summaryrefslogtreecommitdiff
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Refactoring imageRouter to modularitySheogorath2018-03-207-132/+190
| | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #761 from SISheogorath/feature/reportURIChristoph (Sheogorath) Kern2018-03-143-2/+11
|\ | | | | Add config option for report URI in CSP
| * Add config option for report URI in CSPSheogorath2018-03-143-2/+11
| | | | | | | | | | | | | | | | This option is needed as it's currently not possible to add an report URI by the directives array. This option also allows to get CSP reports not only on docker based setup but also on our heroku instances. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Convert HMD_MINIO_PORT into Number type.vazontang2018-03-151-1/+1
| | | | | | | | | | fix hackmdio/hackmd#763 Signed-off-by: Tang TsungYi <vazontang@gmail.com>
* | Multiple emails from LDAP are already an ArrayFelix Schäfer2018-03-091-1/+1
|/ | | | Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Remove unused LDAP option `tokenSecret`Felix Schäfer2018-03-052-2/+0
| | | | | | hackmdio/hackmd#754 Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Introduce ldap.useridFieldDustin Frisch2018-03-013-1/+6
| | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Fix to show 500 message when got error in parseNoteIdMax Wu2018-02-171-1/+2
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix field type to prevent data truncation of authorship (#721)Max Wu2018-02-093-2/+15
| | | | * Fix field type to prevent data truncation of authorship
* Fix typo of DB migration scriptTakeaki Matsumoto2018-02-081-2/+2
| | | | Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
* don't require referer to find note id in socket.io connections (fixes #623)Stefan Bühler2018-02-051-6/+14
| | | | Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
* Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #704 from SISheogorath/fix/ldapProviderNameChristoph (Sheogorath) Kern2018-01-291-0/+2
|\ | | | | Fix ldap provider name in template
| * Fix ldap provider name in templateSheogorath2018-01-261-0/+2
| | | | | | | | | | | | | | | | Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Remove camel case from `imageuploadtype` in configSheogorath2018-01-274-6/+14
|/ | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #691 from SISheogorath/feature/uploadChristoph (Sheogorath) Kern2018-01-231-0/+20
|\ | | | | Allow more detailed configuration of upload mime types
| * Allow more detailed configuration of upload mime typesSheogorath2018-01-201-0/+20
| | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix broken port configSheogorath2018-01-231-1/+1
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-233-0/+48
|\ \ | | | | | | Add support for minio
| * | Add support for minioMarc Deop2017-08-303-0/+48
| | |
* | | Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-224-1/+92
|\ \ \ | | | | | | | | Implement basic CSP support
| * | | Move CSP logic to new file, Fix boolean config examplesLiterallie2017-10-221-0/+80
| | | | | | | | | | | | | | | | Not sure why I was quoting these in the first place
| * | | Change CSP config format to be more intuitiveLiterallie2017-10-222-9/+4
| | | |
| * | | CSP: Allow more content typesLiterallie2017-10-221-3/+7
| | | |
| * | | CSP: Add nonce to slide view inline JSLiterallie2017-10-221-1/+2
| | | |
| * | | CSP: Upgrade insecure requests if possibleLiterallie2017-10-221-2/+3
| | | | | | | | | | | | | | | | Config option; default is to only upgrade if usessl
| * | | Add basic CSP supportLiterallie2017-10-221-0/+10
| | | |
* | | | Merge pull request #673 from fooker/masterChristoph (Sheogorath) Kern2018-01-203-1/+13
|\ \ \ \ | | | | | | | | | | Allow posting new note with content
| * | | | Allow posting new note with contentDustin Frisch2018-01-183-1/+13
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | | | | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-205-2/+6
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | | | Merge pull request #686 from SISheogorath/feature/configVersionChristoph (Sheogorath) Kern2018-01-191-1/+3
|\ \ \ \ | | | | | | | | | | Load version from package.json
| * | | | Load version from package.jsonSheogorath2018-01-191-1/+3
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | | Fix not passing app key correctly in dropbox configWu Cheng-Han2018-01-193-3/+6
|/ / / /
* | | | Release 1.0.0-ceSheogorath2018-01-181-1/+1
| | | |
* | | | Ignore empty values for revision.Sheogorath2018-01-181-2/+2
| | | | | | | | | | | | | | | | Fixes #420
* | | | Merge pull request #636 from laysdra7265/fix/sslcapathChristoph (Sheogorath) Kern2018-01-182-2/+5
|\ \ \ \ | | | | | | | | | | Fix sslcapath bug
| * | | | Update index.jsChristoph (Sheogorath) Kern2017-12-221-1/+1
| | | | |
| * | | | Simplify loopChristoph (Sheogorath) Kern2017-12-221-8/+3
| | | | |
| * | | | fixed sslcapath bugLaysDragon2017-12-052-2/+10
| | | | |
* | | | | Merge pull request #567 from ccoenen/fix-mysql-text-lengthChristoph (Sheogorath) Kern2018-01-183-4/+20
|\ \ \ \ \ | | | | | | | | | | | | converting all content fields to MEDIUMTEXT (affects MySQL only)
| * | | | | Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent ↵Claudius Coenen2017-10-163-4/+20
| | |_|/ / | |/| | | | | | | | | | | | | truncation of data.
* | | | | Fix minor typosMax Wu2018-01-161-3/+3
| |_|/ / |/| | | | | | | of wrong parameters passing order and wrong user object indexing in for each function
* | | | Fix file permission, remove useless executablePeter Dave Hello2017-12-141-0/+0
| | | |
* | | | Merge branch 'master' into ldap-username-fieldChristoph (Sheogorath) Kern2017-12-122-5/+12
|\ \ \ \
| * | | | parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated arrayalecdwm2017-12-092-5/+12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alec WM <firstcontact@owls.io>
* | | | | Add setting `ldap.usernameField`Lukas Kalbertodt2017-12-093-1/+9
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead.
* | | | added guide for SAML settingsNorihito Nakae2017-12-043-3/+0
| | | |
* | | | added environment variables for SAMLNorihito Nakae2017-11-291-1/+12
| | | |
* | | | fixed the SAML callback URL to unconfigurable.Norihito Nakae2017-11-292-2/+1
| | | |
* | | | Initial support for SAML authenticationNorihito Nakae2017-11-287-0/+129
| |/ / |/| |