From 2f462f90d4608763e5cb9618ec80d939a679fe2e Mon Sep 17 00:00:00 2001 From: oupala Date: Wed, 1 Jul 2020 11:52:17 +0200 Subject: style: linting markdown files Linting markdown files according to default remark-lint configuration. Files inside the `public` directory were not linted. Signed-off-by: oupala --- docs/guides/auth/github.md | 36 ++++++------- docs/guides/auth/gitlab-self-hosted.md | 8 ++- docs/guides/auth/keycloak.md | 15 +++--- docs/guides/auth/ldap-AD.md | 41 --------------- docs/guides/auth/ldap-ad.md | 38 ++++++++++++++ docs/guides/auth/mattermost-self-hosted.md | 40 ++++++++------- docs/guides/auth/nextcloud.md | 36 ++++++------- docs/guides/auth/oauth.md | 20 ++++---- docs/guides/auth/saml-onelogin.md | 47 +++++++++-------- docs/guides/auth/saml.md | 70 +++++++++++++++----------- docs/guides/auth/twitter.md | 40 ++++++++------- docs/guides/migrate-etherpad.md | 27 +++++----- docs/guides/migrations-and-breaking-changes.md | 9 ++-- docs/guides/minio-image-upload.md | 7 ++- docs/guides/providing-terms.md | 11 ++-- docs/guides/s3-image-upload.md | 51 ++++++++----------- 16 files changed, 251 insertions(+), 245 deletions(-) delete mode 100644 docs/guides/auth/ldap-AD.md create mode 100644 docs/guides/auth/ldap-ad.md (limited to 'docs/guides') diff --git a/docs/guides/auth/github.md b/docs/guides/auth/github.md index d16b486f..dc46f74c 100644 --- a/docs/guides/auth/github.md +++ b/docs/guides/auth/github.md @@ -1,10 +1,11 @@ -Authentication guide - GitHub -=== +# Authentication guide - GitHub -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. Sign-in or sign-up for a GitHub account + 2. Navigate to developer settings in your GitHub account [here](https://github.com/settings/developers) and select the "OAuth Apps" tab + 3. Click on the **New OAuth App** button, to create a new OAuth App: ![create-oauth-app](../../images/auth/create-oauth-app.png) @@ -17,19 +18,20 @@ Authentication guide - GitHub ![application-page](../../images/auth/application-page.png) 6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables - * `config.json`: - ```js - { - "production": { - "github": { - "clientID": "3747d30eaccXXXXXXXXX", - "clientSecret": "2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX" - } + - `config.json`: + ```js + { + "production": { + "github": { + "clientID": "3747d30eaccXXXXXXXXX", + "clientSecret": "2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX" } } - ``` - * environment variables: - ```sh - CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX - CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX - ```` + } + ``` + + - environment variables: + ```sh + CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX + CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX + ```` diff --git a/docs/guides/auth/gitlab-self-hosted.md b/docs/guides/auth/gitlab-self-hosted.md index 8b6e6c70..62ce1122 100644 --- a/docs/guides/auth/gitlab-self-hosted.md +++ b/docs/guides/auth/gitlab-self-hosted.md @@ -1,7 +1,6 @@ -GitLab (self-hosted) -=== +# GitLab (self-hosted) -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. Sign in to your GitLab 2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required) @@ -14,10 +13,9 @@ GitLab (self-hosted) ![Application: HackMD](../../images/auth/gitlab-application-details.png) - 6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` -``` +```Dockerfile - CMD_DOMAIN=your.codimd.domain - CMD_URL_ADDPORT=true - CMD_PROTOCOL_USESSL=true diff --git a/docs/guides/auth/keycloak.md b/docs/guides/auth/keycloak.md index 437e01bf..cf667774 100644 --- a/docs/guides/auth/keycloak.md +++ b/docs/guides/auth/keycloak.md @@ -1,5 +1,4 @@ -Keycloak/Red Hat SSO (self-hosted) -=== +# Keycloak/Red Hat SSO (self-hosted) ## Prerequisites @@ -9,7 +8,7 @@ Where HTTPS is specified throughout, use HTTP instead. You may also have to spec ## Steps -1. Sign in to the administration portal for your Keycloak instance at https://keycloak.example.com/auth/admin/master/console +1. Sign in to the administration portal for your Keycloak instance at You may note that a separate realm is specified throughout this tutorial. It is best practice not to use the master realm, as it normally contains the realm-management client that federates access using the policies and permissions you can create. @@ -20,7 +19,7 @@ You may note that a separate realm is specified throughout this tutorial. It is --- -### Additional steps to circumvent generic OAuth2 issue: +### Additional steps to circumvent generic OAuth2 issue 1. Select Client Scopes from the sidebar, and begin to create a new client scope using the Create button. 2. Ensure that the **Name** field is set to `id`. @@ -29,9 +28,9 @@ You may note that a separate realm is specified throughout this tutorial. It is --- -6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` +5. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` -``` +```Dockerfile CMD_OAUTH2_USER_PROFILE_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/userinfo CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name @@ -46,5 +45,5 @@ CMD_PROTOCOL_USESSL=true CMD_URL_ADDPORT=false ``` -7. Run `docker-compose up -d` to apply your settings. -8. Sign in to your CodiMD using your Keycloak ID +6. Run `docker-compose up -d` to apply your settings. +7. Sign in to your CodiMD using your Keycloak ID diff --git a/docs/guides/auth/ldap-AD.md b/docs/guides/auth/ldap-AD.md deleted file mode 100644 index e74121f1..00000000 --- a/docs/guides/auth/ldap-AD.md +++ /dev/null @@ -1,41 +0,0 @@ -AD LDAP auth -=== - -To setup your CodiMD instance with Active Directory you need the following configs: - -``` -CMD_LDAP_URL=ldap://internal.example.com -CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com -CMD_LDAP_BINDCREDENTIALS= -CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com -CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) -CMD_LDAP_USERIDFIELD=sAMAccountName -CMD_LDAP_PROVIDERNAME=Example Inc AD -``` - - -`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* - -`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). - -*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` - -`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself. - -`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page. - - -Same in json: - -```json -"ldap": { - "url": "ldap://internal.example.com", - "bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com", - "bindCredentials": "", - "searchBase": "dc=internal,dc=example,dc=com", - "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))", - "useridField": "sAMAccountName", -}, -``` - -More details and example: https://www.npmjs.com/package/passport-ldapauth diff --git a/docs/guides/auth/ldap-ad.md b/docs/guides/auth/ldap-ad.md new file mode 100644 index 00000000..fa41346e --- /dev/null +++ b/docs/guides/auth/ldap-ad.md @@ -0,0 +1,38 @@ +# AD LDAP auth + +To setup your CodiMD instance with Active Directory you need the following configs: + +```env +CMD_LDAP_URL=ldap://internal.example.com +CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com +CMD_LDAP_BINDCREDENTIALS= +CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com +CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) +CMD_LDAP_USERIDFIELD=sAMAccountName +CMD_LDAP_PROVIDERNAME=Example Inc AD +``` + +`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* + +`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). + +*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` + +`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself. + +`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page. + +Same in json: + +```json +"ldap": { + "url": "ldap://internal.example.com", + "bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com", + "bindCredentials": "", + "searchBase": "dc=internal,dc=example,dc=com", + "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))", + "useridField": "sAMAccountName", +}, +``` + +More details and example: diff --git a/docs/guides/auth/mattermost-self-hosted.md b/docs/guides/auth/mattermost-self-hosted.md index d8280399..5085b4e7 100644 --- a/docs/guides/auth/mattermost-self-hosted.md +++ b/docs/guides/auth/mattermost-self-hosted.md @@ -1,15 +1,16 @@ -Authentication guide - Mattermost (self-hosted) -=== +# Authentication guide - Mattermost (self-hosted) **Note:** *The Mattermost setup portion of this document is just a quick guide. See the [official documentation](https://docs.mattermost.com/developer/oauth-2-0-applications.html) for more details.* This guide uses the generic OAuth2 module for compatibility with Mattermost version 5.0 and above. 1. Sign-in with an administrator account to your Mattermost instance + 2. Make sure **OAuth 2.0 Service Provider** is enabled in the Main Menu (menu button next to your username in the top left corner) --> System Console --> Custom Integrations menu, which you can find at `https://your.mattermost.domain/admin_console/integrations/custom` ![mattermost-enable-oauth2](../../images/auth/mattermost-enable-oauth2.png) 3. Navigate to the OAuth integration settings through Main Menu --> Integrations --> OAuth 2.0 Applications, at `https://your.mattermost.domain/yourteam/integrations/oauth2-apps` + 4. Click on the **Add OAuth 2.0 Application** button to add a new OAuth application ![mattermost-oauth-app-add](../../images/auth/mattermost-oauth-app-add.png) @@ -22,25 +23,26 @@ This guide uses the generic OAuth2 module for compatibility with Mattermost vers ![mattermost-oauth-app-done](../../images/auth/mattermost-oauth-app-done.png) 7. Add the Client ID and Client Secret to your config.json file or pass them as environment variables - * `config.json`: - ```javascript - { - "production": { - "oauth2": { - "baseURL": "https://your.mattermost.domain", - "userProfileURL": "https://your.mattermost.domain/api/v4/users/me", - "userProfileUsernameAttr": "id", - "userProfileDisplayNameAttr": "username", - "userProfileEmailAttr": "email", - "tokenURL": "https://your.mattermost.domain/oauth/access_token", - "authorizationURL": "https://your.mattermost.domain/oauth/authorize", - "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", - "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX" - } + - `config.json`: + ```javascript + { + "production": { + "oauth2": { + "baseURL": "https://your.mattermost.domain", + "userProfileURL": "https://your.mattermost.domain/api/v4/users/me", + "userProfileUsernameAttr": "id", + "userProfileDisplayNameAttr": "username", + "userProfileEmailAttr": "email", + "tokenURL": "https://your.mattermost.domain/oauth/access_token", + "authorizationURL": "https://your.mattermost.domain/oauth/authorize", + "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", + "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX" } } - ``` - * environment variables: + } + ``` + + - environment variables: ```sh CMD_OAUTH2_BASEURL=https://your.mattermost.domain CMD_OAUTH2_USER_PROFILE_URL=https://your.mattermost.domain/api/v4/users/me diff --git a/docs/guides/auth/nextcloud.md b/docs/guides/auth/nextcloud.md index 3bf86d31..8ce90ca9 100644 --- a/docs/guides/auth/nextcloud.md +++ b/docs/guides/auth/nextcloud.md @@ -1,5 +1,4 @@ -Authentication guide - Nextcloud (self-hosted) -=== +# Authentication guide - Nextcloud (self-hosted) *This has been constructed using the [Nextcloud OAuth2 Documentation](https://docs.nextcloud.com/server/14/admin_manual/configuration_server/oauth2.html?highlight=oauth2) combined with [this issue comment on the nextcloud bugtracker](https://github.com/nextcloud/server/issues/5694#issuecomment-314761326).* @@ -22,24 +21,25 @@ This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 an 5. That's it for Nextcloud, the rest is configured in your CodiMD `config.json` or via the `CMD_` environment variables! 6. Add the Client ID and Client Secret to your `config.json` file or pass them as environment variables. Make sure you also replace `` with the right domain name. - * `config.json`: - ```javascript - { - "production": { - "oauth2": { - "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", - "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX", - "authorizationURL": "https:///apps/oauth2/authorize", - "tokenURL": "https:///apps/oauth2/api/v1/token", - "userProfileURL": "https:///ocs/v2.php/cloud/user?format=json", - "userProfileUsernameAttr": "ocs.data.id", - "userProfileDisplayNameAttr": "ocs.data.display-name", - "userProfileEmailAttr": "ocs.data.email" - } + - `config.json`: + ```javascript + { + "production": { + "oauth2": { + "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", + "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX", + "authorizationURL": "https:///apps/oauth2/authorize", + "tokenURL": "https:///apps/oauth2/api/v1/token", + "userProfileURL": "https:///ocs/v2.php/cloud/user?format=json", + "userProfileUsernameAttr": "ocs.data.id", + "userProfileDisplayNameAttr": "ocs.data.display-name", + "userProfileEmailAttr": "ocs.data.email" } } - ``` - * environment variables: + } + ``` + + - environment variables: ```sh CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX diff --git a/docs/guides/auth/oauth.md b/docs/guides/auth/oauth.md index 46314e26..de2ca20a 100644 --- a/docs/guides/auth/oauth.md +++ b/docs/guides/auth/oauth.md @@ -1,12 +1,12 @@ # OAuth general information -| service | callback URL (after the server URL) | -| ------- | --------- | -| facebook | `/auth/facebook/callback` | -| twitter | `/auth/twitter/callback` | -| github | `/auth/github/callback` | -| gitlab | `/auth/gitlab/callback` | -| mattermost | `/auth/mattermost/callback` | -| dropbox | `/auth/dropbox/callback` | -| google | `/auth/google/callback` | -| saml | `/auth/saml/callback` | +| service | callback URL (after the server URL) | +| ---------- | ----------------------------------- | +| facebook | `/auth/facebook/callback` | +| twitter | `/auth/twitter/callback` | +| github | `/auth/github/callback` | +| gitlab | `/auth/gitlab/callback` | +| mattermost | `/auth/mattermost/callback` | +| dropbox | `/auth/dropbox/callback` | +| google | `/auth/google/callback` | +| saml | `/auth/saml/callback` | diff --git a/docs/guides/auth/saml-onelogin.md b/docs/guides/auth/saml-onelogin.md index 785e36ba..46134e60 100644 --- a/docs/guides/auth/saml-onelogin.md +++ b/docs/guides/auth/saml-onelogin.md @@ -1,10 +1,11 @@ -Authentication guide - SAML (OneLogin) -=== +# Authentication guide - SAML (OneLogin) **Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* 1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks) + 2. Go to the administration page. + 3. Select the **APPS** menu and click on the **Add Apps**. ![onelogin-add-app](../../images/auth/onelogin-add-app.png) @@ -15,34 +16,40 @@ Authentication guide - SAML (OneLogin) ![onelogin-edit-app-name](../../images/auth/onelogin-edit-app-name.png) 6. After that other tabs will appear, click the **Configuration**, and fill out the below items, and click **SAVE**. - * RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed) - * ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback) - * ACS (Consumer) URL: same as above. - * Login URL: login URL(SAML requester) of your CopiMD. (serverurl + /auth/saml) - ![onelogin-edit-sp-metadata](../../images/auth/onelogin-edit-sp-metadata.png) + - RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed) + + - ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback) + + - ACS (Consumer) URL: same as above. + + - Login URL: login URL(SAML requester) of your CopiMD. (serverurl + /auth/saml) + ![onelogin-edit-sp-metadata](../../images/auth/onelogin-edit-sp-metadata.png) 7. The registration is completed. Next, click **SSO** and copy or download the items below. - * X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A) - * SAML 2.0 Endpoint (HTTP): Copy the URL ....(B) - ![onelogin-copy-idp-metadata](../../images/auth/onelogin-copy-idp-metadata.png) + - X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A) + + - SAML 2.0 Endpoint (HTTP): Copy the URL ....(B) + ![onelogin-copy-idp-metadata](../../images/auth/onelogin-copy-idp-metadata.png) 8. In your CodiMD server, create IdP certificate file from (A) 9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables. - * `config.json`: - ```javascript - { - "production": { - "saml": { - "idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******", - "idpCert": "/path/to/idp_cert.pem" - } + - `config.json`: + ```javascript + { + "production": { + "saml": { + "idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******", + "idpCert": "/path/to/idp_cert.pem" } } - ``` - * environment variables + } + ``` + + - environment variables ```sh CMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/****** CMD_SAML_IDPCERT=/path/to/idp_cert.pem ``` + 10. Try sign-in with SAML from your CodiMD sign-in button or OneLogin dashboard (like the screenshot below). ![onelogin-use-dashboard](../../images/auth/onelogin-use-dashboard.png) diff --git a/docs/guides/auth/saml.md b/docs/guides/auth/saml.md index 3a64f5f7..3b8291b7 100644 --- a/docs/guides/auth/saml.md +++ b/docs/guides/auth/saml.md @@ -1,19 +1,21 @@ -Authentication guide - SAML -=== +# Authentication guide - SAML -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below. -* If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. - * {{your-serverurl}}/auth/saml/metadata - * _Note: If not accessible from IdP, download to local once and upload to IdP._ -* Change the value of `issuer`, `identifierFormat` to match your IdP. - * `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default - * `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. - * urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) - * urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - * `config.json`: +- If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. + - {{your-serverurl}}/auth/saml/metadata + - *Note:* If not accessible from IdP, download to local once and upload to IdP. + +- Change the value of `issuer`, `identifierFormat` to match your IdP. + - `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default + + - `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) + - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + - `config.json`: ```javascript { "production": { @@ -25,19 +27,24 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables - ``` + + - environment variables + ```env CMD_SAML_ISSUER=mycodimd CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ``` -* Change mapping of attribute names to customize the displaying user name and email address to match your IdP. - * `attribute`: A dictionary to map attribute names - * `attribute.id`: A primary key of user table for your CodiMD - * `attribute.username`: Attribute name of displaying user name on CodiMD - * `attribute.email`: Attribute name of email address, which will be also used for Gravatar - * _Note: Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default._ - * `config.json`: +- Change mapping of attribute names to customize the displaying user name and email address to match your IdP. + - `attribute`: A dictionary to map attribute names + + - `attribute.id`: A primary key of user table for your CodiMD + + - `attribute.username`: Attribute name of displaying user name on CodiMD + + - `attribute.email`: Attribute name of email address, which will be also used for Gravatar + - *Note:* Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default. + + - `config.json`: ```javascript { "production": { @@ -52,19 +59,23 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables + + - environment variables ```sh CMD_SAML_ATTRIBUTE_ID=sAMAccountName CMD_SAML_ATTRIBUTE_USERNAME=nickName CMD_SAML_ATTRIBUTE_EMAIL=mail ``` -* If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). - * `groupAttribute`: An attribute name of group membership - * `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. - * `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. - * _Note: Evaluates `externalGroups` first_ - * `config.json`: +- If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). + - `groupAttribute`: An attribute name of group membership + + - `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. + + - `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. + - *Note:* Evaluates `externalGroups` first + + - `config.json`: ```javascript { "production": { @@ -77,7 +88,8 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables + + - environment variables ```sh CMD_SAML_GROUPATTRIBUTE=memberOf CMD_SAML_REQUIREDGROUPS=codimd-users|board-members diff --git a/docs/guides/auth/twitter.md b/docs/guides/auth/twitter.md index 1973515c..5e709bb4 100644 --- a/docs/guides/auth/twitter.md +++ b/docs/guides/auth/twitter.md @@ -1,17 +1,18 @@ -Authentication guide - Twitter -=== +# Authentication guide - Twitter -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. Sign-in or sign-up for a Twitter account + 2. Go to the Twitter Application management page [here](https://apps.twitter.com/) + 3. Click on the **Create New App** button to create a new Twitter app: ![create-twitter-app](../../images/auth/create-twitter-app.png) 4. Fill out the create application form, check the developer agreement box, and click **Create Your Twitter Application** ![register-twitter-application](../../images/auth/register-twitter-application.png) - *Note: you may have to register your phone number with Twitter to create a Twitter application* + *Note:* you may have to register your phone number with Twitter to create a Twitter application To do this Click your profile icon --> Settings and privacy --> Mobile --> Select Country/region --> Enter phone number --> Click Continue @@ -21,20 +22,21 @@ Authentication guide - Twitter 6. Obtain your Twitter Consumer Key and Consumer Secret ![twitter-app-keys](../../images/auth/twitter-app-keys.png) -7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables: - * `config.json`: - ```javascript - { - "production": { - "twitter": { - "consumerKey": "esTCJFXXXXXXXXXXXXXXXXXXX", - "consumerSecret": "zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - } +7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables: + - `config.json`: + ```javascript + { + "production": { + "twitter": { + "consumerKey": "esTCJFXXXXXXXXXXXXXXXXXXX", + "consumerSecret": "zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } } - ``` - * environment variables: - ```sh - CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX - CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - ``` + } + ``` + + - environment variables: + ```sh + CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX + CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + ``` diff --git a/docs/guides/migrate-etherpad.md b/docs/guides/migrate-etherpad.md index 914a240d..b501d9ac 100644 --- a/docs/guides/migrate-etherpad.md +++ b/docs/guides/migrate-etherpad.md @@ -1,5 +1,4 @@ -Pad migration guide from etherpad-lite -=== +# Pad migration guide from etherpad-lite The goal of this migration is to do a "dumb" import from all the pads in Etherpad, to notes in CodiMD. In particular, the url locations of the pads in Etherpad will be lost. Furthermore, any @@ -9,19 +8,14 @@ to CodiMD (only the plain text contents). Note that this guide is not really meant as a support guide. I migrated my own Etherpad to CodiMD, and it turned out to be quite easy in my opinion. In this guide I share my experience. Stuff may require some creativity to work properly in your case. When I wrote this guide, I was using -[Etherpad 1.7.0] and [CodiMD 1.2.1]. Good luck! - -[Etherpad 1.7.0]: https://github.com/ether/etherpad-lite/tree/1.7.0 -[CodiMD 1.2.1]: https://github.com/codimd/server/tree/1.2.1 +[etherpad 1.7.0][] and [codimd 1.2.1][]. Good luck! ## 0. Requirements - `curl` - running Etherpad server - running CodiMD server -- [codimd-cli] - -[codimd-cli]: https://github.com/codimd/cli/blob/master/bin/codimd +- [codimd-cli][] ## 1. Retrieve the list of pads @@ -32,7 +26,7 @@ database][howtolistallpads]. You will end up with a file containing a pad name on each line: -``` +```bash date-ideas groceries london @@ -40,11 +34,9 @@ weddingchecklist (...) ``` -[howtolistallpads]: https://github.com/ether/etherpad-lite/wiki/How-to-list-all-pads/49701ecdcbe07aea7ad27ffa23aed0d99c2e17db - ## 2. Run the migration -Download [codimd-cli] and put the script in the same directory as the file containing the pad names. +Download [codimd-cli][] and put the script in the same directory as the file containing the pad names. Add to this directory the file listed below, I called it `migrate-etherpad.sh`. Modify at least the configuration settings `ETHERPAD_SERVER` and `CODIMD_SERVER`. @@ -102,7 +94,7 @@ etherpad using a `301 Permanent Redirect` status code (see the next section). I got a `redirects.txt` file that looked a bit like this: -``` +```log date-ideas -> Found. Redirecting to https://codimd.example.com/mPt0KfiKSBOTQ3mNcdfn groceries -> Found. Redirecting to https://codimd.example.com/UukqgwLfhYyUUtARlcJ2_y london -> Found. Redirecting to https://codimd.example.com/_d3wa-BE8t4Swv5w7O2_9R @@ -112,7 +104,7 @@ weddingchecklist -> Found. Redirecting to https://codimd.example.com/XcQGqlBjl0u Using some `sed` magic, I changed it to an nginx config snippet: -``` +```nginx location = /p/date-ideas { return 301 https://codimd.example.com/mPt0M1KfiKSBOTQ3mNcdfn; } @@ -129,3 +121,8 @@ location = /p/weddingchecklist { I put this file into my `etherpad.example.com` nginx config, such that all the users would be redirected accordingly. + +[etherpad 1.7.0]: https://github.com/ether/etherpad-lite/tree/1.7.0 +[codimd 1.2.1]: https://github.com/codimd/server/tree/1.2.1 +[codimd-cli]: https://github.com/codimd/cli/blob/master/bin/codimd +[howtolistallpads]: https://github.com/ether/etherpad-lite/wiki/How-to-list-all-pads/49701ecdcbe07aea7ad27ffa23aed0d99c2e17db diff --git a/docs/guides/migrations-and-breaking-changes.md b/docs/guides/migrations-and-breaking-changes.md index ef65db1c..593af446 100644 --- a/docs/guides/migrations-and-breaking-changes.md +++ b/docs/guides/migrations-and-breaking-changes.md @@ -1,5 +1,4 @@ -Migrations and Notable Changes -=== +# Migrations and Notable Changes ## Migrating to 1.4.0 @@ -12,11 +11,11 @@ repository, you may need to update a few urls. This is not a breaking change. See more at [issue #10](https://github.com/codimd/server/issues/10) -**Native setup using git:** +### Native setup using git Change the upstream remote using `git remote set-url origin https://github.com/codimd/server.git`. -**Docker:** +### Docker When you use our [container repository](https://github.com/codimd/container) (which was previously `codimd-container`) all you can simply run `git pull` and @@ -25,7 +24,7 @@ your `docker-compose.yml` will be updated. When you setup things yourself, make sure you use the new image: [`quay.io/codimd/server`](https://quay.io/repository/codimd/server?tab=tags). -**Heroku:** +### Heroku All you need to do is [disconnect GitHub](https://devcenter.heroku.com/articles/github-integration#disconnecting-from-github) and [reconnect it](https://devcenter.heroku.com/articles/github-integration#enabling-github-integration) diff --git a/docs/guides/minio-image-upload.md b/docs/guides/minio-image-upload.md index 258b0d90..d20dbf4a 100644 --- a/docs/guides/minio-image-upload.md +++ b/docs/guides/minio-image-upload.md @@ -1,7 +1,6 @@ -Minio Guide for CodiMD -=== +# Minio Guide for CodiMD -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. First of all you need to setup Minio itself. @@ -24,7 +23,7 @@ Minio Guide for CodiMD ![docker logs](../images/minio-image-upload/docker-logs.png) -3. Open http://localhost:9000 and login with the shown credentials. +3. Open and login with the shown credentials. ![minio default view](../images/minio-image-upload/default-view.png) diff --git a/docs/guides/providing-terms.md b/docs/guides/providing-terms.md index 73de2b37..c9330735 100644 --- a/docs/guides/providing-terms.md +++ b/docs/guides/providing-terms.md @@ -1,5 +1,6 @@ -Setup your terms of use -=== +# How to set up your terms of use + +## Setup your terms of use To setup your terms of use, you need to provide a document called `terms-of-use.md` which contains them. Of course written in Markdown. @@ -7,8 +8,7 @@ It has to be provided under `./public/docs/` and will be automatically turned in As soon as the file exists a link will show up in the bottom part along with the release notes and link to them. -Setup your privacy policy -=== +## Setup your privacy policy To add a privacy policy you can use the same technique as for the terms of use. The main difference is that the document is called `privacy.md`. @@ -16,8 +16,7 @@ See our example file `./public/docs/privacy.md.example` container some useful hi As with the terms of use, a link to the privacy notices will show up in the area where the release notes are provided on the index page. -Setup your imprint -=== +## Setup your imprint To add an imprint you can use the same technique as for the terms of use. The main difference is that the document is called `imprint.md`. diff --git a/docs/guides/s3-image-upload.md b/docs/guides/s3-image-upload.md index 7ca8dd12..cb3ae79f 100644 --- a/docs/guides/s3-image-upload.md +++ b/docs/guides/s3-image-upload.md @@ -1,19 +1,15 @@ -Guide - Setup CodiMD S3 image upload -=== +# Guide - Setup CodiMD S3 image upload **Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* 1. Go to [AWS S3 console](https://console.aws.amazon.com/s3/home) and create a new bucket. - - ![create-bucket](../images/s3-image-upload/create-bucket.png) + ![create-bucket](../images/s3-image-upload/create-bucket.png) 2. Click on bucket, select **Properties** on the side panel, and find **Permission** section. Click **Edit bucket policy**. - - ![bucket-property](../images/s3-image-upload/bucket-property.png) + ![bucket-property](../images/s3-image-upload/bucket-property.png) 3. Enter the following policy, replace `bucket_name` with your bucket name: - - ![bucket-policy-editor](../images/s3-image-upload/bucket-policy-editor.png) + ![bucket-policy-editor](../images/s3-image-upload/bucket-policy-editor.png) ```json { @@ -32,16 +28,13 @@ Guide - Setup CodiMD S3 image upload 4. Go to IAM console and create a new IAM user. Remember your user credentials(`key`/`access token`) 5. Enter user page, select **Permission** tab, look at **Inline Policies** section, and click **Create User Policy** - - ![iam-user](../images/s3-image-upload/iam-user.png) + ![iam-user](../images/s3-image-upload/iam-user.png) 6. Select **Custom Policy** - - ![custom-policy](../images/s3-image-upload/custom-policy.png) + ![custom-policy](../images/s3-image-upload/custom-policy.png) 7. Enter the following policy, replace `bucket_name` with your bucket name: - - ![review-policy](../images/s3-image-upload/review-policy.png) + ![review-policy](../images/s3-image-upload/review-policy.png) ```json { @@ -62,23 +55,23 @@ Guide - Setup CodiMD S3 image upload 8. Edit `config.json` and set following keys: - ```javascript - { - "production": { - ... - "imageuploadtype": "s3", - "s3": { - "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", - "secretAccessKey": "YOUR_S3_ACCESS_KEY", - "region": "YOUR_S3_REGION" // example: ap-northeast-1 - }, - "s3bucket": "YOUR_S3_BUCKET_NAME" - } - } - ``` + ```javascript + { + "production": { + ... + "imageuploadtype": "s3", + "s3": { + "accessKeyId": "YOUR_S3_ACCESS_KEY_ID", + "secretAccessKey": "YOUR_S3_ACCESS_KEY", + "region": "YOUR_S3_REGION" // example: ap-northeast-1 + }, + "s3bucket": "YOUR_S3_BUCKET_NAME" + } + } + ``` 9. In additional to edit `config.json` directly, you could also try [environment variables](../configuration-env-vars.md). ## Related Tools -* [AWS Policy Generator](http://awspolicygen.s3.amazonaws.com/policygen.html) +- [AWS Policy Generator](http://awspolicygen.s3.amazonaws.com/policygen.html) -- cgit v1.2.3