summaryrefslogtreecommitdiff
path: root/lib/response.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Disallow creation of robots.txt in freeurlDaan Sprenkels2018-11-171-1/+1
| | | | | | | | | | | Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Merge pull request #1027 from asg017/masterChristoph (Sheogorath) Kern2018-11-121-0/+3
|\ | | | | Add download action to published notes
| * forgot break statementAlex Garcia2018-10-271-0/+1
| | | | | | | | Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
| * Add download action to published notesAlex Garcia2018-10-271-0/+2
| | | | | | | | Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
* | removing global site layout vars from individual routers, putting them into ↵Claudius2018-11-031-50/+2
|/ | | | | | app.local Signed-off-by: Claudius <opensource@amenthes.de>
* Fix #1001: get only project user is member of (and return max of results)Cédric Couralet2018-10-091-1/+1
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Add OpenID to CodiMDSheogorath2018-10-051-1/+3
| | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #940 from WilliButz/fix-configurable-pathsChristoph (Sheogorath) Kern2018-10-051-6/+6
|\ | | | | enhance configurabiltiy of paths & make execution path-independent
| * removing superfluous config parameters for template filesClaudius2018-09-261-6/+6
| | | | | | | | Signed-off-by: Claudius <opensource@amenthes.de>
* | Fix little bug in length limitSheogorath2018-09-281-1/+1
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix document length limit on postSheogorath2018-09-261-1/+9
|/ | | | | | | | | We recently introduced a new way to create notes using a post requeest to the `/new` endpoint. This is not limited in size, other than pasting a note in the editor. This patch should enforce this limit also on this way. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix server crash on PDF creationSheogorath2018-09-241-0/+4
| | | | | | | | | `markdown-pdf` seems to fail to provide the PDFs on tmpfs. This leads crashing codimd which expects the file to be there. This patch should add some proper error handling when expectation and reality don't fit together. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-2/+2
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Final replacementsSheogorath2018-06-241-1/+1
| | | | | | | Looks like I missed a few. This should be complete now. And make us ready for the repo rename and merging. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Do final internal renameingSheogorath2018-06-241-2/+2
| | | | | | | | A little minor change, by moving the CodiMD version header in its own middleware. Should simplify to determine the version number of the Backend in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rename HackMD view to CodiMDSheogorath2018-06-241-1/+1
| | | | | | | | Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #856 from hackmdio/fix/lineEndingsChristoph (Sheogorath) Kern2018-06-241-1/+3
|\ | | | | Fix possible line-ending issues for init note
| * Fix possible line-ending issues for init noteSheogorath2018-06-241-1/+3
| | | | | | | | | | | | | | | | | | | | By uploading a malicous note currently it is possible to prevent this note from being edited. This happens when using Windows line endings. With this commit we remove all `\r` characters from the notes and this way prevent this problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix broken images in PDF caused by misconfigred server URLSheogorath2018-06-241-1/+4
|/ | | | | | | | | | | As it turns out, if the serverURL can't be generated correctly, HackMD will use relative paths in image upload. This causes broken links in PDF. With this commit we force absolute links during PDF creation which hopefully fixes the problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-171-4/+26
|\ | | | | GDPR compliant part 1
| * Add token based security featureSheogorath2018-05-251-4/+23
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add privacy and ToS linksSheogorath2018-05-241-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-041-0/+4
|\ \ | | | | | | Add "generic" OAuth2 support
| * | Add support for generic OAuth2 providersPedro Ferreira2018-03-261-0/+4
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | Merge pull request #785 from pferreir/redirect-to-loginChristoph (Sheogorath) Kern2018-05-311-1/+7
|\ \ \ | |_|/ |/| | 403: Redirect user to login page if not logged in
| * | 403: redirect user to login page if not logged inPedro Ferreira2018-03-271-1/+7
| |/ | | | | | | Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Fix typos for `allowAnonymousEdits`Sheogorath2018-04-101-2/+2
| | | | | | | | | | | | | | | | | | Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix CSP for disqus and Google AnalyticsSheogorath2018-03-301-1/+2
|/ | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-251-44/+44
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-261-6/+5
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix to show 500 message when got error in parseNoteIdMax Wu2018-02-171-1/+2
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix ldap provider name in templateSheogorath2018-01-261-0/+2
| | | | | | | | Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-221-1/+2
|\ | | | | Implement basic CSP support
| * CSP: Add nonce to slide view inline JSLiterallie2017-10-221-1/+2
| |
* | Merge pull request #673 from fooker/masterChristoph (Sheogorath) Kern2018-01-201-1/+2
|\ \ | | | | | | Allow posting new note with content
| * | Allow posting new note with contentDustin Frisch2018-01-181-1/+2
| | | | | | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-201-0/+2
|/ / | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | Fix file permission, remove useless executablePeter Dave Hello2017-12-141-0/+0
| |
* | Initial support for SAML authenticationNorihito Nakae2017-11-281-0/+2
| |
* | Fix mattermost breaking notesSheogorath2017-10-311-0/+1
| |
* | Add mattermost authenticationChristoph Witzany2017-10-311-0/+1
| |
* | Adds 403 response if PDF export is disabledgeekyd2017-10-251-1/+6
| |
* | Adds PDF export via configgeekyd2017-10-251-1/+3
|/
* Fix slide might not provide slideOptions metaWu Cheng-Han2017-06-051-1/+1
|
* check if reveal theme existsbutlerx2017-06-011-1/+2
|
* add the ability to set slide theme in slide optionsbutlerx2017-05-311-0/+1
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-16/+16
| | | | | * Separate different config source to each files * Freeze config object
* refactor: Remove `require` extension filenameBoHong Li2017-05-081-2/+2
|
* Use strict mode in all backend filesBoHong Li2017-03-141-0/+1
| | | | add ‘use strict’ in all backend file
* Use JavaScript Standard StyleBoHong Li2017-03-081-547/+539
| | | | | Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.