github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-23 02:06:29 -05:00
Code Issues Projects Releases Packages Wiki Activity
2748 commits 39 branches 47 tags 112 MiB
Commit graph

117 commits

Author SHA1 Message Date
Yannick Bungers
0ec8d61669
Added serverVersion to status by using SemVer 
Signed-off-by: Yannick Bungers <git@innay.de>
 2020-08-20 19:43:16 +02:00
Erik Michelson
71158f93dc
Reorganized openapi.yml for external API structure 
As this document should contain the details of the stable external API, it was refactored and cleaned up.

Co-Authored-By: David Mehren <dmehren1@gmail.com>
Co-Authored-By: Yannick Bungers <git@innay.de>
Co-Authored-By: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:16 +02:00
Erik Michelson
7d20e97348
Added entries for image proxying and registering 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-08-20 19:43:16 +02:00
Philip Molares
74421e7264
server tag is now called backend 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:16 +02:00
Philip Molares
8f0761af96
/me is now a put and not a post since it's an update method 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:16 +02:00
Philip Molares
4d424842e6
fixed typo 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
7dbadd2d0b
descriptions always end with a dot 
summaries never end with a dot

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
4c11b81dfb
the api doc is now referring to the backend as such and not as system und CodiMD instance 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
3561da0457
/config is now tagged as server to 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
3cb60fbc11
moved the /history endpoints to /me/history 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
8cae3f3c07
user is now always explicitly currently logged-in user 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
f6b26b5d77
base name now is /api/v2/ 
this change makes sense, because v2 client should still be able to call /api/v2/ on v2.1 servers

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
7207602c81
fixed typo 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:15 +02:00
Philip Molares
a279203c10
removed trailing / on /history/{note} 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:14 +02:00
Philip Molares
da07476009
renamed revision to revisions 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:14 +02:00
Philip Molares
7dfe2ec8c1
removed /notes/{note}/websocket 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:14 +02:00
Philip Molares
db9917e77b
added export tag to /me/export 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:14 +02:00
Erik Michelson
58a7a29986
Removed tokens from API spec 
With the suggested usage of an Authorization header instead of relying on session-cookies, the API will finally become stateless. Therefore we don't need the tokens for user password change and deletion anymore.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-08-20 19:43:14 +02:00
Erik Michelson
670a5e8233
Added missing endpoint for updating user information 
Signed-off-By: Erik Michelson <github@erik.michelson.eu>
 2020-08-20 19:43:14 +02:00
Erik Michelson
b2b5a1ba51
Added endpoints required for the user profile page 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-08-20 19:43:14 +02:00
Philip Molares
60dc77b9d2
added version to /config 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:14 +02:00
Philip Molares
07e8242752
response codes are strings now 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-08-20 19:43:13 +02:00
Philip Molares
b6974a0095
added /history/{note} 2020-08-20 19:43:13 +02:00
Philip Molares
2994e2776f
added /config 2020-08-20 19:43:13 +02:00
Philip Molares
6b6801963f
added /history 2020-08-20 19:43:13 +02:00
Philip Molares
ee2d840075
added /notes/{note}/websocket 2020-08-20 19:43:13 +02:00
Philip Molares
050e43576d
removed NewNote schema 2020-08-20 19:43:13 +02:00
Philip Molares
abe38fa6be
changed /note/ to /notes/ 
added /notes/{note}/permissions
 2020-08-20 19:43:13 +02:00
Philip Molares
4f10dc7621
removed /note/{note}/info 2020-08-20 19:43:12 +02:00
Philip Molares
ba3ea8a073
added /n/ prefix to note calls 
added Note object
 2020-08-20 19:43:12 +02:00
Philip Molares
c7511df450
added openapi definition for api 2.0 2020-08-20 19:43:12 +02:00
David Mehren
a6fa562a17
Fix cardinality between Authorship and User in database schema 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-20 19:43:11 +02:00
David Mehren
a38622ea19
Delete superfluous authorship attribute from Revision in the database schema. 
Authorships are saved in a separate table, this attribute was probably left over from the old schema.

Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-20 19:43:11 +02:00
David Mehren
c3af748a52
Fix cardinality between NoteGroupPermission and Group in database schema 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-20 19:43:11 +02:00
David Mehren
2050f5acc2
Update database schema. 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-20 19:43:10 +02:00
David Mehren
d0c1c93fba
Add (still incomplete) database schema 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-20 19:43:10 +02:00
David Mehren
574c7d1dd4
Log warnings when using hardcoded data. 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-20 19:43:08 +02:00
Bennet Bleßmann
8811ba6dfe
add ldap.starttls to config file docs 
Signed-off-by: Bennet Bleßmann <bb-github@t-online.de>
 2020-08-05 00:45:38 +02:00
Erik Michelson
7838f9b03a
Added config property for locales 
There's a new config property 'localesPath' - pointing to './locales' by default. The path resolution is similar to the docsPath, uploadsPath etc.

Signed-off-by: Erik Michelson <erik@liltv.de>
 2020-04-24 19:09:18 +02:00
Sheogorath
4104f9835d
Merge pull request #278 from elespike/master 
Add OIDC scopes for email & profile retrieval
 2020-04-22 20:56:58 +02:00
Sheogorath
a2522888b2
Remove PDF export 
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-26 15:05:54 +01:00
Erik Michelson
c976217c12
Remove mattermost integration 
Signed-off-by: Erik Michelson <erik@liltv.de>
 2020-02-25 14:33:30 +01:00
Marius
574781ed6e Add environment variables and doc entries 
Signed-off-by: Marius <elespike@lab26.net>
 2020-02-22 00:16:26 -05:00
Stefan Peters
5ee3213086
Adjust description of CMD_ALLOW_ANONYMOUS_EDITS 
`CMD_ALLOW_ANONYMOUS_EDITS` is only applied when `CMD_ALLOW_ANONYMOUS` is `false`, see [here](9c1665ae5b/lib/config/index.js (L71-L73)).

Signed-off-by: Stefan Peters <stefandesu@exo.pm>
 2020-02-11 13:32:22 +09:00
Sheogorath
651db60985
Update CDN defaults 
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]

There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]

Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.

[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-09 21:59:17 +01:00
ike
197223dc81 Add Google oauth variable: hostedDomain 
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3

Signed-off-by: ike <developer@ikewat.com>
 2020-02-08 15:57:22 +08:00
Amolith
412540b8e5 update env docs in reference to #247 
Signed-off-by: Amolith <amolith@nixnet.xyz>
 2020-01-16 17:25:41 -05:00
Ian Tsai
deb3b94662 Update example config for gitlab authorization 
Update example config for gitlab authorization

Signed-off-by: Ian Tsai <b10102016@gmail.com>
 2020-01-13 19:30:15 +08:00
Matteo Savatteri
8496baa5b9 [DOC] Run manage_users with NODE_ENV=production set. 
`manage_user` script defaults to `development` environment.

Signed-off-by: Matteo Savatteri <matteosavatteri@lcm.mi.infn.it>
 2019-12-24 18:02:55 +01:00
Enrico Guiraud
ed2a792886
[DOC] Use npm start, not yarn start to start 
`yarn start --production` ignores the `--production` flag,
`npm start --production` does not.

Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
 2019-12-20 11:08:40 +01:00