| Commit message (Collapse) | Author | Files | Lines |
|---|
|
app.local
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Right now the feature exists but is almost not usable since the only way
to configure it is to know that it exists from reading the source code
and add it to config.json. This patch provides all needed changes so it
can be used by everyone including documentation.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Seems like we didn't fix the problem with the last patch. This should
finally fix it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
Images are now properly served when `config.uploadsPath`
differs from its default value.
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
|
|
While paths like `tmpPath` could previously be configured,
they were all interpreted relative to `appRootPath` because
of `path.join`.
Now the configurable paths can be canonical and therefore
independent of the `appRootPath`.
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
|
|
Previously it was assumed that `config.json` would be placed in
the same directory as the rest of CodiMD without any optional override.
This allows to override the path to the `config.json` by setting
`CMD_CONFIG_FILE` to the canonical path of the desired config file.
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
|
|
Previously calling `app.js` from another directory than
the base directory of CodiMD would result in an error being
thrown because `lib/workers/dmpWorker.js` could not be found.
This change makes the function call independent of the path CodiMD
is started from.
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
|
|
We recently introduced a new way to create notes using a post requeest
to the `/new` endpoint. This is not limited in size, other than pasting
a note in the editor. This patch should enforce this limit also on this
way.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
This patch should fix the unneeded warning of the wrong API version,
when gitlab isn't configured at all.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
`markdown-pdf` seems to fail to provide the PDFs on tmpfs. This leads
crashing codimd which expects the file to be there. This patch should
add some proper error handling when expectation and reality don't fit
together.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
The current error handling seems to conflict with some sequelize
versions. So we add a second version of it in our excemptions.
I'm not happy about it, but when it helps to prevent further migration
breaking, it's worth it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
|
|
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)
Default gitlab api version to v4
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|
Signed-off-by: Hugo Caloto <hcaloto@gmail.com>
|
|
This does some more in depth check on the error message and minimizes
the log noise that is caused by LZString.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
|
|
Right now we still see a lot of LZString parsing errors in the logs.
They probably come from the user history. We should minimize the number
by add the basic length check there as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
It seems like some providers return strange types for emails which cause
problems. We default to something that is definitely a string.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
|
|
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
As it turns out, expressjs doesn't detect the right mimetype and it
seems like I didn't bother to test this enough. So lets fix it for the
next release.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
A little minor change, by moving the CodiMD version header in its own
middleware. Should simplify to determine the version number of the
Backend in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Even when it looks a bit weird in first place to rename all internals
step by step, it makes sense to do so, because we run into confusion
afterwards.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
As we are no longer HackMD the short tag `HMD` doesn't match anymore. We
move it to the matching prefix `CMD` and inform our users about the
change.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
The image upload regex breaks with the new path for uploads.
This commit fixes it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
As it turns out, if the serverURL can't be generated correctly, HackMD
will use relative paths in image upload. This causes broken links in
PDF.
With this commit we force absolute links during PDF creation which
hopefully fixes the problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
By uploading a malicous note currently it is possible to prevent this
note from being edited. This happens when using Windows line endings.
With this commit we remove all `\r` characters from the notes and this
way prevent this problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.
This commit also simplifies and optimizes the avatar code.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
In https://github.com/hackmdio/hackmd/issues/834 is described how
starting HackMD crashes when using the wrong working dir.
This is caused by a relative path in our upload routine. This change
should fix it and prevent future crashes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
|
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
|
This function is the first step to get out data following GDPR about the
transportability of data.
Details: https://gdpr-info.eu/art-20-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Allow users to delete themselbes. This is require to be GDPR compliant.
See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.
Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.
This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
