| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Backport of #345 to 1.x
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the currently broken redirect on login when people try
to access a site they have no access to, they are redirected to the main
page to log in. After a successful login they should be redirected to
the original note, but instead are redirect to the index page again.
This aptch fixes the typo that causes the behavior and brings people
back to the note they edited.
Thanks to @clvs7-gh on Github[1], who submitted the patch via email.
On their behalf I hereby submit the change.
[1]: https://github.com/clvs7-gh
Note: I had to ajust this patch to work properly.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
| |
This commit backport 856fc01fb9b30489b254f2ef9d29de80aa189118
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on how the system was setup, this bug lead to keep user's data
around even after a successful deletion of user'S account. This patch
will make sure the missing database constraints are implemented and
missed out deletions are executed.
This bug was introduced to insufficent testing after implementing the
feature initially. It was well tested, using the app process itself, but
the migrations where missed out. I'm currently not sure, if there was
also a change in how sequelize handles cassaded deletion, since I'm
unter the impression that before switching to sequelize 5, this feature
has worked. But I haven't verified this.
No matter what, the cleanup process is rather straight forward and will
be invoked on migration, but can also be done manually using the new
`bin/cleanup` script.
This change will result in a release 1.6.1.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]
There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]
Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.
[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
| |
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3
Signed-off-by: ike <developer@ikewat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Linkify header style
|
| | |
| |
| |
| | |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| | |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| | |
| |
| |
| |
| |
| | |
instead of doing it in the authentication source
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| | |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| | |
| |
| |
| |
| |
| | |
Saving referer into session in SAML auth so passport can redirect correctly after SAML login.
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |\ \
| |/
|/| |
First steps in refactoring the backend code
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Move postNote to NoteController and rename to createFromPost
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Because of circular import problems, this commit also moves the error messages from response.js to errors.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.
This behavior can be enabled in config.json with:
```
"linkifyHeaderStyle": "gfm"
```
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:
```
ReferenceError: /codimd/public/views/error.ejs:5
3|
4| <head>
>> 5| <%- include codimd/head %>
6| <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
7| </head>
8|
/codimd/public/views/codimd/head.ejs:7
5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
6| <meta name="mobile-web-app-capable" content="yes">
>> 7| <% for (var og in opengraph) { %>
8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
at View.render (/codimd/node_modules/express/lib/view.js:135:8)
at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
at responseError (/codimd/lib/response.js:57:20)
at Object.errorNotFound (/codimd/lib/response.js:30:5)
at newNote (/codimd/lib/response.js:134:76)
at /codimd/lib/response.js:172:16
at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)
```
The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Add customizable opengraph metadata for notes (see #40)
|
| | |
| |
| |
| | |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| | |
| |
| |
| | |
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
| |/
|
|
| |
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
| |\
| |
| | |
Added endpoint for note-creation with given alias
|
| | |
| |
| |
| |
| |
| |
| | |
Known bugs/features:
- pushing towards an existing note results in an error 500
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| | |
| |
| |
| | |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| |/
|
|
| |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| |\
| |
| | |
Config: Return String Instead Of Buffer For Docker Secrets
|
| | |
| |
| |
| | |
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
| | |
| |
| |
| |
| |
| | |
Prevents "TypeError: Cannot freeze array buffer views with elements".
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
| |/
|
|
| |
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
| |\
| |
| | |
make aws s3 endpoint configurable
|
| | |
| |
| |
| | |
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
|
| | |
| |
| |
| | |
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.
I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| | |
It seems like since we switched to camelcase we missed to update some
variable names in the config section. This patch fixes those.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| | |
Signed-off-by: chandi <git@chandi.it>
|
| |\ \
| | |
| | | |
Respect DNT header
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.
This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.
This should later-on extended towards other document content (i.e.
iframe based content).
The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
