summaryrefslogtreecommitdiff
path: root/lib/web (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Do final internal renameingSheogorath2018-06-242-4/+12
| | | | | | | | A little minor change, by moving the CodiMD version header in its own middleware. Should simplify to determine the version number of the Backend in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #855 from hackmdio/fix/constantsChristoph (Sheogorath) Kern2018-06-241-0/+17
|\ | | | | Move config out of statics path
| * Move config out of statics pathSheogorath2018-06-241-0/+17
| | | | | | | | | | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix breaking regexSheogorath2018-06-241-1/+1
|/ | | | | | | | The image upload regex breaks with the new path for uploads. This commit fixes it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible error if HackMD is started with wrong workdirSheogorath2018-06-231-1/+1
| | | | | | | | | | In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-171-0/+84
|\ | | | | GDPR compliant part 1
| * Add note export functionSheogorath2018-05-261-0/+56
| | | | | | | | | | | | | | | | This function is the first step to get out data following GDPR about the transportability of data. Details: https://gdpr-info.eu/art-20-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add token based security featureSheogorath2018-05-251-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete function for authenticated usersSheogorath2018-05-251-0/+24
| | | | | | | | | | | | | | Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-042-0/+107
|\ \ | | | | | | Add "generic" OAuth2 support
| * | Add support for generic OAuth2 providersPedro Ferreira2018-03-262-0/+107
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | Fix callback validationAdam Hoka2018-06-014-4/+7
| | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | Add Azure Blob Storage supportÁdám Hóka2018-06-011-0/+35
| |/ |/| | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | Fix typo of "grouptAttribute" in saml auth moduleMax Wu2018-04-271-2/+2
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | Move letter-avatars into own requestSheogorath2018-04-171-0/+7
|/ | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-2515-43/+43
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #771 from SISheogorath/refactor/imageRouterChristoph (Sheogorath) Kern2018-03-216-132/+183
|\ | | | | Refactoring imageRouter to modularity
| * Refactoring imageRouter to modularitySheogorath2018-03-206-132/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add check for undefined UUIDSheogorath2018-03-181-1/+8
|/ | | | | | | | | | | | This check is needed at there are tons of LDAP implementations out there and none has at least one guaranteed unique field. As we currently check three fields and added an option to select one yourself, it's still not said that any of these fields is set. This will now create an error and fail the authentication instead of letting people may get access to other people's notes which are stored under a this way deterministic wrong userid named `LDAP-undefined`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Multiple emails from LDAP are already an ArrayFelix Schäfer2018-03-091-1/+1
| | | | Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Introduce ldap.useridFieldDustin Frisch2018-03-011-1/+4
| | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove camel case from `imageuploadtype` in configSheogorath2018-01-271-2/+2
| | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-231-0/+34
|\ | | | | Add support for minio
| * Add support for minioMarc Deop2017-08-301-0/+34
| |
* | Allow posting new note with contentDustin Frisch2018-01-182-0/+11
| | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | Add setting `ldap.usernameField`Lukas Kalbertodt2017-12-091-1/+7
| | | | | | | | | | | | | | | | This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead.
* | added guide for SAML settingsNorihito Nakae2017-12-041-1/+0
| |
* | fixed the SAML callback URL to unconfigurable.Norihito Nakae2017-11-291-1/+1
| |
* | Initial support for SAML authenticationNorihito Nakae2017-11-282-0/+97
| |
* | Add mattermost authenticationChristoph Witzany2017-10-312-0/+50
| |
* | Merge pull request #562 from SISheogorath/fix/LDAPSheogorath2017-10-271-2/+3
|\ \ | | | | | | Fix LDAP problem about missing uidNumber
| * | Fix LDAP problem about missing uidNumberSheogorath2017-10-121-2/+3
| |/ | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Give google the correct name.Kaiyu Shi2017-09-041-3/+3
|/
* fix s3 us-east-1 region endpointKotaro Yamamoto2017-06-141-1/+4
|
* fix: export to gist occurred 404 not foundMax Wu2017-05-171-0/+4
|
* Rename checkURiValid.js to checkURIValid.jsMax Wu2017-05-081-0/+0
|
* fix(imageRouter): import missing dependency: getImageMimeTypeRaccoon Li2017-05-081-1/+1
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-8/+8
| | | | | * Separate different config source to each files * Freeze config object
* refactor: Remove `require` extension filenameBoHong Li2017-05-081-2/+1
|
* refactor(baseRouter.js): Adjust style fit standardBoHong Li2017-05-081-1/+0
|
* refactor(auth.js): Remove base pathBoHong Li2017-05-081-8/+8
|
* refactor(app.js): Move passport serialize and deserialize to auth moduleBoHong Li2017-05-081-0/+22
|
* refactor(app.js): Extract tooBusyBoHong Li2017-05-081-0/+13
|
* refactor(app.js): Extract upload imageBoHong Li2017-05-081-0/+95
|
* refactor(app.js): Extract note actionBoHong Li2017-05-081-0/+24
|
* refactor(app.js): Extract /me pageBoHong Li2017-05-081-0/+36
|
* refactor(app.js): Extract history apiBoHong Li2017-05-081-0/+19
|
* refactor(app.js, auth.js): Extract all auth method to individual modulesBoHong Li2017-05-0810-0/+405
|
* refactor(app.js): Extract status pagesBoHong Li2017-05-081-0/+92
|