summaryrefslogtreecommitdiff
path: root/lib/web (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix eslint warningsSheogorath2019-05-3120-38/+37
| | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add config for toobusy middlewareSheogorath2019-05-251-0/+4
| | | | | | | | | | With very low CPU frequency or bad IO situation, as well as not-loaded JS CodiMD happens to present unneeded "I'm busy"-messages to users. This patch allows to configure the lag. The default is taken from the libray but set in our own default configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* asyncified setting and verifying the passwordClaudius2019-05-131-2/+8
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Add lutim supportDylan Dervaux2019-04-101-0/+31
| | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-061-1/+2
| | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* Hide port from minio URL for protocol default portThor772019-04-061-1/+3
| | | | Signed-off-by: Thor77 <thor77@thor77.org>
* Add required change for Google+ API deprecationSheogorath2019-03-091-1/+2
| | | | | | | | | | | Since Google+ is shutting down soon, we need to get the profile data from another URL. Since the library already supports it, all we need to do is adding a single line of code. Details: https://github.com/hackmdio/codimd/issues/1160 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix usage of new URL APISheogorath2018-12-181-2/+2
| | | | | | | | | | | | | | | | Due to the deprecation of the old `url`-API provided by NodeJS we replaced `url.resolve` with `url.URL.resolve`, which doesn't exist. This patch fixes the local filesystem upload of CodiMD by using the new API correctly. Creating an URL object and using its href. Some more background: https://nodejs.org/api/url.html#url_url_href https://nodejs.org/api/url.html#url_url_resolve_from_to Fixes https://github.com/hackmdio/codimd/issues/1102 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1082 from cloudyu/pullChristoph (Sheogorath) Kern2018-11-282-4/+4
|\ | | | | | | | | | | | | Fix wrong config options In `./lib/web/auth/` some config includes still used `config.serverurl` instead of the correct `config.serverURL`. This causes wrong URL in worst case. This patch should fix those problems and migrate the wrong statements to camelcase.
| * Fix typoCloudYu2018-11-272-4/+4
| | | | | | | | Signed-off-by: CloudYu <cloudyu322@gmail.com>
* | Prevent subdirectories in user exportDaan Sprenkels2018-11-281-9/+11
|/ | | | | | | | | This commit also refactors the code a bit, and adds a '-' separator between a filename and its duplicate index. This commit fixes #1079. Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Merge pull request #1058 from ccoenen/bug/oauth2internalerrorChristoph (Sheogorath) Kern2018-11-161-4/+4
|\ | | | | InternalOAuthError is not part of passport, but of passport-oauth2 #1056
| * InternalOAuthError is not part of passport, but of passport-oauth2Claudius Coenen2018-11-141-4/+4
| | | | | | | | | | | | | | This fixes part of #1056: an error while obtaining the profile would have `502`-crashed the server. Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | switching to eslint for code checkingClaudius Coenen2018-11-141-1/+1
|/ | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* Add full version stringSheogorath2018-11-111-1/+1
| | | | | | | | | | | | Currently we only provide the version from `package.json`. This means that during updates of instances, e.g. the demo instance, which runs latest master instead of a stable release, changes are not reflected to the webclient. This patch adds a fullversion string that contains the current commit and this way makes that clients are notified about changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add OpenID to CodiMDSheogorath2018-10-052-0/+62
| | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* removing superfluous config parameters for template filesClaudius2018-09-261-1/+1
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* imageRouter/filesystem: make callback path-independentWilliButz2018-09-261-1/+2
| | | | | | | Images are now properly served when `config.uploadsPath` differs from its default value. Signed-off-by: WilliButz <wbutz@cyberfnord.de>
* Fixing content types in status routerSheogorath2018-07-031-2/+4
| | | | | | | | As it turns out, expressjs doesn't detect the right mimetype and it seems like I didn't bother to test this enough. So lets fix it for the next release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update passport-ldapSheogorath2018-06-301-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Do final internal renameingSheogorath2018-06-242-4/+12
| | | | | | | | A little minor change, by moving the CodiMD version header in its own middleware. Should simplify to determine the version number of the Backend in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #855 from hackmdio/fix/constantsChristoph (Sheogorath) Kern2018-06-241-0/+17
|\ | | | | Move config out of statics path
| * Move config out of statics pathSheogorath2018-06-241-0/+17
| | | | | | | | | | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix breaking regexSheogorath2018-06-241-1/+1
|/ | | | | | | | The image upload regex breaks with the new path for uploads. This commit fixes it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible error if HackMD is started with wrong workdirSheogorath2018-06-231-1/+1
| | | | | | | | | | In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-171-0/+84
|\ | | | | GDPR compliant part 1
| * Add note export functionSheogorath2018-05-261-0/+56
| | | | | | | | | | | | | | | | This function is the first step to get out data following GDPR about the transportability of data. Details: https://gdpr-info.eu/art-20-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add token based security featureSheogorath2018-05-251-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete function for authenticated usersSheogorath2018-05-251-0/+24
| | | | | | | | | | | | | | Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-042-0/+107
|\ \ | | | | | | Add "generic" OAuth2 support
| * | Add support for generic OAuth2 providersPedro Ferreira2018-03-262-0/+107
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | Fix callback validationAdam Hoka2018-06-014-4/+7
| | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | Add Azure Blob Storage supportÁdám Hóka2018-06-011-0/+35
| |/ |/| | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | Fix typo of "grouptAttribute" in saml auth moduleMax Wu2018-04-271-2/+2
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | Move letter-avatars into own requestSheogorath2018-04-171-0/+7
|/ | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-2515-43/+43
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #771 from SISheogorath/refactor/imageRouterChristoph (Sheogorath) Kern2018-03-216-132/+183
|\ | | | | Refactoring imageRouter to modularity
| * Refactoring imageRouter to modularitySheogorath2018-03-206-132/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add check for undefined UUIDSheogorath2018-03-181-1/+8
|/ | | | | | | | | | | | This check is needed at there are tons of LDAP implementations out there and none has at least one guaranteed unique field. As we currently check three fields and added an option to select one yourself, it's still not said that any of these fields is set. This will now create an error and fail the authentication instead of letting people may get access to other people's notes which are stored under a this way deterministic wrong userid named `LDAP-undefined`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Multiple emails from LDAP are already an ArrayFelix Schäfer2018-03-091-1/+1
| | | | Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Introduce ldap.useridFieldDustin Frisch2018-03-011-1/+4
| | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove camel case from `imageuploadtype` in configSheogorath2018-01-271-2/+2
| | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-231-0/+34
|\ | | | | Add support for minio
| * Add support for minioMarc Deop2017-08-301-0/+34
| |
* | Allow posting new note with contentDustin Frisch2018-01-182-0/+11
| | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | Add setting `ldap.usernameField`Lukas Kalbertodt2017-12-091-1/+7
| | | | | | | | | | | | | | | | This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead.
* | added guide for SAML settingsNorihito Nakae2017-12-041-1/+0
| |
* | fixed the SAML callback URL to unconfigurable.Norihito Nakae2017-11-291-1/+1
| |
* | Initial support for SAML authenticationNorihito Nakae2017-11-282-0/+97
| |