summaryrefslogtreecommitdiff
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Extend migration error handlingSheogorath2018-09-058-9/+9
| | | | | | | | | | The current error handling seems to conflict with some sequelize versions. So we add a second version of it in our excemptions. I'm not happy about it, but when it helps to prevent further migration breaking, it's worth it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #906 from SISheogorath/fix/letterAvatarMailChristoph (Sheogorath) Kern2018-09-051-0/+4
|\ | | | | Fix possible weird objects as email
| * Fix possible weird objects as emailSheogorath2018-07-271-0/+4
| | | | | | | | | | | | | | It seems like some providers return strange types for emails which cause problems. We default to something that is definitely a string. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | BUGFIX: wrong version check for gitlab apiAlexander Hesse2018-08-231-2/+2
| | | | | | | | Signed-off-by: Alexander Hesse <alexander.hesse@sandstorm-media.de>
* | Merge pull request #908 from micedre/gitlabV4Christoph (Sheogorath) Kern2018-07-312-2/+8
|\ \ | | | | | | Add possibility to choose between version v3 or v4 for the gitlab api.
| * | Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-312-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* | | Merge pull request #894 from hcaloto/fixMigrationIssuesChristoph (Sheogorath) Kern2018-07-318-2/+56
|\ \ \ | |/ / |/| | Add missing catch blocks for migration from 1.1.1 to 1.2.0
| * | Add missing catch blocks for migration from 1.1.1 to 1.2.0Hugo Caloto2018-07-318-2/+56
| | | | | | | | | | | | Signed-off-by: Hugo Caloto <hcaloto@gmail.com>
* | | Merge pull request #907 from SISheogorath/fix/historyLZStringChristoph (Sheogorath) Kern2018-07-282-2/+19
|\ \ \ | | | | | | | | Some minor improvements for LZString handling
| * | | Further improvement of error handling for LZStringSheogorath2018-07-272-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This does some more in depth check on the error message and minimizes the log noise that is caused by LZString. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | | Minimize number of errors in LZString parsing errors for historySheogorath2018-07-271-0/+9
| | |/ | |/| | | | | | | | | | | | | | | | | | | Right now we still see a lot of LZString parsing errors in the logs. They probably come from the user history. We should minimize the number by add the basic length check there as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / | Support 'host' & 'path' config optionsMiranda Kastemaa2018-07-272-0/+3
|/ / | | | | | | Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
* / Upload images to the filesystem by default, rather than to imgurMaxence Ahlouche2018-07-091-1/+1
|/ | | | Signed-off-by: Maxence Ahlouche <maxence.ahlouche@gmail.com>
* Add script src hash for speaker note to CSP directivesMax Wu2018-07-051-1/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fixing content types in status routerSheogorath2018-07-031-2/+4
| | | | | | | | As it turns out, expressjs doesn't detect the right mimetype and it seems like I didn't bother to test this enough. So lets fix it for the next release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update passport-ldapSheogorath2018-06-301-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Final replacementsSheogorath2018-06-242-2/+2
| | | | | | | Looks like I missed a few. This should be complete now. And make us ready for the repo rename and merging. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Do final internal renameingSheogorath2018-06-243-6/+14
| | | | | | | | A little minor change, by moving the CodiMD version header in its own middleware. Should simplify to determine the version number of the Backend in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rename HackMD view to CodiMDSheogorath2018-06-243-3/+3
| | | | | | | | Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rename environment variables and add legacy support.Sheogorath2018-06-243-86/+216
| | | | | | | | As we are no longer HackMD the short tag `HMD` doesn't match anymore. We move it to the matching prefix `CMD` and inform our users about the change. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Rebrand HackMD to CodiMDSheogorath2018-06-241-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #854 from hackmdio/feature/disableGravatarChristoph (Sheogorath) Kern2018-06-244-27/+21
|\ | | | | Allow to disable gravatar
| * Allow to disable gravatarSheogorath2018-06-234-27/+21
| | | | | | | | | | | | | | | | | | Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #855 from hackmdio/fix/constantsChristoph (Sheogorath) Kern2018-06-243-0/+19
|\ \ | | | | | | Move config out of statics path
| * | Move config out of statics pathSheogorath2018-06-243-0/+19
| |/ | | | | | | | | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #856 from hackmdio/fix/lineEndingsChristoph (Sheogorath) Kern2018-06-241-1/+3
|\ \ | | | | | | Fix possible line-ending issues for init note
| * | Fix possible line-ending issues for init noteSheogorath2018-06-241-1/+3
| |/ | | | | | | | | | | | | | | | | | | By uploading a malicous note currently it is possible to prevent this note from being edited. This happens when using Windows line endings. With this commit we remove all `\r` characters from the notes and this way prevent this problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #857 from hackmdio/fix/pdf-linksChristoph (Sheogorath) Kern2018-06-241-1/+4
|\ \ | | | | | | Fix broken images in PDF caused by misconfigred server URL
| * | Fix broken images in PDF caused by misconfigred server URLSheogorath2018-06-241-1/+4
| |/ | | | | | | | | | | | | | | | | | | | | As it turns out, if the serverURL can't be generated correctly, HackMD will use relative paths in image upload. This causes broken links in PDF. With this commit we force absolute links during PDF creation which hopefully fixes the problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Fix breaking regexSheogorath2018-06-241-1/+1
|/ | | | | | | | The image upload regex breaks with the new path for uploads. This commit fixes it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible error if HackMD is started with wrong workdirSheogorath2018-06-233-1/+3
| | | | | | | | | | In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-178-14/+150
|\ | | | | GDPR compliant part 1
| * Add note export functionSheogorath2018-05-261-0/+56
| | | | | | | | | | | | | | | | This function is the first step to get out data following GDPR about the transportability of data. Details: https://gdpr-info.eu/art-20-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add token based security featureSheogorath2018-05-254-12/+52
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix requests for deleted usersSheogorath2018-05-252-5/+10
| | | | | | | | | | | | | | When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete function for authenticated usersSheogorath2018-05-251-0/+24
| | | | | | | | | | | | | | Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use cascaded deletesSheogorath2018-05-253-4/+12
| | | | | | | | | | | | | | When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use hard delete instead of soft deleteSheogorath2018-05-251-1/+1
| | | | | | | | | | | | | | Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add privacy and ToS linksSheogorath2018-05-241-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix i18n writing locale files in productionSheogorath2018-06-051-0/+3
| | | | | | | | | | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-048-2/+154
|\ \ | | | | | | Add "generic" OAuth2 support
| * | Use TEXT instead of STRING for tokensPedro Ferreira2018-03-262-2/+25
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
| * | Add support for generic OAuth2 providersPedro Ferreira2018-03-266-0/+129
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | Fix callback validationAdam Hoka2018-06-014-4/+7
| | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | Add Azure Blob Storage supportÁdám Hóka2018-06-015-3/+49
| | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | Merge pull request #785 from pferreir/redirect-to-loginChristoph (Sheogorath) Kern2018-05-311-1/+7
|\ \ \ | |_|/ |/| | 403: Redirect user to login page if not logged in
| * | 403: redirect user to login page if not logged inPedro Ferreira2018-03-271-1/+7
| |/ | | | | | | Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-162-2/+0
| |
* | Merge pull request #813 from SISheogorath/fix/googleAPIChristoph (Sheogorath) Kern2018-05-102-0/+2
|\ \ | | | | | | Workaround Google API problems
| * | Use API key instead of clientSecretSheogorath2018-04-132-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>