mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 17:26:29 -05:00
Fix GitLab snippet export
The snippet export broke due to two reasons. First of all, the request to GitLab fail in the default configuration due to the CSP not being set properly. This commit adds the configured GitLab base url to the connect-src directives. The second problem is a change in the GitLab API spec. Instead of `code` and `file_name` the GitLab API now requires an `files` array with `content` and `file_path` entries per snippet. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
parent
0195f16d9a
commit
0093aa4783
5 changed files with 40 additions and 37 deletions
|
@ -50,6 +50,10 @@ const allowPDFEmbedDirectives = {
|
||||||
frameSrc: ['*'] // Chrome also checks PDFs against frame-src
|
frameSrc: ['*'] // Chrome also checks PDFs against frame-src
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const configuredGitLabInstanceDirectives = {
|
||||||
|
connectSrc: [config.gitlab.baseURL]
|
||||||
|
}
|
||||||
|
|
||||||
CspStrategy.computeDirectives = function () {
|
CspStrategy.computeDirectives = function () {
|
||||||
const directives = {}
|
const directives = {}
|
||||||
mergeDirectives(directives, config.csp.directives)
|
mergeDirectives(directives, config.csp.directives)
|
||||||
|
@ -59,6 +63,7 @@ CspStrategy.computeDirectives = function () {
|
||||||
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
|
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
|
||||||
mergeDirectivesIf(!config.csp.allowFraming, directives, disallowFramingDirectives)
|
mergeDirectivesIf(!config.csp.allowFraming, directives, disallowFramingDirectives)
|
||||||
mergeDirectivesIf(config.csp.allowPDFEmbed, directives, allowPDFEmbedDirectives)
|
mergeDirectivesIf(config.csp.allowPDFEmbed, directives, allowPDFEmbedDirectives)
|
||||||
|
mergeDirectivesIf(config.isGitlabSnippetsEnable, directives, configuredGitLabInstanceDirectives)
|
||||||
addInlineScriptExceptions(directives)
|
addInlineScriptExceptions(directives)
|
||||||
addUpgradeUnsafeRequestsOptionTo(directives)
|
addUpgradeUnsafeRequestsOptionTo(directives)
|
||||||
addReportURI(directives)
|
addReportURI(directives)
|
||||||
|
|
|
@ -156,9 +156,13 @@ function gitlabActionProjects (req, res, note) {
|
||||||
if (!user) {
|
if (!user) {
|
||||||
return errors.errorNotFound(res)
|
return errors.errorNotFound(res)
|
||||||
}
|
}
|
||||||
const ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version }
|
const ret = {
|
||||||
ret.accesstoken = user.accessToken
|
baseURL: config.gitlab.baseURL,
|
||||||
ret.profileid = user.profileid
|
version: config.gitlab.version,
|
||||||
|
accesstoken: user.accessToken,
|
||||||
|
profileid: user.profileid,
|
||||||
|
projects: []
|
||||||
|
}
|
||||||
const apiUrl = `${config.gitlab.baseURL}/api/${config.gitlab.version}/projects?membership=yes&per_page=100&access_token=${user.accessToken}`
|
const apiUrl = `${config.gitlab.baseURL}/api/${config.gitlab.version}/projects?membership=yes&per_page=100&access_token=${user.accessToken}`
|
||||||
fetch(apiUrl).then(resp => {
|
fetch(apiUrl).then(resp => {
|
||||||
if (!resp.ok) {
|
if (!resp.ok) {
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
- Fix error that Libravatar user avatars were not shown when using OAuth2 login
|
- Fix error that Libravatar user avatars were not shown when using OAuth2 login
|
||||||
- Fix `bin/manage_users` not accepting numeric passwords (thanks to [@carr0t2](https://github.com/carr0t2) for reporting)
|
- Fix `bin/manage_users` not accepting numeric passwords (thanks to [@carr0t2](https://github.com/carr0t2) for reporting)
|
||||||
- Fix visibility of modals for screen readers
|
- Fix visibility of modals for screen readers
|
||||||
|
- Fix GitLab snippet export (thanks to [@semjongeist](https://github.com/semjongeist) for reporting)
|
||||||
- Fix missing inline authorship colors (thanks to [@EBendinelli](https://github.com/EBendinelli) for reporting)
|
- Fix missing inline authorship colors (thanks to [@EBendinelli](https://github.com/EBendinelli) for reporting)
|
||||||
|
|
||||||
### Enhancements
|
### Enhancements
|
||||||
|
|
|
@ -1921,9 +1921,12 @@ $('#snippetExportModalConfirm').click(function () {
|
||||||
|
|
||||||
const data = {
|
const data = {
|
||||||
title: $('#snippetExportModalTitle').val(),
|
title: $('#snippetExportModalTitle').val(),
|
||||||
file_name: $('#snippetExportModalFileName').val(),
|
files: [
|
||||||
code: editor.getValue(),
|
{
|
||||||
visibility_level: $('#snippetExportModalVisibility').val(),
|
file_path: $('#snippetExportModalFileName').val(),
|
||||||
|
content: editor.getValue()
|
||||||
|
}
|
||||||
|
],
|
||||||
visibility:
|
visibility:
|
||||||
$('#snippetExportModalVisibility').val() === '0'
|
$('#snippetExportModalVisibility').val() === '0'
|
||||||
? 'private'
|
? 'private'
|
||||||
|
@ -1934,40 +1937,27 @@ $('#snippetExportModalConfirm').click(function () {
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!data.title ||
|
!data.title ||
|
||||||
!data.file_name ||
|
!data.files[0].file_path ||
|
||||||
!data.code ||
|
!data.files[0].content ||
|
||||||
!data.visibility_level ||
|
|
||||||
!$('#snippetExportModalProjects').val()
|
!$('#snippetExportModalProjects').val()
|
||||||
) { return }
|
) { return }
|
||||||
$('#snippetExportModalLoading').show()
|
$('#snippetExportModalLoading').show()
|
||||||
const fullURL =
|
const fullURL = `${baseURL}/api/${version}/projects/${$('#snippetExportModalProjects').val()}/snippets?access_token=${accesstoken}`
|
||||||
baseURL +
|
$.ajax(fullURL, {
|
||||||
'/api/' +
|
data: JSON.stringify(data),
|
||||||
version +
|
contentType: 'application/json',
|
||||||
'/projects/' +
|
type: 'POST',
|
||||||
$('#snippetExportModalProjects').val() +
|
success: function (ret) {
|
||||||
'/snippets?access_token=' +
|
|
||||||
accesstoken
|
|
||||||
$.post(fullURL, data, function (ret) {
|
|
||||||
$('#snippetExportModalLoading').hide()
|
$('#snippetExportModalLoading').hide()
|
||||||
$('#snippetExportModal').modal('hide')
|
$('#snippetExportModal').modal('hide')
|
||||||
const redirect =
|
|
||||||
baseURL +
|
|
||||||
'/' +
|
|
||||||
$(
|
|
||||||
"#snippetExportModalProjects option[value='" +
|
|
||||||
$('#snippetExportModalProjects').val() +
|
|
||||||
"']"
|
|
||||||
).text() +
|
|
||||||
'/snippets/' +
|
|
||||||
ret.id
|
|
||||||
showMessageModal(
|
showMessageModal(
|
||||||
'<i class="fa fa-gitlab"></i> Export to Snippet',
|
'<i class="fa fa-gitlab"></i> Export to Snippet',
|
||||||
'Export Successful!',
|
'Export Successful!',
|
||||||
redirect,
|
ret.web_url,
|
||||||
'View Snippet Here',
|
'View Snippet Here',
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
|
}
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,9 @@ describe('Content security policies', function () {
|
||||||
},
|
},
|
||||||
dropbox: {
|
dropbox: {
|
||||||
appKey: undefined
|
appKey: undefined
|
||||||
|
},
|
||||||
|
gitlab: {
|
||||||
|
baseURL: undefined
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue