summaryrefslogtreecommitdiff
path: root/lib/web (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix crash when OAuth2 config parameters are missingDavid Mehren2020-11-301-12/+19
| | | | | | | | | | If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash. This commit adds handling of these cases and improves error logging in `checkAuthorization`. Fixes #608 Signed-off-by: David Mehren <git@herrmehren.de>
* Merge pull request #596 from hedgedoc/remove-pdf-export-codeDavid Mehren2020-11-272-41/+0
|\ | | | | Remove pdf export code
| * Remove pdf export codeTilman Vatteroth2020-11-262-41/+0
| | | | | | | | Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* | Add oauth2 authorizationJoachim Mathes2020-11-251-1/+22
|/ | | | Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
* Replace CodiMD with HedgeDocErik Michelson2020-11-142-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in public/views Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in README Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in SECURITY.md Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in LICENSE Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in docs/configuration.md Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in bin/setup Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/guides Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/dev Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/guides/auth Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/setup Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update various links in code to the new GitHub org. Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/setup/yunohost Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rebrand to HedgeDoc: Add banner and logo Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Remove note in docs/guides/auth/github Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace links in public/docs/features Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add todo placeholder in docs/history Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace github link in public/views/index/body Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace github link in README Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add logo to README Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add note about the renaming to the front page Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Removed Travis from README.md and change CodiMD to HedgeDoc in some places Signed-off-by: Yannick Bungers <git@innay.de> Some more renaming to HedgeDoc - Fixed capitalization of HedgeDoc - Added renaming for etherpad migration doc Signed-off-by: Yannick Bungers <git@innay.de> Changed Repo name to hedgedoc Signed-off-by: Yannick Bungers <git@innay.de>
* Save note title to database when creating a noteDavid Mehren2020-11-111-1/+2
| | | | | | | | Currently, when creating a note with content via the API, a title is only saved to the database after visiting the note with the browser. This commit makes sure that a title is saved at creation time. Closes #306 Signed-off-by: David Mehren <git@herrmehren.de>
* Generic OAuth2: Set state: trueDexter Chua2020-10-221-1/+2
| | | | | | | | | | The OAuth2 specification RECOMMENDS setting the state to protect against CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to authenticate without the state set. This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f. Signed-off-by: haslersn <sebastian.hasler@gmx.net>
* Add config option for cookie SameSite policyErik Michelson2020-08-271-1/+2
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* saml: make logger print actual error messageSimeon Keske2020-07-111-2/+2
| | | | | Signed-off-by: Simeon Keske <git@n0emis.eu> Signed-off-by: Leo Maroni <git@em0lar.de>
* add error handling to saml-certsSimeon Keske2020-07-111-2/+15
| | | | | Signed-off-by: Simeon Keske <git@n0emis.eu> Signed-off-by: Leo Maroni <git@em0lar.de>
* allow to set a saml client certificateSimeon Keske2020-07-111-0/+1
| | | | Signed-off-by: Simeon Keske <git@n0emis.eu>
* Fixed meta parsing of lang-attribute for using it in the published-viewErik Michelson2020-07-041-1/+1
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Added dynamic lang-attr to pretty.ejsErik Michelson2020-07-031-0/+1
| | | | | | CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Backport of #278 for 1.6.1Victor Berger2020-06-201-1/+2
| | | | | | | This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org>
* findNoteOrCreate: Create new note with empty string instead of `null`Sandro2020-04-281-1/+1
| | | | | | Backport of #345 to 1.x Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
* Backport Fix for relative theme pathSheogorath2020-03-211-1/+1
| | | | | | This commit backport 856fc01fb9b30489b254f2ef9d29de80aa189118 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add Google oauth variable: hostedDomainike2020-02-081-1/+1
| | | | | | | | Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com>
* Removing returnTo setting from referer in all other authentication sourcesRalph Krimmel2019-11-2812-28/+8
| | | | Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Moving the storage of referrer information to main authorization check ↵Ralph Krimmel2019-11-281-5/+3
| | | | | | instead of doing it in the authentication source Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Fixing linting problemsRalph Krimmel2019-11-271-4/+3
| | | | Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Fixing redirection after SAML loginfoobarable2019-11-271-2/+5
| | | | | | Saving referer into session in SAML auth so passport can redirect correctly after SAML login. Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
* Merge pull request #213 from davidmehren/refactor_backend_notesSheogorath2019-11-2014-67/+492
|\ | | | | First steps in refactoring the backend code
| * Inline renderPublishSlideDavid Mehren2019-10-271-8/+4
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Inline responseCodiMDDavid Mehren2019-10-271-18/+14
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Inline publish and slideDavid Mehren2019-10-271-10/+2
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Inline renderPublishDavid Mehren2019-10-271-8/+4
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Move showPublishNote and publishNoteActions to note controllerDavid Mehren2019-10-275-43/+99
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Move showNote to note controllerDavid Mehren2019-10-272-105/+19
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Move note actions into their own fileDavid Mehren2019-10-272-9/+131
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Rename actions.js to controller.js and rename functions to be more descriptiveDavid Mehren2019-10-272-20/+31
| | | | | | | | | | | | Move postNote to NoteController and rename to createFromPost Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Move slide actions to own fileDavid Mehren2019-10-272-2/+86
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Fix errors constant in note/actions.jsDavid Mehren2019-10-271-7/+7
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * Move note actions to their own file.David Mehren2019-10-2712-67/+325
| | | | | | | | | | | | Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Fix crash in lutim integrationGirish Ramakrishnan2019-10-291-1/+1
|/ | | | Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
* Allow to generate lower case header references through the confighoijui2019-10-221-1/+2
| | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Refactored note-creation with given noteIdErik Michelson2019-09-041-3/+3
| | | | | | | Known bugs/features: - pushing towards an existing note results in an error 500 Signed-off-by: Erik Michelson <erik@liltv.de>
* Added endpoint for note-creation with given aliasErik Michelson2019-09-041-0/+2
| | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* Merge pull request #32 from codimd/aws-endpointsSheogorath2019-09-021-1/+3
|\ | | | | make aws s3 endpoint configurable
| * make aws s3 endpoint configurableMathias Merscher2019-02-111-1/+3
| | | | | | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* | Rework debug loggingSheogorath2019-06-0811-37/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We have various places with overly simple if statements that could be handled by our logging library. Also a lot of those logs are not marked as debug logs but as info logs, which can cause confusion during debugging. This patch removed unneeded if clauses around debug logging statements, reworks debug log messages towards ECMA templates and add some new logging statements which might be helpful in order to debug things like image uploads. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix eslint warningsSheogorath2019-05-3120-38/+37
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add config for toobusy middlewareSheogorath2019-05-251-0/+4
| | | | | | | | | | | | | | | | | | | | With very low CPU frequency or bad IO situation, as well as not-loaded JS CodiMD happens to present unneeded "I'm busy"-messages to users. This patch allows to configure the lag. The default is taken from the libray but set in our own default configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | asyncified setting and verifying the passwordClaudius2019-05-131-2/+8
| | | | | | | | Signed-off-by: Claudius <opensource@amenthes.de>
* | Add lutim supportDylan Dervaux2019-04-101-0/+31
| | | | | | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* | Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* | Hide port from minio URL for protocol default portThor772019-04-061-1/+3
| | | | | | | | Signed-off-by: Thor77 <thor77@thor77.org>
* | Add required change for Google+ API deprecationSheogorath2019-03-091-1/+2
|/ | | | | | | | | | | Since Google+ is shutting down soon, we need to get the profile data from another URL. Since the library already supports it, all we need to do is adding a single line of code. Details: https://github.com/hackmdio/codimd/issues/1160 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix usage of new URL APISheogorath2018-12-181-2/+2
| | | | | | | | | | | | | | | | Due to the deprecation of the old `url`-API provided by NodeJS we replaced `url.resolve` with `url.URL.resolve`, which doesn't exist. This patch fixes the local filesystem upload of CodiMD by using the new API correctly. Creating an URL object and using its href. Some more background: https://nodejs.org/api/url.html#url_url_href https://nodejs.org/api/url.html#url_url_resolve_from_to Fixes https://github.com/hackmdio/codimd/issues/1102 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1082 from cloudyu/pullChristoph (Sheogorath) Kern2018-11-282-4/+4
|\ | | | | | | | | | | | | Fix wrong config options In `./lib/web/auth/` some config includes still used `config.serverurl` instead of the correct `config.serverURL`. This causes wrong URL in worst case. This patch should fix those problems and migrate the wrong statements to camelcase.
| * Fix typoCloudYu2018-11-272-4/+4
| | | | | | | | Signed-off-by: CloudYu <cloudyu322@gmail.com>