Commit graph

530 commits

Author SHA1 Message Date
foobarable
1881775379 Fixing redirection after SAML login
Saving referer into session in SAML auth so passport can redirect correctly after SAML login.

Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-27 15:08:30 +01:00
Sheogorath
689f5a0a95
Merge pull request #213 from davidmehren/refactor_backend_notes
First steps in refactoring the backend code
2019-11-20 20:07:35 +01:00
Girish Ramakrishnan
c034ee5571 Fix crash in lutim integration
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
2019-10-29 20:23:13 -07:00
David Mehren
b5ccceff59
Inline renderPublishSlide
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:50:24 +01:00
David Mehren
3c39d07723
Inline responseCodiMD
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:29:10 +01:00
David Mehren
ca9e6e49c9
Inline publish and slide
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:27:48 +01:00
David Mehren
25a540ebbc
Inline renderPublish
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:26:50 +01:00
David Mehren
2bc4233ba8
Move showPublishNote and publishNoteActions to note controller
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:23:38 +01:00
David Mehren
dee62ce571
Move showNote to note controller
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:23:38 +01:00
David Mehren
181d5646cf
Move note actions into their own file
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:23:31 +01:00
David Mehren
30487f7c01
Rename actions.js to controller.js and rename functions to be more descriptive
Move postNote to NoteController and rename to createFromPost

Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 14:40:36 +01:00
David Mehren
afb317b551
Move slide actions to own file
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 14:27:15 +01:00
David Mehren
9d938c334a
Fix errors constant in note/actions.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 14:19:46 +01:00
David Mehren
f78540c3fb
Move note actions to their own file.
Because of circular import problems, this commit also moves the error messages from response.js to errors.js

Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 13:51:53 +01:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:05:37 +02:00
Sheogorath
7e5bb8a24b
Fix broken error template due to missing opengraph
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:

```
ReferenceError: /codimd/public/views/error.ejs:5
    3|
    4| <head>
 >> 5|     <%- include codimd/head %>
    6|     <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
    7| </head>
    8|
/codimd/public/views/codimd/head.ejs:7
    5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
    6| <meta name="mobile-web-app-capable" content="yes">
 >> 7| <% for (var og in opengraph) { %>
    8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
    9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
    10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
    at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
    at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
    at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
    at View.render (/codimd/node_modules/express/lib/view.js:135:8)
    at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
    at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
    at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
    at responseError (/codimd/lib/response.js:57:20)
    at Object.errorNotFound (/codimd/lib/response.js:30:5)
    at newNote (/codimd/lib/response.js:134:76)
    at /codimd/lib/response.js:172:16
    at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
    at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
    at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
    at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
    at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)

```

The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-11 17:03:09 +02:00
Sheogorath
cd34a8c702
Merge pull request #191 from ErikMichelson/feature/ogmetadata
Add customizable opengraph metadata for notes (see #40)
2019-10-10 14:55:34 +02:00
Erik Michelson
2881f8211a
Added customizable og-metadata to notes
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:49:45 +02:00
Amolith
71e900e9e8
remove unused variable to pass ci testing - #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 09:24:46 -04:00
Amolith
e6eab33e2d
remove legacy code to solve #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 08:39:51 -04:00
Sheogorath
e313b47b92
Merge pull request #170 from ErikMichelson/post-note-url
Added endpoint for note-creation with given alias
2019-09-26 12:20:57 +02:00
Erik Michelson
9e1cc2159f
Updated forbiddenNoteIDs
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:54:08 +02:00
Erik Michelson
6e5e6696ad
Refactored note-creation with given noteId
Known bugs/features:
 - pushing towards an existing note results in an error 500

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 20:25:32 +02:00
Erik Michelson
8d29d74b02 Added endpoint for note-creation with given alias
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 12:28:44 +02:00
Sheogorath
529075fd67
Merge pull request #168 from dargmuesli/fix/docker-secret-buffer
Config: Return String Instead Of Buffer For Docker Secrets
2019-09-03 18:11:47 +02:00
Jonas Thelemann
0be784351d
Docker Secrets: Use Encoding Parameter Directly
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 17:58:58 +02:00
Jonas Thelemann
3d9c97fc65
Config: Return String Instead Of Buffer For Docker Secrets
Prevents "TypeError: Cannot freeze array buffer views with elements".

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 00:28:44 +02:00
Jonas Thelemann
326b38dff9
Docker Secrets: Correct Source Path
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-02 18:45:16 +02:00
Sheogorath
2e627099d8
Merge pull request #32 from codimd/aws-endpoints
make aws s3 endpoint configurable
2019-09-02 18:50:29 +03:00
Matthias Lindinger
fe2c8634d3 Add link to imprint
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
2019-08-26 14:57:44 +02:00
Sheogorath
c178947402
Disable PDF export due to security issue
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.

I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:54 +02:00
Sheogorath
c07ae7eda1
Fix variable names for docker secrets
It seems like since we switched to camelcase we missed to update some
variable names in the config section. This patch fixes those.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:53 +02:00
chandi
6280e92d10 fix: migration should return promise
Signed-off-by: chandi <git@chandi.it>
2019-08-12 14:13:34 +02:00
Sheogorath
1bfed17f8c
Merge pull request #104 from SISheogorath/feature/dnt
Respect DNT header
2019-07-20 12:50:13 +02:00
Sheogorath
2f6e81e4db
Merge pull request #128 from dargmuesli/docker-secrets
DB URL: Secret File Support
2019-07-20 12:49:19 +02:00
Jonas Thelemann
cc78dd0428
Docker Secrets: Add DB URL Support
As the connection string may include a password it should be supported by Docker Secrets.

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-07-01 19:43:42 +02:00
Sheogorath
118314d8dd
Merge pull request #119 from lhw/patch-1
Add SVG image detection based on file extension
2019-07-01 19:03:18 +02:00
Lennart Weller
f22a563116 Add SVG image detection based on file extension
Add simple SVG image detecetion base on the file extension .svg.
This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG.

Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
2019-06-18 17:13:50 +02:00
BoHong Li
63c96e7359
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-11 00:41:50 +02:00
Sheogorath
da4665c759
Respect DNT header
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.

This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.

This should later-on extended towards other document content (i.e.
iframe based content).

The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08 23:43:50 +02:00
Sheogorath
b5fc6db75d
Rework debug logging
We have various places with overly simple if statements that could be
handled by our logging library. Also a lot of those logs are not marked
as debug logs but as info logs, which can cause confusion during
debugging.

This patch removed unneeded if clauses around debug logging statements,
reworks debug log messages towards ECMA templates and add some new
logging statements which might be helpful in order to debug things like
image uploads.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08 21:27:29 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Sheogorath
e2990c56fd
Merge pull request #82 from SISheogorath/fix/doubleCount
Fix missing pictures for OpenID
2019-05-26 22:19:22 +02:00
Sheogorath
0dff8796ac
Fix missing pictures for OpenID
Currently a problem appears when using OpenID for authentication as
there is no method to add a profile picture right now.

This patch makes sure that all undefined login methods get a profile
picture.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-26 03:53:59 +02:00
Sheogorath
6c62efae2a
Add config for toobusy middleware
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.

This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-25 21:08:38 +02:00
Claudius
4833f300c5 polyfilling scrypt for node 8.5+
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
df666dd214 getting password hashing into a hook where it could be async
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Emmanuel Ormancey
df53f465c0
Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2019-04-06 17:54:58 +02:00