| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
The current error handling seems to conflict with some sequelize
versions. So we add a second version of it in our excemptions.
I'm not happy about it, but when it helps to prevent further migration
breaking, it's worth it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Fix possible weird objects as email
|
| | |
| |
| |
| |
| |
| |
| | |
It seems like some providers return strange types for emails which cause
problems. We default to something that is definitely a string.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| | |
Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
|
| |\ \
| | |
| | | |
Add possibility to choose between version v3 or v4 for the gitlab api.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)
Default gitlab api version to v4
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
Add missing catch blocks for migration from 1.1.1 to 1.2.0
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Hugo Caloto <hcaloto@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Some minor improvements for LZString handling
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This does some more in depth check on the error message and minimizes
the log noise that is caused by LZString.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Right now we still see a lot of LZString parsing errors in the logs.
They probably come from the user history. We should minimize the number
by add the basic length check there as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
|
| |/
|
|
| |
Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
|
| |
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| |
|
|
|
|
|
|
| |
As it turns out, expressjs doesn't detect the right mimetype and it
seems like I didn't bother to test this enough. So lets fix it for the
next release.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
| |
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
| |
A little minor change, by moving the CodiMD version header in its own
middleware. Should simplify to determine the version number of the
Backend in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
| |
Even when it looks a bit weird in first place to rename all internals
step by step, it makes sense to do so, because we run into confusion
afterwards.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
| |
As we are no longer HackMD the short tag `HMD` doesn't match anymore. We
move it to the matching prefix `CMD` and inform our users about the
change.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Allow to disable gravatar
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Since Gravatar is an external image source and not perfect from a
privacy perspective, forbidding it allows to improve privacy.
This commit also simplifies and optimizes the avatar code.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Move config out of statics path
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Fix possible line-ending issues for init note
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By uploading a malicous note currently it is possible to prevent this
note from being edited. This happens when using Windows line endings.
With this commit we remove all `\r` characters from the notes and this
way prevent this problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Fix broken images in PDF caused by misconfigred server URL
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As it turns out, if the serverURL can't be generated correctly, HackMD
will use relative paths in image upload. This causes broken links in
PDF.
With this commit we force absolute links during PDF creation which
hopefully fixes the problem.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/
|
|
|
|
|
|
| |
The image upload regex breaks with the new path for uploads.
This commit fixes it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
| |
In https://github.com/hackmdio/hackmd/issues/834 is described how
starting HackMD crashes when using the wrong working dir.
This is caused by a relative path in our upload routine. This change
should fix it and prevent future crashes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
GDPR compliant part 1
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This function is the first step to get out data following GDPR about the
transportability of data.
Details: https://gdpr-info.eu/art-20-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the current setup users could be tricked into deleting their data by
providing a malicious link like `[click me](/me/delete)`. This commit
prevents such an easy attack and need the user's deleteToken to get his
data deleted. In case someone requests his deletion by email you can
also ask him for this token.
We can add a GUI that shows it later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| | |
When users are requested from the authorship which no longer exist, they
shouldn't cause a 500.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Allow users to delete themselbes. This is require to be GDPR compliant.
See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| | |
When we delete a user we should delete all the notes that belong to this
user including the revisions of these notes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Right now we only flag notes as deleted. This is no longer allowed under
GDPR. Make sure you do regular backups!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To be GDPR compliant we need to provide privacy statement. These should
be linked on the index page. So as soon as a document exist under
`public/docs/privacy.md` the link will show up.
Since we already add legal links, we also add Terms of Use, which will
show up as soon as `public/docs/terms-of-use.md` exists.
This should allow everyone to provide the legal documents they need for
GDPR and other privacy and business laws.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Add "generic" OAuth2 support
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
|
| |\ \ \
| |_|/
|/| | |
403: Redirect user to login page if not logged in
|
| | |/
| |
| |
| | |
Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
|
| | | |
|
| |\ \
| | |
| | | |
Workaround Google API problems
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
