github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 03:06:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #596 from hedgedoc/remove-pdf-export-code

Browse source 
Remove pdf export code
This commit is contained in:
David Mehren 2020-11-27 18:31:19 +01:00 committed by GitHub
commit 61f54db63e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 4 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app.js
View file

@ -191,7 +191,6 @@ app.locals.serverURL = config.serverURL
app.locals.sourceURL = config.sourceURL app.locals.sourceURL = config.sourceURL
app.locals.allowAnonymous = config.allowAnonymous app.locals.allowAnonymous = config.allowAnonymous
app.locals.allowAnonymousEdits = config.allowAnonymousEdits app.locals.allowAnonymousEdits = config.allowAnonymousEdits
app.locals.allowPDFExport = config.allowPDFExport
app.locals.authProviders = { app.locals.authProviders = {
facebook: config.isFacebookEnable, facebook: config.isFacebookEnable,
twitter: config.isTwitterEnable, twitter: config.isTwitterEnable,

4
app.json
View file

@ -143,10 +143,6 @@
"CMD_IMGUR_CLIENTID": { "CMD_IMGUR_CLIENTID": {
"description": "Imgur API client id", "description": "Imgur API client id",
"required": false "required": false
},
"CMD_ALLOW_PDF_EXPORT": {
"description": "Enable or disable PDF exports",
"required": false
} }
}, },
"addons": [ "addons": [

1
docs/configuration.md
View file

@ -22,7 +22,6 @@ to `config.json` before filling in your own details.
| config file | environment | **default** and example value | description | | config file | environment | **default** and example value | description |
| ------------------- | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ------------------- | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `allowPDFExport` | `CMD_ALLOW_PDF_EXPORT` | **`true`** or `false` | Enable or disable PDF exports |
| | `CMD_CONFIG_FILE` | **no default**, `/path/to/config.json` | optional override for the path to HedgeDoc's config file | | | `CMD_CONFIG_FILE` | **no default**, `/path/to/config.json` | optional override for the path to HedgeDoc's config file |
| `db` | | **`undefined`**, `{ "dialect": "sqlite", "storage": "./db.hedgedoc.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) | | `db` | | **`undefined`**, `{ "dialect": "sqlite", "storage": "./db.hedgedoc.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) |
| `dbURL` | `CMD_DB_URL` | **`undefined`**, `mysql://localhost:3306/database` | Set the db in URL style. If set, then the relevant `db` config entries will be overridden. | | `dbURL` | `CMD_DB_URL` | **`undefined`**, `mysql://localhost:3306/database` | Set the db in URL style. If set, then the relevant `db` config entries will be overridden. |

1
docs/dev/api.md
View file

@ -13,7 +13,6 @@ You have to replace *\<NOTE\>* with either the alias or id of a note you want to
| `/new` | `POST` | **Imports some markdown data into a new note.**<br>A random id will be assigned and the content will equal to the body of the received HTTP-request. The `Content-Type: text/markdown` header should be set on this request. | | `/new` | `POST` | **Imports some markdown data into a new note.**<br>A random id will be assigned and the content will equal to the body of the received HTTP-request. The `Content-Type: text/markdown` header should be set on this request. |
| `/new/<ALIAS>` | `POST` | **Imports some markdown data into a new note with a given alias.**<br>This endpoint equals to the above one except that the alias from the url will be assigned to the note if [FreeURL-mode](../configuration-env-vars.md#users-and-privileges) is enabled. | | `/new/<ALIAS>` | `POST` | **Imports some markdown data into a new note with a given alias.**<br>This endpoint equals to the above one except that the alias from the url will be assigned to the note if [FreeURL-mode](../configuration-env-vars.md#users-and-privileges) is enabled. |
| `/<NOTE>/download` or `/s/<SHORT-ID>/download` | `GET` | **Returns the raw markdown content of a note.** | | `/<NOTE>/download` or `/s/<SHORT-ID>/download` | `GET` | **Returns the raw markdown content of a note.** |
| `/<NOTE>/pdf` | `GET` | **Returns a generated pdf version of the note.**<br>If pdf-support is disabled, a HTTP 403 will be returned.<br>*Please note: Currently pdf export is disabled generally because of a security problem with it.* |
| `/<NOTE>/publish` | `GET` | **Redirects to the published version of the note.** | | `/<NOTE>/publish` | `GET` | **Redirects to the published version of the note.** |
| `/<NOTE>/slide` | `GET` | **Redirects to the slide-presentation of the note.**<br>This is only useful on notes which are designed to be slides. | | `/<NOTE>/slide` | `GET` | **Redirects to the slide-presentation of the note.**<br>This is only useful on notes which are designed to be slides. |
| `/<NOTE>/info` | `GET` | **Returns metadata about the note.**<br>This includes the title and description of the note as well as the creation date and viewcount. The data is returned as a JSON object. | | `/<NOTE>/info` | `GET` | **Returns metadata about the note.**<br>This includes the title and description of the note as well as the creation date and viewcount. The data is returned as a JSON object. |

23
docs/dev/openapi.yml
View file

@ -89,29 +89,6 @@ paths:
'text/plain': 'text/plain':
example: my-note example: my-note
/{note}/pdf:
get:
tags:
- note
summary: Returns a generated pdf version of the note.
description: 'If pdf-support is disabled, a HTTP 403 will be returned.<br>_Please note: Currently pdf export is disabled generally because of a security problem with it._'
responses:
200:
description: The generated pdf version of the note
content:
'application/pdf':
example: binary
404:
description: Note does not exist
parameters:
- name: note
in: path
required: true
description: The note which should be exported as pdf
content:
'text/plain':
example: my-note
/{note}/publish: /{note}/publish:
get: get:
tags: tags:

2
docs/setup/docker-linuxserver.md
View file

@ -2,7 +2,7 @@
[![LinuxServer.io Discord](https://img.shields.io/discord/354974912613449730.svg?logo=discord&label=LSIO%20Discord&style=flat-square)](https://discord.gg/YWrKVTn)[![container version badge](https://images.microbadger.com/badges/version/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")[![container image size badge](https://images.microbadger.com/badges/image/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/codimd.svg)![Docker Stars](https://img.shields.io/docker/stars/linuxserver/codimd.svg)[![Build Status](https://ci.linuxserver.io/buildStatus/icon?job=Docker-Pipeline-Builders/docker-codimd/master)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-codimd/job/master/)[![LinuxServer.io CI summary](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/badge.svg)](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/index.html) [![LinuxServer.io Discord](https://img.shields.io/discord/354974912613449730.svg?logo=discord&label=LSIO%20Discord&style=flat-square)](https://discord.gg/YWrKVTn)[![container version badge](https://images.microbadger.com/badges/version/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")[![container image size badge](https://images.microbadger.com/badges/image/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/codimd.svg)![Docker Stars](https://img.shields.io/docker/stars/linuxserver/codimd.svg)[![Build Status](https://ci.linuxserver.io/buildStatus/icon?job=Docker-Pipeline-Builders/docker-codimd/master)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-codimd/job/master/)[![LinuxServer.io CI summary](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/badge.svg)](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/index.html)
[LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf which supports PDF export from all architectures using [PhantomJS](https://phantomjs.org/). [LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf.
- It supports all the environment variables detailed in the [configuration documentation](../configuration-env-vars.md) to modify it according to your needs. - It supports all the environment variables detailed in the [configuration documentation](../configuration-env-vars.md) to modify it according to your needs.
- It gets rebuilt on new releases from HedgeDoc and also weekly if necessary to update any other package changes in the underlying container, making it easy to keep your HedgeDoc instance up to date. - It gets rebuilt on new releases from HedgeDoc and also weekly if necessary to update any other package changes in the underlying container, making it easy to keep your HedgeDoc instance up to date.

1
lib/config/default.js
View file

@ -160,7 +160,6 @@ module.exports = {
email: true, email: true,
allowEmailRegister: true, allowEmailRegister: true,
allowGravatar: true, allowGravatar: true,
allowPDFExport: true,
openID: false, openID: false,
// linkifyHeaderStyle - How is a header text converted into a link id. // linkifyHeaderStyle - How is a header text converted into a link id.
// Header Example: "3.1. Good Morning my Friend! - Do you have 5$?" // Header Example: "3.1. Good Morning my Friend! - Do you have 5$?"

1
lib/config/environment.js
View file

@ -140,7 +140,6 @@ module.exports = {
email: toBooleanConfig(process.env.CMD_EMAIL), email: toBooleanConfig(process.env.CMD_EMAIL),
allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER), allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR), allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT),
openID: toBooleanConfig(process.env.CMD_OPENID), openID: toBooleanConfig(process.env.CMD_OPENID),
linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE
} }

3
lib/config/hackmdEnvironment.js
View file

@ -121,6 +121,5 @@ module.exports = {
} }
}, },
email: toBooleanConfig(process.env.HMD_EMAIL), email: toBooleanConfig(process.env.HMD_EMAIL),
allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER)
allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT)
} }

7
lib/config/index.js
View file

@ -125,7 +125,6 @@ config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clie
config.isLDAPEnable = config.ldap.url config.isLDAPEnable = config.ldap.url
config.isSAMLEnable = config.saml.idpSsoUrl config.isSAMLEnable = config.saml.idpSsoUrl
config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret
config.isPDFExportEnable = config.allowPDFExport
// Check gitlab api version // Check gitlab api version
if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') { if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') {
@ -194,12 +193,6 @@ switch (config.imageUploadType) {
] ]
} }
// Disable PDF export due to security issue
if (config.allowPDFExport) {
config.allowPDFExport = false
logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.')
}
// generate correct path // generate correct path
config.sslCAPath.forEach(function (capath, i, array) { config.sslCAPath.forEach(function (capath, i, array) {
array[i] = path.resolve(appRootPath, capath) array[i] = path.resolve(appRootPath, capath)

3
lib/config/oldDefault.js
View file

@ -37,6 +37,5 @@ module.exports = {
// document // document
documentmaxlength: undefined, documentmaxlength: undefined,
imageuploadtype: undefined, imageuploadtype: undefined,
allowemailregister: undefined, allowemailregister: undefined
allowpdfexport: undefined
} }

33
lib/web/note/actions.js
View file

@ -2,9 +2,7 @@ const models = require('../../models')
const logger = require('../../logger') const logger = require('../../logger')
const config = require('../../config') const config = require('../../config')
const errors = require('../../errors') const errors = require('../../errors')
const fs = require('fs')
const shortId = require('shortid') const shortId = require('shortid')
const markdownpdf = require('markdown-pdf')
const moment = require('moment') const moment = require('moment')
const querystring = require('querystring') const querystring = require('querystring')
@ -33,37 +31,6 @@ exports.getInfo = function getInfo (req, res, note) {
res.send(data) res.send(data)
} }
exports.createPDF = function createPDF (req, res, note) {
const url = config.serverURL || 'http://' + req.get('host')
const body = note.content
const extracted = models.Note.extractMeta(body)
let content = extracted.markdown
const title = models.Note.decodeTitle(note.title)
if (!fs.existsSync(config.tmpPath)) {
fs.mkdirSync(config.tmpPath)
}
const path = config.tmpPath + '/' + Date.now() + '.pdf'
content = content.replace(/\]\(\//g, '](' + url + '/')
markdownpdf().from.string(content).to(path, function () {
if (!fs.existsSync(path)) {
logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
return errors.errorInternalError(res)
}
const stream = fs.createReadStream(path)
let filename = title
// Be careful of special characters
filename = encodeURIComponent(filename)
// Ideally this should strip them
res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
res.setHeader('Cache-Control', 'private')
res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
stream.pipe(res)
fs.unlinkSync(path)
})
}
exports.createGist = function createGist (req, res, note) { exports.createGist = function createGist (req, res, note) {
const data = { const data = {
client_id: config.github.clientID, client_id: config.github.clientID,

8
lib/web/note/controller.js
View file

@ -110,14 +110,6 @@ exports.doAction = function (req, res, next) {
case 'info': case 'info':
noteActions.getInfo(req, res, note) noteActions.getInfo(req, res, note)
break break
case 'pdf':
if (config.allowPDFExport) {
noteActions.createPDF(req, res, note)
} else {
logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
errors.errorForbidden(res)
}
break
case 'gist': case 'gist':
noteActions.createGist(req, res, note) noteActions.createGist(req, res, note)
break break

1
package.json
View file

@ -80,7 +80,6 @@
"markdown-it-regexp": "^0.4.0", "markdown-it-regexp": "^0.4.0",
"markdown-it-sub": "^1.0.0", "markdown-it-sub": "^1.0.0",
"markdown-it-sup": "^1.0.0", "markdown-it-sup": "^1.0.0",
"markdown-pdf": "^10.0.0",
"mathjax": "^2.7.6", "mathjax": "^2.7.6",
"mattermost": "^3.4.0", "mattermost": "^3.4.0",
"mermaid": "^8.5.1", "mermaid": "^8.5.1",

3
public/js/lib/editor/ui-elements.js
View file

@ -17,8 +17,7 @@ export const getUIElements = () => ({
download: { download: {
markdown: $('.ui-download-markdown'), markdown: $('.ui-download-markdown'),
html: $('.ui-download-html'), html: $('.ui-download-html'),
rawhtml: $('.ui-download-raw-html'), rawhtml: $('.ui-download-raw-html')
pdf: $('.ui-download-pdf-beta')
}, },
export: { export: {
dropbox: $('.ui-save-dropbox'), dropbox: $('.ui-save-dropbox'),

8
public/views/hedgedoc/header.ejs
View file

@ -66,10 +66,6 @@
</li> </li>
<li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a> <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a>
</li> </li>
<% if(typeof allowPDFExport !== 'undefined' && allowPDFExport) {%>
<li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a>
</li>
<% } %>
<li class="divider"></li> <li class="divider"></li>
<li role="presentation"><a role="menuitem" class="ui-help" href="#" data-toggle="modal" data-target=".help-modal"><i class="fa fa-question-circle fa-fw"></i> Help</a> <li role="presentation"><a role="menuitem" class="ui-help" href="#" data-toggle="modal" data-target=".help-modal"><i class="fa fa-question-circle fa-fw"></i> Help</a>
</li> </li>
@ -165,10 +161,6 @@
</li> </li>
<li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a> <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a>
</li> </li>
<% if(typeof allowPDFExport !== 'undefined' && allowPDFExport) {%>
<li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a>
</li>
<% } %>
</ul> </ul>
</li> </li>
</ul> </ul>