summaryrefslogtreecommitdiff
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Inline publish and slideDavid Mehren2019-10-271-10/+2
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Inline renderPublishDavid Mehren2019-10-271-8/+4
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Move showPublishNote and publishNoteActions to note controllerDavid Mehren2019-10-276-125/+99
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Move showNote to note controllerDavid Mehren2019-10-273-133/+19
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Move note actions into their own fileDavid Mehren2019-10-272-9/+131
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Rename actions.js to controller.js and rename functions to be more descriptiveDavid Mehren2019-10-273-34/+33
| | | | | | Move postNote to NoteController and rename to createFromPost Signed-off-by: David Mehren <dmehren1@gmail.com>
* Move slide actions to own fileDavid Mehren2019-10-274-85/+87
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Fix errors constant in note/actions.jsDavid Mehren2019-10-271-7/+7
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Move note actions to their own file.David Mehren2019-10-2715-387/+407
| | | | | | Because of circular import problems, this commit also moves the error messages from response.js to errors.js Signed-off-by: David Mehren <dmehren1@gmail.com>
* Allow to generate lower case header references through the confighoijui2019-10-222-2/+4
| | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Fix broken error template due to missing opengraphSheogorath2019-10-111-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This regression bug was caused by the error page using the `codimd/head` template. This resulted in error messages like this: ``` ReferenceError: /codimd/public/views/error.ejs:5 3| 4| <head> >> 5| <%- include codimd/head %> 6| <link rel="stylesheet" href="<%- serverURL %>/css/center.css"> 7| </head> 8| /codimd/public/views/codimd/head.ejs:7 5| <meta name="apple-mobile-web-app-status-bar-style" content="black"> 6| <meta name="mobile-web-app-capable" content="yes"> >> 7| <% for (var og in opengraph) { %> 8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %> 9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>"> 10| <% }} if (!opengraph.hasOwnProperty('image')) { %> opengraph is not defined at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23) at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10) at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17) at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36) at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10) at View.render (/codimd/node_modules/express/lib/view.js:135:8) at tryRender (/codimd/node_modules/express/lib/application.js:640:10) at Function.render (/codimd/node_modules/express/lib/application.js:592:3) at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7) at responseError (/codimd/lib/response.js:57:20) at Object.errorNotFound (/codimd/lib/response.js:30:5) at newNote (/codimd/lib/response.js:134:76) at /codimd/lib/response.js:172:16 at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14) ``` The fix for that is rather trivial. We simply provide an empty array of metadata when generating the error template. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #191 from ErikMichelson/feature/ogmetadataSheogorath2019-10-102-2/+15
|\ | | | | Add customizable opengraph metadata for notes (see #40)
| * Added customizable og-metadata to notesErik Michelson2019-10-042-2/+15
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* | remove unused variable to pass ci testing - #58Amolith2019-10-031-1/+0
| | | | | | | | Signed-off-by: Amolith <amolith@nixnet.xyz>
* | remove legacy code to solve #58Amolith2019-10-031-10/+0
|/ | | | Signed-off-by: Amolith <amolith@nixnet.xyz>
* Merge pull request #170 from ErikMichelson/post-note-urlSheogorath2019-09-262-13/+19
|\ | | | | Added endpoint for note-creation with given alias
| * Refactored note-creation with given noteIdErik Michelson2019-09-042-14/+18
| | | | | | | | | | | | | | Known bugs/features: - pushing towards an existing note results in an error 500 Signed-off-by: Erik Michelson <erik@liltv.de>
| * Added endpoint for note-creation with given aliasErik Michelson2019-09-042-2/+4
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* | Updated forbiddenNoteIDsErik Michelson2019-09-181-1/+1
|/ | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* Merge pull request #168 from dargmuesli/fix/docker-secret-bufferSheogorath2019-09-031-1/+1
|\ | | | | Config: Return String Instead Of Buffer For Docker Secrets
| * Docker Secrets: Use Encoding Parameter DirectlyJonas Thelemann2019-09-031-1/+1
| | | | | | | | Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
| * Config: Return String Instead Of Buffer For Docker SecretsJonas Thelemann2019-09-031-1/+1
| | | | | | | | | | | | Prevents "TypeError: Cannot freeze array buffer views with elements". Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* | Docker Secrets: Correct Source PathJonas Thelemann2019-09-021-1/+1
|/ | | | Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* Merge pull request #32 from codimd/aws-endpointsSheogorath2019-09-022-2/+5
|\ | | | | make aws s3 endpoint configurable
| * make aws s3 endpoint configurableMathias Merscher2019-02-112-2/+5
| | | | | | | | Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
* | Add link to imprintMatthias Lindinger2019-08-261-0/+1
| | | | | | | | Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
* | Disable PDF export due to security issueSheogorath2019-08-151-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future. I hope you can live with this solution for this release because I'm super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix variable names for docker secretsSheogorath2019-08-151-5/+5
| | | | | | | | | | | | | | It seems like since we switched to camelcase we missed to update some variable names in the config section. This patch fixes those. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fix: migration should return promisechandi2019-08-123-18/+18
| | | | | | | | Signed-off-by: chandi <git@chandi.it>
* | Merge pull request #104 from SISheogorath/feature/dntSheogorath2019-07-201-2/+4
|\ \ | | | | | | Respect DNT header
| * | Respect DNT headerSheogorath2019-06-081-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do Not Track (DNT) is an old web standard in order to notify pages that the user doesn't want to be tracked. Even while a lot of pages either ignore this header or even worse, use it for tracking purposes, the orignal intention of this header is good and should be adopted. This patch implements a respect of the DNT header by no longer including the optional Google Analytics and disqus integrations when sending a DNT header. This should reduce outside resource usage and help to stay more private. This should later-on extended towards other document content (i.e. iframe based content). The reason to not change the CDN handling is that CDNs will be deprecated with next release and removed in long term. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #128 from dargmuesli/docker-secretsSheogorath2019-07-201-0/+1
|\ \ \ | | | | | | | | DB URL: Secret File Support
| * | | Docker Secrets: Add DB URL SupportJonas Thelemann2019-07-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | As the connection string may include a password it should be supported by Docker Secrets. Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* | | | Merge pull request #119 from lhw/patch-1Sheogorath2019-07-011-0/+2
|\ \ \ \ | |/ / / |/| | | Add SVG image detection based on file extension
| * | | Add SVG image detection based on file extensionLennart Weller2019-06-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add simple SVG image detecetion base on the file extension .svg. This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG. Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
* | | | fix: upgrade sequelize to latest version to fix CVEBoHong Li2019-06-115-745/+752
|/ / / | | | | | | | | | Signed-off-by: BoHong Li <a60814billy@gmail.com>
* / / Rework debug loggingSheogorath2019-06-0815-69/+54
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | We have various places with overly simple if statements that could be handled by our logging library. Also a lot of those logs are not marked as debug logs but as info logs, which can cause confusion during debugging. This patch removed unneeded if clauses around debug logging statements, reworks debug log messages towards ECMA templates and add some new logging statements which might be helpful in order to debug things like image uploads. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix eslint warningsSheogorath2019-05-3139-86/+94
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #82 from SISheogorath/fix/doubleCountSheogorath2019-05-261-0/+3
|\ \ | | | | | | Fix missing pictures for OpenID
| * | Fix missing pictures for OpenIDSheogorath2019-05-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently a problem appears when using OpenID for authentication as there is no method to add a profile picture right now. This patch makes sure that all undefined login methods get a profile picture. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Add config for toobusy middlewareSheogorath2019-05-253-0/+7
|/ / | | | | | | | | | | | | | | | | | | With very low CPU frequency or bad IO situation, as well as not-loaded JS CodiMD happens to present unneeded "I'm busy"-messages to users. This patch allows to configure the lag. The default is taken from the libray but set in our own default configs. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | polyfilling scrypt for node 8.5+Claudius2019-05-131-4/+13
| | | | | | | | Signed-off-by: Claudius <opensource@amenthes.de>
* | asyncified setting and verifying the passwordClaudius2019-05-132-11/+15
| | | | | | | | Signed-off-by: Claudius <opensource@amenthes.de>
* | getting password hashing into a hook where it could be asyncClaudius2019-05-131-6/+14
| | | | | | | | Signed-off-by: Claudius <opensource@amenthes.de>
* | Add lutim supportDylan Dervaux2019-04-104-3/+40
| | | | | | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* | Added a configuration option for passport-saml:Emmanuel Ormancey2019-04-064-1/+5
| | | | | | | | | | | | | | | | | | | | | | disableRequestedAuthnContext: true|false By default only Password authmethod is accepted, this option allows any other method. Issue and option described here: https://github.com/bergie/passport-saml/issues/226 Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
* | Hide port from minio URL for protocol default portThor772019-04-061-1/+3
| | | | | | | | Signed-off-by: Thor77 <thor77@thor77.org>
* | change default mode to "both" when clicking editStéphane Guillou2019-04-051-2/+2
| | | | | | | | | | | | | | | | | | | | Add "both" mode to URLs because I assume most people want to straight away see the code when they click the "edit" button in a published note. Fixes https://github.com/codimd/server/issues/27 Not tested, followed instructions from @ccoenen , please do review! :) Signed-off-by: Stéphane Guillou <stephane.guillou@member.fsf.org>
* | Merge pull request #7 from SISheogorath/feature/libravatarChristoph (Sheogorath) Kern2019-03-311-1/+1
|\ \ | | | | | | Use libravatar as drop-in replacement for gravatar
| * | Use libravatar as drop-in replacement for gravatarSheogorath2019-03-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since libravatar got a default fallback to Gravatar and in generell allows federated image hosting for avatars this shouldn't break any existing implementations. The federation functionality is not added yet. This would require to use the libravatar library. Details: https://wiki.libravatar.org/api/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>