From 97312b5ed3db8e5967184fc2f693a47dcba091f5 Mon Sep 17 00:00:00 2001 From: Tilman Vatteroth Date: Thu, 26 Nov 2020 20:52:57 +0100 Subject: [PATCH] Remove pdf export code Signed-off-by: Tilman Vatteroth --- app.js | 1 - app.json | 4 ---- docs/configuration.md | 1 - docs/dev/api.md | 1 - docs/dev/openapi.yml | 23 -------------------- docs/setup/docker-linuxserver.md | 2 +- lib/config/default.js | 1 - lib/config/environment.js | 1 - lib/config/hackmdEnvironment.js | 3 +-- lib/config/index.js | 7 ------ lib/config/oldDefault.js | 3 +-- lib/web/note/actions.js | 33 ----------------------------- lib/web/note/controller.js | 8 ------- package.json | 1 - public/js/lib/editor/ui-elements.js | 3 +-- public/views/hedgedoc/header.ejs | 8 ------- 16 files changed, 4 insertions(+), 96 deletions(-) diff --git a/app.js b/app.js index 67fb22323..eb2a81938 100644 --- a/app.js +++ b/app.js @@ -191,7 +191,6 @@ app.locals.serverURL = config.serverURL app.locals.sourceURL = config.sourceURL app.locals.allowAnonymous = config.allowAnonymous app.locals.allowAnonymousEdits = config.allowAnonymousEdits -app.locals.allowPDFExport = config.allowPDFExport app.locals.authProviders = { facebook: config.isFacebookEnable, twitter: config.isTwitterEnable, diff --git a/app.json b/app.json index 24e69a9d8..df0af925e 100644 --- a/app.json +++ b/app.json @@ -143,10 +143,6 @@ "CMD_IMGUR_CLIENTID": { "description": "Imgur API client id", "required": false - }, - "CMD_ALLOW_PDF_EXPORT": { - "description": "Enable or disable PDF exports", - "required": false } }, "addons": [ diff --git a/docs/configuration.md b/docs/configuration.md index 197a2ca07..9e5d7d029 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -22,7 +22,6 @@ to `config.json` before filling in your own details. | config file | environment | **default** and example value | description | | ------------------- | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `allowPDFExport` | `CMD_ALLOW_PDF_EXPORT` | **`true`** or `false` | Enable or disable PDF exports | | | `CMD_CONFIG_FILE` | **no default**, `/path/to/config.json` | optional override for the path to HedgeDoc's config file | | `db` | | **`undefined`**, `{ "dialect": "sqlite", "storage": "./db.hedgedoc.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) | | `dbURL` | `CMD_DB_URL` | **`undefined`**, `mysql://localhost:3306/database` | Set the db in URL style. If set, then the relevant `db` config entries will be overridden. | diff --git a/docs/dev/api.md b/docs/dev/api.md index 5422533d2..e89741d32 100644 --- a/docs/dev/api.md +++ b/docs/dev/api.md @@ -13,7 +13,6 @@ You have to replace *\* with either the alias or id of a note you want to | `/new` | `POST` | **Imports some markdown data into a new note.**
A random id will be assigned and the content will equal to the body of the received HTTP-request. The `Content-Type: text/markdown` header should be set on this request. | | `/new/` | `POST` | **Imports some markdown data into a new note with a given alias.**
This endpoint equals to the above one except that the alias from the url will be assigned to the note if [FreeURL-mode](../configuration-env-vars.md#users-and-privileges) is enabled. | | `//download` or `/s//download` | `GET` | **Returns the raw markdown content of a note.** | -| `//pdf` | `GET` | **Returns a generated pdf version of the note.**
If pdf-support is disabled, a HTTP 403 will be returned.
*Please note: Currently pdf export is disabled generally because of a security problem with it.* | | `//publish` | `GET` | **Redirects to the published version of the note.** | | `//slide` | `GET` | **Redirects to the slide-presentation of the note.**
This is only useful on notes which are designed to be slides. | | `//info` | `GET` | **Returns metadata about the note.**
This includes the title and description of the note as well as the creation date and viewcount. The data is returned as a JSON object. | diff --git a/docs/dev/openapi.yml b/docs/dev/openapi.yml index aafaddc31..77d7e9de2 100644 --- a/docs/dev/openapi.yml +++ b/docs/dev/openapi.yml @@ -89,29 +89,6 @@ paths: 'text/plain': example: my-note - /{note}/pdf: - get: - tags: - - note - summary: Returns a generated pdf version of the note. - description: 'If pdf-support is disabled, a HTTP 403 will be returned.
_Please note: Currently pdf export is disabled generally because of a security problem with it._' - responses: - 200: - description: The generated pdf version of the note - content: - 'application/pdf': - example: binary - 404: - description: Note does not exist - parameters: - - name: note - in: path - required: true - description: The note which should be exported as pdf - content: - 'text/plain': - example: my-note - /{note}/publish: get: tags: diff --git a/docs/setup/docker-linuxserver.md b/docs/setup/docker-linuxserver.md index 58d5c8da1..daff4116d 100644 --- a/docs/setup/docker-linuxserver.md +++ b/docs/setup/docker-linuxserver.md @@ -2,7 +2,7 @@ [![LinuxServer.io Discord](https://img.shields.io/discord/354974912613449730.svg?logo=discord&label=LSIO%20Discord&style=flat-square)](https://discord.gg/YWrKVTn)[![container version badge](https://images.microbadger.com/badges/version/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")[![container image size badge](https://images.microbadger.com/badges/image/linuxserver/codimd.svg)](https://microbadger.com/images/linuxserver/codimd "Get your own version badge on microbadger.com")![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/codimd.svg)![Docker Stars](https://img.shields.io/docker/stars/linuxserver/codimd.svg)[![Build Status](https://ci.linuxserver.io/buildStatus/icon?job=Docker-Pipeline-Builders/docker-codimd/master)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-codimd/job/master/)[![LinuxServer.io CI summary](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/badge.svg)](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/codimd/latest/index.html) -[LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf which supports PDF export from all architectures using [PhantomJS](https://phantomjs.org/). +[LinuxServer.io](https://linuxserver.io) have created an Ubuntu-based multi-arch container image for x86-64, arm64 and armhf. - It supports all the environment variables detailed in the [configuration documentation](../configuration-env-vars.md) to modify it according to your needs. - It gets rebuilt on new releases from HedgeDoc and also weekly if necessary to update any other package changes in the underlying container, making it easy to keep your HedgeDoc instance up to date. diff --git a/lib/config/default.js b/lib/config/default.js index 00fa9eaeb..fe9b70595 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -160,7 +160,6 @@ module.exports = { email: true, allowEmailRegister: true, allowGravatar: true, - allowPDFExport: true, openID: false, // linkifyHeaderStyle - How is a header text converted into a link id. // Header Example: "3.1. Good Morning my Friend! - Do you have 5$?" diff --git a/lib/config/environment.js b/lib/config/environment.js index cf9fb5a11..b123faca6 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -137,7 +137,6 @@ module.exports = { email: toBooleanConfig(process.env.CMD_EMAIL), allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER), allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR), - allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT), openID: toBooleanConfig(process.env.CMD_OPENID), linkifyHeaderStyle: process.env.CMD_LINKIFY_HEADER_STYLE } diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js index d4ae77f06..76e413612 100644 --- a/lib/config/hackmdEnvironment.js +++ b/lib/config/hackmdEnvironment.js @@ -121,6 +121,5 @@ module.exports = { } }, email: toBooleanConfig(process.env.HMD_EMAIL), - allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), - allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) + allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER) } diff --git a/lib/config/index.js b/lib/config/index.js index f78513a03..6aab2e287 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -125,7 +125,6 @@ config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clie config.isLDAPEnable = config.ldap.url config.isSAMLEnable = config.saml.idpSsoUrl config.isOAuth2Enable = config.oauth2.clientID && config.oauth2.clientSecret -config.isPDFExportEnable = config.allowPDFExport // Check gitlab api version if (config.gitlab && config.gitlab.version !== 'v4' && config.gitlab.version !== 'v3') { @@ -194,12 +193,6 @@ switch (config.imageUploadType) { ] } -// Disable PDF export due to security issue -if (config.allowPDFExport) { - config.allowPDFExport = false - logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.') -} - // generate correct path config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) diff --git a/lib/config/oldDefault.js b/lib/config/oldDefault.js index 90942951d..738ad9f7d 100644 --- a/lib/config/oldDefault.js +++ b/lib/config/oldDefault.js @@ -37,6 +37,5 @@ module.exports = { // document documentmaxlength: undefined, imageuploadtype: undefined, - allowemailregister: undefined, - allowpdfexport: undefined + allowemailregister: undefined } diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js index 9ff7fedbf..d92d2443e 100644 --- a/lib/web/note/actions.js +++ b/lib/web/note/actions.js @@ -2,9 +2,7 @@ const models = require('../../models') const logger = require('../../logger') const config = require('../../config') const errors = require('../../errors') -const fs = require('fs') const shortId = require('shortid') -const markdownpdf = require('markdown-pdf') const moment = require('moment') const querystring = require('querystring') @@ -33,37 +31,6 @@ exports.getInfo = function getInfo (req, res, note) { res.send(data) } -exports.createPDF = function createPDF (req, res, note) { - const url = config.serverURL || 'http://' + req.get('host') - const body = note.content - const extracted = models.Note.extractMeta(body) - let content = extracted.markdown - const title = models.Note.decodeTitle(note.title) - - if (!fs.existsSync(config.tmpPath)) { - fs.mkdirSync(config.tmpPath) - } - const path = config.tmpPath + '/' + Date.now() + '.pdf' - content = content.replace(/\]\(\//g, '](' + url + '/') - markdownpdf().from.string(content).to(path, function () { - if (!fs.existsSync(path)) { - logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path) - return errors.errorInternalError(res) - } - const stream = fs.createReadStream(path) - let filename = title - // Be careful of special characters - filename = encodeURIComponent(filename) - // Ideally this should strip them - res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"') - res.setHeader('Cache-Control', 'private') - res.setHeader('Content-Type', 'application/pdf; charset=UTF-8') - res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling - stream.pipe(res) - fs.unlinkSync(path) - }) -} - exports.createGist = function createGist (req, res, note) { const data = { client_id: config.github.clientID, diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js index f79574dfa..45aea9e21 100644 --- a/lib/web/note/controller.js +++ b/lib/web/note/controller.js @@ -110,14 +110,6 @@ exports.doAction = function (req, res, next) { case 'info': noteActions.getInfo(req, res, note) break - case 'pdf': - if (config.allowPDFExport) { - noteActions.createPDF(req, res, note) - } else { - logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details') - errors.errorForbidden(res) - } - break case 'gist': noteActions.createGist(req, res, note) break diff --git a/package.json b/package.json index d4173f8a4..603af0c71 100644 --- a/package.json +++ b/package.json @@ -80,7 +80,6 @@ "markdown-it-regexp": "^0.4.0", "markdown-it-sub": "^1.0.0", "markdown-it-sup": "^1.0.0", - "markdown-pdf": "^10.0.0", "mathjax": "^2.7.6", "mattermost": "^3.4.0", "mermaid": "^8.5.1", diff --git a/public/js/lib/editor/ui-elements.js b/public/js/lib/editor/ui-elements.js index ce19436bf..b1e3b5cb1 100644 --- a/public/js/lib/editor/ui-elements.js +++ b/public/js/lib/editor/ui-elements.js @@ -17,8 +17,7 @@ export const getUIElements = () => ({ download: { markdown: $('.ui-download-markdown'), html: $('.ui-download-html'), - rawhtml: $('.ui-download-raw-html'), - pdf: $('.ui-download-pdf-beta') + rawhtml: $('.ui-download-raw-html') }, export: { dropbox: $('.ui-save-dropbox'), diff --git a/public/views/hedgedoc/header.ejs b/public/views/hedgedoc/header.ejs index f700cd5b6..ecf96e429 100644 --- a/public/views/hedgedoc/header.ejs +++ b/public/views/hedgedoc/header.ejs @@ -66,10 +66,6 @@
  • <%= __('Raw HTML') %>
  • - <% if(typeof allowPDFExport !== 'undefined' && allowPDFExport) {%> -
  • PDF (Beta) -
  • - <% } %>
  • Help
  • @@ -165,10 +161,6 @@
  • <%= __('Raw HTML') %>
  • - <% if(typeof allowPDFExport !== 'undefined' && allowPDFExport) {%> -
  • PDF (Beta) -
  • - <% } %>