summaryrefslogtreecommitdiff
path: root/lib (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-07-04Fixed meta parsing of lang-attribute for using it in the published-viewErik Michelson2-1/+2
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-07-03Added dynamic lang-attr to pretty.ejsErik Michelson1-0/+1
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-06-20Backport of #278 for 1.6.1Victor Berger4-4/+8
This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org>
2020-04-28findNoteOrCreate: Create new note with empty string instead of `null`Sandro1-1/+1
Backport of #345 to 1.x Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
2020-03-21Fix broken redirect on loginSheogorath1-2/+4
This patch fixes the currently broken redirect on login when people try to access a site they have no access to, they are redirected to the main page to log in. After a successful login they should be redirected to the original note, but instead are redirect to the index page again. This aptch fixes the typo that causes the behavior and brings people back to the note they edited. Thanks to @clvs7-gh on Github[1], who submitted the patch via email. On their behalf I hereby submit the change. [1]: https://github.com/clvs7-gh Note: I had to ajust this patch to work properly. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-03-21Backport Fix for relative theme pathSheogorath1-1/+1
This commit backport 856fc01fb9b30489b254f2ef9d29de80aa189118 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-03-21Add fix for missing deletion of notes on user-deletion requestSheogorath1-0/+61
Depending on how the system was setup, this bug lead to keep user's data around even after a successful deletion of user'S account. This patch will make sure the missing database constraints are implemented and missed out deletions are executed. This bug was introduced to insufficent testing after implementing the feature initially. It was well tested, using the app process itself, but the migrations where missed out. I'm currently not sure, if there was also a change in how sequelize handles cassaded deletion, since I'm unter the impression that before switching to sequelize 5, this feature has worked. But I haven't verified this. No matter what, the cleanup process is rather straight forward and will be invoked on migration, but can also be done manually using the new `bin/cleanup` script. This change will result in a release 1.6.1. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09Update CDN defaultsSheogorath1-1/+1
As we noticed in our poll about CDN usage, that most people intentionally turn it off, but very little intetionally turn it on or leave it on. [1] There is also strong indicators that CDNs don't really provide any benefits in loading time and due to the small deployments of CodiMD, there is no big savings due to CDNs either. [2] Therefore this patch changes the CDN default settings to off in order to reduce the exposed user data. [1]: https://community.codimd.org/t/poll-on-cdn-usage/28 [2]: https://csswizardry.com/2019/05/self-host-your-static-assets/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-08Add Google oauth variable: hostedDomainike4-4/+7
Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com>
2020-02-01Update RevealJS to version 3.9.2Sheogorath1-1/+1
This update of revealJS helps us to get rid of the headjs depedency integration using webpack. It updates reveal.js to 3.9.2 and updates the csp hash accordingly for using the slide mode. Background for this update is the critical security vulnerability described by snyk in their disclosure: https://snyk.io/vuln/SNYK-JS-REVEALJS-543841 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-11-28Making the linter happy by removing superfluous ;Ralph Krimmel1-1/+1
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-28Making the linter happy by removing superfluous ;Ralph Krimmel1-1/+1
2019-11-28Removing returnTo setting from referer in all other authentication sourcesRalph Krimmel12-28/+8
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-28Moving the storage of referrer information to main authorization check ↵Ralph Krimmel2-5/+5
instead of doing it in the authentication source Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-27Fixing linting problemsRalph Krimmel1-4/+3
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-27Fixing redirection after SAML loginfoobarable1-2/+5
Saving referer into session in SAML auth so passport can redirect correctly after SAML login. Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-10-30allow to define header link generation style via environment varhoijui1-1/+2
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30document `linkifyHeaderStyle` in default.jshoijui1-0/+13
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-29Fix crash in lutim integrationGirish Ramakrishnan1-1/+1
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
2019-10-27Inline renderPublishSlideDavid Mehren1-8/+4
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Inline responseCodiMDDavid Mehren1-18/+14
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Inline publish and slideDavid Mehren1-10/+2
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Inline renderPublishDavid Mehren1-8/+4
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Move showPublishNote and publishNoteActions to note controllerDavid Mehren6-125/+99
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Move showNote to note controllerDavid Mehren3-133/+19
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Move note actions into their own fileDavid Mehren2-9/+131
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Rename actions.js to controller.js and rename functions to be more descriptiveDavid Mehren3-34/+33
Move postNote to NoteController and rename to createFromPost Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Move slide actions to own fileDavid Mehren4-85/+87
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Fix errors constant in note/actions.jsDavid Mehren1-7/+7
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27Move note actions to their own file.David Mehren15-387/+407
Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-22Allow to generate lower case header references through the confighoijui2-2/+4
This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-11Fix broken error template due to missing opengraphSheogorath1-1/+2
This regression bug was caused by the error page using the `codimd/head` template. This resulted in error messages like this: ``` ReferenceError: /codimd/public/views/error.ejs:5 3| 4| <head> >> 5| <%- include codimd/head %> 6| <link rel="stylesheet" href="<%- serverURL %>/css/center.css"> 7| </head> 8| /codimd/public/views/codimd/head.ejs:7 5| <meta name="apple-mobile-web-app-status-bar-style" content="black"> 6| <meta name="mobile-web-app-capable" content="yes"> >> 7| <% for (var og in opengraph) { %> 8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %> 9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>"> 10| <% }} if (!opengraph.hasOwnProperty('image')) { %> opengraph is not defined at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23) at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10) at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17) at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36) at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10) at View.render (/codimd/node_modules/express/lib/view.js:135:8) at tryRender (/codimd/node_modules/express/lib/application.js:640:10) at Function.render (/codimd/node_modules/express/lib/application.js:592:3) at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7) at responseError (/codimd/lib/response.js:57:20) at Object.errorNotFound (/codimd/lib/response.js:30:5) at newNote (/codimd/lib/response.js:134:76) at /codimd/lib/response.js:172:16 at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14) ``` The fix for that is rather trivial. We simply provide an empty array of metadata when generating the error template. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-04Added customizable og-metadata to notesErik Michelson2-2/+15
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-03remove unused variable to pass ci testing - #58Amolith1-1/+0
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03remove legacy code to solve #58Amolith1-10/+0
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-09-18Updated forbiddenNoteIDsErik Michelson1-1/+1
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04Refactored note-creation with given noteIdErik Michelson2-14/+18
Known bugs/features: - pushing towards an existing note results in an error 500 Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04Added endpoint for note-creation with given aliasErik Michelson2-2/+4
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-03Docker Secrets: Use Encoding Parameter DirectlyJonas Thelemann1-1/+1
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03Config: Return String Instead Of Buffer For Docker SecretsJonas Thelemann1-1/+1
Prevents "TypeError: Cannot freeze array buffer views with elements". Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-02Docker Secrets: Correct Source PathJonas Thelemann1-1/+1
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-08-26Add link to imprintMatthias Lindinger1-0/+1
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
2019-08-15Disable PDF export due to security issueSheogorath1-0/+6
As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future. I hope you can live with this solution for this release because I'm super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15Fix variable names for docker secretsSheogorath1-5/+5
It seems like since we switched to camelcase we missed to update some variable names in the config section. This patch fixes those. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-12fix: migration should return promisechandi3-18/+18
Signed-off-by: chandi <git@chandi.it>
2019-07-01Docker Secrets: Add DB URL SupportJonas Thelemann1-0/+1
As the connection string may include a password it should be supported by Docker Secrets. Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-06-18Add SVG image detection based on file extensionLennart Weller1-0/+2
Add simple SVG image detecetion base on the file extension .svg. This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG. Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
2019-06-11fix: upgrade sequelize to latest version to fix CVEBoHong Li5-745/+752
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-08Respect DNT headerSheogorath1-2/+4
Do Not Track (DNT) is an old web standard in order to notify pages that the user doesn't want to be tracked. Even while a lot of pages either ignore this header or even worse, use it for tracking purposes, the orignal intention of this header is good and should be adopted. This patch implements a respect of the DNT header by no longer including the optional Google Analytics and disqus integrations when sending a DNT header. This should reduce outside resource usage and help to stay more private. This should later-on extended towards other document content (i.e. iframe based content). The reason to not change the CDN handling is that CDNs will be deprecated with next release and removed in long term. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08Rework debug loggingSheogorath15-69/+54
We have various places with overly simple if statements that could be handled by our logging library. Also a lot of those logs are not marked as debug logs but as info logs, which can cause confusion during debugging. This patch removed unneeded if clauses around debug logging statements, reworks debug log messages towards ECMA templates and add some new logging statements which might be helpful in order to debug things like image uploads. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 05:09:45 +0000