|
|
| |
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Implement basic CSP support
|
| | |
|
|\ \
| | |
| | | |
Allow posting new note with content
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dustin Frisch <fooker@lab.sh>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.
Signed-off-by: Dario Ernst <dario@kanojo.de>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|