| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since libravatar got a default fallback to Gravatar and in generell
allows federated image hosting for avatars this shouldn't break any
existing implementations.
The federation functionality is not added yet. This would require to use
the libravatar library.
Details:
https://wiki.libravatar.org/api/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix shown but broken GitLab snippets
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.
This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
Since Google+ is shutting down soon, we need to get the profile data
from another URL. Since the library already supports it, all we need to
do is adding a single line of code.
Details:
https://github.com/hackmdio/codimd/issues/1160
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix empty serverURL did not redirect properly
|
| |
| |
| |
| | |
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| |
| | |
Seem like also environment variables are affected. This patch fixes that
as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
| |
Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
| |
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.
This patch disables OpenID by default.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.
This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\
| |
| | |
Fix broken Gist embedding
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Looks like GitHub changed their asset system and our CSP prevented them
from getting loaded.
This patch should fix the Gist embedding with enabled CSP by replacing
the old URL `https://assets-cdn.github.com` with the new
`https://github.githubassets.com`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| | |
Fixes #1107.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| | |
| | | |
Fix usage of new URL API
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to the deprecation of the old `url`-API provided by NodeJS we
replaced `url.resolve` with `url.URL.resolve`, which doesn't exist.
This patch fixes the local filesystem upload of CodiMD by using the new
API correctly. Creating an URL object and using its href.
Some more background:
https://nodejs.org/api/url.html#url_url_href
https://nodejs.org/api/url.html#url_url_resolve_from_to
Fixes https://github.com/hackmdio/codimd/issues/1102
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Fix CSP for speaker notes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Looks like I was wrong in my previous commit to update revealjs.[1]
The speaker notes broke again with the CSPs. So this patch updates the
hash and this way the speaker notes.
[1]: bcebf1e8d285184f8c905f00e0270621790e7b80
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.
This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Warn on missing serverURL
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We see some issues that are based on not properly configured
`config.serverURL`.
This patch adds a warning when `config.serverURL` is an empty value.
This should provide users direct feedback about how to improve their
configs.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Fix wrong config options
In `./lib/web/auth/` some config includes still used `config.serverurl` instead of the correct `config.serverURL`. This causes wrong URL in worst case.
This patch should fix those problems and migrate the wrong statements to camelcase.
|
| |
| |
| |
| | |
Signed-off-by: CloudYu <cloudyu322@gmail.com>
|
|/
|
|
|
|
|
|
|
| |
This commit also refactors the code a bit, and adds a '-' separator
between a filename and its duplicate index.
This commit fixes #1079.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.
A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.
https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems like the inital work on the hsts module expected milliseconds.
This has either changed or was never true. Either way, it caused that
the current defaults resulted in theory in a 1000 year HSTS policy.
Luckily helmet was smart enough to not go higher than 1 year.
Anyway, this patch fixes the multiplication of the configured size with
1000 by removing this multiplication.
Also to simplify the reading of the defaults, we split them into their
components, 60 times 60 seconds so we get one hour. 24 of those hours so
we get a day and finally 365 days to get our original wanted default of
one year.
Reference:
https://github.com/hackmdio/CodiMD/commit/d69d65ea7434eee85db4b905f0852f4d8fa7ecce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Disallow creation of robots.txt in freeurl
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.
This commit fixes #1052.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| | |
| | | |
Fix migration failure due to change on error messages
|
| | |
| | |
| | |
| | | |
Signed-off-by: Carles Bruguera <carlesba@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
During the upgrade of winston in
c3584770f24205d84b9399abd9535cb27dc7b00c a the class extension for
streaming was removed.
This caused silent crashes. Somehow winston simply called
`process.exit(1)` whenever `logger.write()` was called. This is really
bad and only easy to debug because of the testing right after upgrading.
However, reimplementing the stream interface as it was, didn't work, due
to the fact that `logger.write()` is already implemented and causes the
mentioned problem. So we extent the object with an `stream` object that
implements `write()` for streams and pass that to morgan.
So this patch fixes unexpected exiting for streaming towards our logging
module.
References:
https://www.digitalocean.com/community/tutorials/how-to-use-winston-to-log-node-js-applications
https://github.com/hackmdio/codimd/commit/c3584770f24205d84b9399abd9535cb27dc7b00c
https://stackoverflow.com/a/28824464
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| | | |
| | | | |
InternalOAuthError is not part of passport, but of passport-oauth2 #1056
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes part of #1056: an error while obtaining the profile
would have `502`-crashed the server.
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
|\ \ \ \
| |/ / /
|/| | | |
Upgrade winston / refactor logging
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Our log library got a new major version which should be implemented.
That's exactly what this patch does. Implementing the new version of the
logging library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
Seems like there was some debugging going on some day, this patch should
make sure the right logging is used.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Add download action to published notes
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alex Garcia <alexsebastian.garcia@gmail.com>
|
|\ \ \
| | | |
| | | | |
Fix wrong reading from commit
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Right now we use a substr after reading the commit. That's definitely
wrong and leads to wrong commit hashes since the first 5 chars are
missing.
This patch removes the substr usage here and this way fixes the
generated links.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Use OS based tmp dir
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should use the official OS temp directory instead of an own one, to
not run into conflicts. Also various dependencies already use the OS
temp directory, which makes it pointless to use a different for our
internal purposes then. This commit provides the changes needed to use
the OS tmp directory by default.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently we only provide the version from `package.json`. This means
that during updates of instances, e.g. the demo instance, which runs
latest master instead of a stable release, changes are not reflected to
the webclient.
This patch adds a fullversion string that contains the current commit
and this way makes that clients are notified about changes.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|/
|
|
|
|
| |
app.local
Signed-off-by: Claudius <opensource@amenthes.de>
|
|\
| |
| | |
Add `data:` URL to CSP and upgrade helmet
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Make oauth2 provider name accessible
|