| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Currently, when creating a note with content via the API, a title is only saved to the database after visiting the note with the browser. This commit makes sure that a title is saved at creation time.
Closes #306
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
|
|
|
|
| |
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.
This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f.
Signed-off-by: haslersn <sebastian.hasler@gmx.net>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |
| |
| |
| |
| |
| | |
in 3d1fab05
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |
| |
| |
| |
| |
| | |
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|/
|
|
|
|
|
| |
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
|
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
|
|
|
|
| |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
|
| |
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
|
|
| |
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.
Signed-off-by: Victor Berger <victor.berger@m4x.org>
|
|
|
|
|
|
| |
Backport of #345 to 1.x
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the currently broken redirect on login when people try
to access a site they have no access to, they are redirected to the main
page to log in. After a successful login they should be redirected to
the original note, but instead are redirect to the index page again.
This aptch fixes the typo that causes the behavior and brings people
back to the note they edited.
Thanks to @clvs7-gh on Github[1], who submitted the patch via email.
On their behalf I hereby submit the change.
[1]: https://github.com/clvs7-gh
Note: I had to ajust this patch to work properly.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
| |
This commit backport 856fc01fb9b30489b254f2ef9d29de80aa189118
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on how the system was setup, this bug lead to keep user's data
around even after a successful deletion of user'S account. This patch
will make sure the missing database constraints are implemented and
missed out deletions are executed.
This bug was introduced to insufficent testing after implementing the
feature initially. It was well tested, using the app process itself, but
the migrations where missed out. I'm currently not sure, if there was
also a change in how sequelize handles cassaded deletion, since I'm
unter the impression that before switching to sequelize 5, this feature
has worked. But I haven't verified this.
No matter what, the cleanup process is rather straight forward and will
be invoked on migration, but can also be done manually using the new
`bin/cleanup` script.
This change will result in a release 1.6.1.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]
There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]
Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.
[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3
Signed-off-by: ike <developer@ikewat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Linkify header style
|
| |
| |
| |
| | |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| |
| |
| | |
instead of doing it in the authentication source
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| | |
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
| |
| |
| |
| |
| |
| | |
Saving referer into session in SAML auth so passport can redirect correctly after SAML login.
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
|\ \
| |/
|/| |
First steps in refactoring the backend code
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Move postNote to NoteController and rename to createFromPost
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Because of circular import problems, this commit also moves the error messages from response.js to errors.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|/
|
|
| |
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.
This behavior can be enabled in config.json with:
```
"linkifyHeaderStyle": "gfm"
```
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:
```
ReferenceError: /codimd/public/views/error.ejs:5
3|
4| <head>
>> 5| <%- include codimd/head %>
6| <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
7| </head>
8|
/codimd/public/views/codimd/head.ejs:7
5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
6| <meta name="mobile-web-app-capable" content="yes">
>> 7| <% for (var og in opengraph) { %>
8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
at View.render (/codimd/node_modules/express/lib/view.js:135:8)
at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
at responseError (/codimd/lib/response.js:57:20)
at Object.errorNotFound (/codimd/lib/response.js:30:5)
at newNote (/codimd/lib/response.js:134:76)
at /codimd/lib/response.js:172:16
at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)
```
The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add customizable opengraph metadata for notes (see #40)
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| |
| |
| |
| | |
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|/
|
|
| |
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|\
| |
| | |
Added endpoint for note-creation with given alias
|
| |
| |
| |
| |
| |
| |
| | |
Known bugs/features:
- pushing towards an existing note results in an error 500
Signed-off-by: Erik Michelson <erik@liltv.de>
|