summaryrefslogtreecommitdiff
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix parseNoteId order to fix some edge caseMax Wu2018-03-101-7/+7
| | | | | | that LZString note url could be parsed by base64url note url and thus return wrong note id Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Improve history migration performanceMax Wu2018-03-101-11/+5
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update to use buffer in encode/decode note idMax Wu2018-02-271-2/+4
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Add migration for LZString compressed note id in historyMax Wu2018-02-261-1/+21
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-263-8/+33
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix to show 500 message when got error in parseNoteIdMax Wu2018-02-171-1/+2
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix field type to prevent data truncation of authorship (#721)Max Wu2018-02-093-2/+15
| | | | * Fix field type to prevent data truncation of authorship
* Fix typo of DB migration scriptTakeaki Matsumoto2018-02-081-2/+2
| | | | Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
* don't require referer to find note id in socket.io connections (fixes #623)Stefan Bühler2018-02-051-6/+14
| | | | Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
* Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #704 from SISheogorath/fix/ldapProviderNameChristoph (Sheogorath) Kern2018-01-291-0/+2
|\ | | | | Fix ldap provider name in template
| * Fix ldap provider name in templateSheogorath2018-01-261-0/+2
| | | | | | | | | | | | | | | | Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Remove camel case from `imageuploadtype` in configSheogorath2018-01-274-6/+14
|/ | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #691 from SISheogorath/feature/uploadChristoph (Sheogorath) Kern2018-01-231-0/+20
|\ | | | | Allow more detailed configuration of upload mime types
| * Allow more detailed configuration of upload mime typesSheogorath2018-01-201-0/+20
| | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix broken port configSheogorath2018-01-231-1/+1
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-233-0/+48
|\ \ | | | | | | Add support for minio
| * | Add support for minioMarc Deop2017-08-303-0/+48
| | |
* | | Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-224-1/+92
|\ \ \ | | | | | | | | Implement basic CSP support
| * | | Move CSP logic to new file, Fix boolean config examplesLiterallie2017-10-221-0/+80
| | | | | | | | | | | | | | | | Not sure why I was quoting these in the first place
| * | | Change CSP config format to be more intuitiveLiterallie2017-10-222-9/+4
| | | |
| * | | CSP: Allow more content typesLiterallie2017-10-221-3/+7
| | | |
| * | | CSP: Add nonce to slide view inline JSLiterallie2017-10-221-1/+2
| | | |
| * | | CSP: Upgrade insecure requests if possibleLiterallie2017-10-221-2/+3
| | | | | | | | | | | | | | | | Config option; default is to only upgrade if usessl
| * | | Add basic CSP supportLiterallie2017-10-221-0/+10
| | | |
* | | | Merge pull request #673 from fooker/masterChristoph (Sheogorath) Kern2018-01-203-1/+13
|\ \ \ \ | | | | | | | | | | Allow posting new note with content
| * | | | Allow posting new note with contentDustin Frisch2018-01-183-1/+13
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | | | | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-205-2/+6
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | | | Merge pull request #686 from SISheogorath/feature/configVersionChristoph (Sheogorath) Kern2018-01-191-1/+3
|\ \ \ \ | | | | | | | | | | Load version from package.json
| * | | | Load version from package.jsonSheogorath2018-01-191-1/+3
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | | Fix not passing app key correctly in dropbox configWu Cheng-Han2018-01-193-3/+6
|/ / / /
* | | | Release 1.0.0-ceSheogorath2018-01-181-1/+1
| | | |
* | | | Ignore empty values for revision.Sheogorath2018-01-181-2/+2
| | | | | | | | | | | | | | | | Fixes #420
* | | | Merge pull request #636 from laysdra7265/fix/sslcapathChristoph (Sheogorath) Kern2018-01-182-2/+5
|\ \ \ \ | | | | | | | | | | Fix sslcapath bug
| * | | | Update index.jsChristoph (Sheogorath) Kern2017-12-221-1/+1
| | | | |
| * | | | Simplify loopChristoph (Sheogorath) Kern2017-12-221-8/+3
| | | | |
| * | | | fixed sslcapath bugLaysDragon2017-12-052-2/+10
| | | | |
* | | | | Merge pull request #567 from ccoenen/fix-mysql-text-lengthChristoph (Sheogorath) Kern2018-01-183-4/+20
|\ \ \ \ \ | | | | | | | | | | | | converting all content fields to MEDIUMTEXT (affects MySQL only)
| * | | | | Fix #521 by converting content fields to LONGTEXT in MySQL, to prevent ↵Claudius Coenen2017-10-163-4/+20
| | |_|/ / | |/| | | | | | | | | | | | | truncation of data.
* | | | | Fix minor typosMax Wu2018-01-161-3/+3
| |_|/ / |/| | | | | | | of wrong parameters passing order and wrong user object indexing in for each function
* | | | Fix file permission, remove useless executablePeter Dave Hello2017-12-141-0/+0
| | | |
* | | | Merge branch 'master' into ldap-username-fieldChristoph (Sheogorath) Kern2017-12-122-5/+12
|\ \ \ \
| * | | | parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated arrayalecdwm2017-12-092-5/+12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alec WM <firstcontact@owls.io>
* | | | | Add setting `ldap.usernameField`Lukas Kalbertodt2017-12-093-1/+9
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead.
* | | | added guide for SAML settingsNorihito Nakae2017-12-043-3/+0
| | | |
* | | | added environment variables for SAMLNorihito Nakae2017-11-291-1/+12
| | | |
* | | | fixed the SAML callback URL to unconfigurable.Norihito Nakae2017-11-292-2/+1
| | | |
* | | | Initial support for SAML authenticationNorihito Nakae2017-11-287-0/+129
| |/ / |/| |
* | | Fix mattermost breaking notesSheogorath2017-10-311-0/+1
| | |
* | | Add mattermost authenticationChristoph Witzany2017-10-318-0/+75
| | |