summaryrefslogtreecommitdiff
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-178-14/+150
|\ | | | | GDPR compliant part 1
| * Add note export functionSheogorath2018-05-261-0/+56
| | | | | | | | | | | | | | | | This function is the first step to get out data following GDPR about the transportability of data. Details: https://gdpr-info.eu/art-20-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add token based security featureSheogorath2018-05-254-12/+52
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix requests for deleted usersSheogorath2018-05-252-5/+10
| | | | | | | | | | | | | | When users are requested from the authorship which no longer exist, they shouldn't cause a 500. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete function for authenticated usersSheogorath2018-05-251-0/+24
| | | | | | | | | | | | | | Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use cascaded deletesSheogorath2018-05-253-4/+12
| | | | | | | | | | | | | | When we delete a user we should delete all the notes that belong to this user including the revisions of these notes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Use hard delete instead of soft deleteSheogorath2018-05-251-1/+1
| | | | | | | | | | | | | | Right now we only flag notes as deleted. This is no longer allowed under GDPR. Make sure you do regular backups! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add privacy and ToS linksSheogorath2018-05-241-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix i18n writing locale files in productionSheogorath2018-06-051-0/+3
| | | | | | | | | | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-048-2/+154
|\ \ | | | | | | Add "generic" OAuth2 support
| * | Use TEXT instead of STRING for tokensPedro Ferreira2018-03-262-2/+25
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
| * | Add support for generic OAuth2 providersPedro Ferreira2018-03-266-0/+129
| | | | | | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | | Fix callback validationAdam Hoka2018-06-014-4/+7
| | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | Add Azure Blob Storage supportÁdám Hóka2018-06-015-3/+49
| | | | | | | | | | | | Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* | | Merge pull request #785 from pferreir/redirect-to-loginChristoph (Sheogorath) Kern2018-05-311-1/+7
|\ \ \ | |_|/ |/| | 403: Redirect user to login page if not logged in
| * | 403: redirect user to login page if not logged inPedro Ferreira2018-03-271-1/+7
| |/ | | | | | | Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-162-2/+0
| |
* | Merge pull request #813 from SISheogorath/fix/googleAPIChristoph (Sheogorath) Kern2018-05-102-0/+2
|\ \ | | | | | | Workaround Google API problems
| * | Use API key instead of clientSecretSheogorath2018-04-132-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix typo of "grouptAttribute" in saml auth moduleMax Wu2018-04-271-2/+2
| | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | | Merge pull request #803 from SISheogorath/fix/letterAvatarCSPChristoph (Sheogorath) Kern2018-04-173-11/+23
|\ \ \ | | | | | | | | Move letter-avatars into own request
| * | | Move letter-avatars into own requestSheogorath2018-04-173-11/+23
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #797 from SISheogorath/fix/LZErrorLogChristoph (Sheogorath) Kern2018-04-111-0/+9
|\ \ \ | | | | | | | | Add check for noteId length
| * | | Add check for noteId lengthSheogorath2018-04-101-0/+9
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | As we know the length of an UUID we can check if the base64 string of the provided UUID is long enough for a legacy base64 encoded nodeId and stop processing it in legacy mode, if it's not the case. This should make the ugly warning way less common. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / / Fix typos for `allowAnonymousEdits`Sheogorath2018-04-103-4/+4
|/ / | | | | | | | | | | | | | | | | Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #791 from SISheogorath/fix/extendedCSPPoliciesChristoph (Sheogorath) Kern2018-04-053-2/+17
|\ \ | | | | | | Fix CSP for disqus and Google Analytics
| * | Fix CSP for disqus and Google AnalyticsSheogorath2018-03-303-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Add session data to env varsSheogorath2018-03-291-0/+2
|/ / | | | | | | | | | | | | | | | | | | | | Currently the session secret can only be set by config.json or docker secrets. This creates a problem on Heroku hosted instances that can not set a session secret. Since we automatically generate them on startup this results in an logout of all users on every config change in Heroku. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #780 from SISheogorath/fix/sessionSecretChristoph (Sheogorath) Kern2018-03-282-0/+10
|\ \ | | | | | | Automatically generate a session secret if default is used
| * | Automatically generate a session secret if default is usedSheogorath2018-03-262-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #786 from SISheogorath/fix/compatiblityConfigChristoph (Sheogorath) Kern2018-03-272-6/+6
|\ \ \ | |_|/ |/| | Fix some issues with legacy config compatiblity
| * | Fix logical error in legacy config expressionSheogorath2018-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should check for an undefined and not just for a logical true or false. Example: When `usecdn` was set to false it was impossible to overwrite the new config value because the if statement becomes false. Thanks @davidmehren for pointing me to this issue. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | Rename forgotten valuesSheogorath2018-03-261-4/+4
| |/ | | | | | | | | | | Looks like we forgot something during the migration. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Allow embedding of video and audio tagsSheogorath2018-03-251-0/+1
|/ | | | | | | | | | | | | Adding mediaSrc to CSP so video and audio files can be embedded without problems. From a security perspective it should be fine to load audio and video data without introducing a high security issue. Only from a privacy perspective it allows another way to track users if there are data embedded. But it doesn't introduce any new attack vector as pictures are also allowed from everywhere. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-2525-182/+235
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #771 from SISheogorath/refactor/imageRouterChristoph (Sheogorath) Kern2018-03-217-132/+190
|\ | | | | Refactoring imageRouter to modularity
| * Refactoring imageRouter to modularitySheogorath2018-03-207-132/+190
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should make the imageRouter more modular and easier to extent. Also a lot of code duplication was removed which should simplify maintenance in future. In the new setup we only need to provide a new module file which exports a function called `uploadImage` and takes a filePath and a callback as argument. The callback itself takes an error and an url as parameter. This eliminates the need of a try-catch-block around the statement and re-enabled the optimization in NodeJS. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #770 from SISheogorath/fix/ldapUUIDChristoph (Sheogorath) Kern2018-03-181-1/+8
|\ \ | | | | | | Add check for undefined UUID
| * | Add check for undefined UUIDSheogorath2018-03-181-1/+8
| |/ | | | | | | | | | | | | | | | | | | | | | | This check is needed at there are tons of LDAP implementations out there and none has at least one guaranteed unique field. As we currently check three fields and added an option to select one yourself, it's still not said that any of these fields is set. This will now create an error and fail the authentication instead of letting people may get access to other people's notes which are stored under a this way deterministic wrong userid named `LDAP-undefined`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64Christoph (Sheogorath) Kern2018-03-184-10/+53
|\ \ | | | | | | Fix to use url-safe base64 in note url
| * | Fix to log instead of throwing error on parse note idMax Wu2018-03-111-2/+4
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Fix parseNoteId order to fix some edge caseMax Wu2018-03-101-7/+7
| | | | | | | | | | | | | | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Improve history migration performanceMax Wu2018-03-101-11/+5
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Update to use buffer in encode/decode note idMax Wu2018-02-271-2/+4
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Add migration for LZString compressed note id in historyMax Wu2018-02-261-1/+21
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * | Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-263-8/+33
| | | | | | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | | Merge pull request #757 from SISheogorath/fix/migrationChristoph (Sheogorath) Kern2018-03-171-0/+11
|\ \ \ | | | | | | | | Add missing migration for permissions
| * | | Add missing migration for permissionsSheogorath2018-03-061-0/+11
| | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Add helper function to fix number problemsSheogorath2018-03-162-3/+10
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | As minio causes various problem if you configure it using environment variables and leave the port setting out, which will evaluate to NaN, this change should fix this in a clean way for this time and helps to support numbers in general in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #761 from SISheogorath/feature/reportURIChristoph (Sheogorath) Kern2018-03-143-2/+11
|\ \ \ | | | | | | | | Add config option for report URI in CSP