Christoph (Sheogorath) Kern
32af96aa37
Merge pull request #940 from WilliButz/fix-configurable-paths
...
enhance configurabiltiy of paths & make execution path-independent
2018-10-05 22:21:01 +02:00
Christoph (Sheogorath) Kern
ae8fa41f92
Merge pull request #958 from SISheogorath/fix/uws
...
Replace `uws` with `ws` package
2018-10-03 16:54:35 +02:00
Claudius
bb80bc2292
removing superfluous config parameters for template files
...
Signed-off-by: Claudius <opensource@amenthes.de>
2018-09-26 21:01:15 +02:00
WilliButz
825ee4e66e
app.js: add missing routes for configurable paths
...
Signed-off-by: WilliButz <wbutz@cyberfnord.de>
2018-09-26 20:58:38 +02:00
Sheogorath
e65e85fa6d
Add indonesian language to CodiMD
...
Big thanks @filosofikode for the translation work!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-23 17:23:16 +02:00
Sheogorath
6b80626dca
Replace uws
with ws
package
...
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-18 00:02:23 +02:00
Miranda Kastemaa
70e8df5c04
Support 'host' & 'path' config options
...
Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
2018-07-27 15:35:29 +03:00
Sheogorath
a762928e97
Do final internal renameing
...
A little minor change, by moving the CodiMD version header in its own
middleware. Should simplify to determine the version number of the
Backend in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:05:41 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Sheogorath
0ed4b50098
Move config out of statics path
...
Since static path is providing with a high expiration data, we provide
configs via API. This shouldn't add any noticeable load while making it
uncached and this way working again.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 00:07:32 +02:00
Sheogorath
47b18ada76
Remove unused zh.json from repo
...
Since the original idea of using a symlink didn't work anyway, we should
remove the zh.json symlink from the repo. It doesn't provide any
benefit but alters the repo on start of HackMD.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 21:26:33 +02:00
Christoph (Sheogorath) Kern
f36b10abb2
Merge pull request #837 from SISheogorath/translate/korean
...
Add korean translation
2018-06-07 14:52:56 +02:00
Sheogorath
56182532cb
Add korean translation
...
This translation was contributed via POEditor by the user Basix.
Thanks a lot for your work!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-07 14:29:01 +02:00
Sheogorath
634b3c9cea
Fix i18n writing locale files in production
...
This commit should prevent the i18n module from adding missing
translations to the local files in setups that are not for development.
This way we keep the directory clean and idempotent.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-05 01:40:50 +02:00
Sheogorath
ad69c5017b
Removing google drive integration
...
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.
As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.
This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-16 01:34:55 +02:00
Christoph (Sheogorath) Kern
6d44ded269
Revert "Workaround Google API problems"
2018-05-16 01:31:50 +02:00
Sheogorath
ef86bf5cba
Use API key instead of clientSecret
...
As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-13 09:38:59 +02:00
Sheogorath
2411dffa2c
Change config to camel case with backwards compatibility
...
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Sheogorath
714504618c
Add referrer policy
...
This commit adds a referrer policy to all requests.
The usage of `same-origin` allows HackMD to still interpret all requests
and this way not break anything. But it prevents 3rd party scripts,
pictures and more to get informations that may lead to not secured note.
It has to be mentioned that this maybe breaks some features of the
Google Analytics embedding. This has to be tested.
Fixes #724
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-12 01:59:48 +01:00
Christoph (Sheogorath) Kern
584f1c5249
Merge pull request #691 from SISheogorath/feature/upload
...
Allow more detailed configuration of upload mime types
2018-01-23 12:10:33 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
...
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Sheogorath
a7935a595a
Allow more detailed configuration of upload mime types
...
Fixes #637
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20 15:16:53 +01:00
Wu Cheng-Han
608008753f
Fix not passing app key correctly in dropbox config
2018-01-19 00:25:08 +08:00
Rwing
362a7eaf65
support Simplified Chinese and rename original zh to Traditional Chinese
2017-10-23 17:38:04 +08:00
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
...
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
e5f03fe135
Add dirty workaround for speakers view inline script
2017-10-22 00:03:46 +02:00
Literallie
2b2b8d6d1d
Allow any connect-src in CSP
...
Managing these for all the integrations seems like a lot of effort
2017-10-22 00:03:46 +02:00
Literallie
d51da8c12c
Don't add nonce to CSP if unsafe-inline is on
...
Browsers ignore unsafe-inline if a nonce is sent
2017-10-22 00:03:46 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive
2017-10-22 00:03:46 +02:00
Literallie
996cb37991
CSP: Workaround for ws:// protocol
...
The spec allows wss:// for 'self', but not ws:// :(
2017-10-22 00:03:45 +02:00
Literallie
4238b9b3ef
Fix MathJax CSP issues
2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS
2017-10-22 00:03:45 +02:00
Literallie
5d2d3ec875
CSP: Upgrade insecure requests if possible
...
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie
ba183ce654
Add basic CSP support
2017-10-22 00:03:44 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584
2017-10-13 01:42:05 +02:00
Wu Cheng-Han
c8d3951d32
Add support of Danish locale
2017-06-11 15:52:04 +08:00
Wu Cheng-Han
cceb5b1a26
Fix import module name typo in app.js
2017-05-08 20:35:51 +08:00
Raccoon Li
d79997808a
fix(imageRouter): import missing dependency: getImageMimeType
2017-05-08 20:04:05 +08:00
BoHong Li
60ca6ed56c
refactor: Rename checkURiVaild to checkURIValid to fit coding standard
2017-05-08 19:29:07 +08:00
BoHong Li
3919d4fc0e
fix(app.js): Change config.maintenance to realtime.maintenance
2017-05-08 19:29:07 +08:00
BoHong Li
ecb0533605
refactor(config.js): Extract config file
...
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
4738ba7d36
fix: Add 'use strict' on app.js
2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d
refactor: Remove require
extension filename
2017-05-08 19:29:06 +08:00
BoHong Li
d88502e331
refactor(app.js): Move passport serialize and deserialize to auth module
2017-05-08 19:29:06 +08:00
BoHong Li
7ef17fd4e6
refactor(app.js): Extract tooBusy
2017-05-08 19:29:06 +08:00
BoHong Li
768943002c
refactor(app.js): Extract upload image
2017-05-08 19:29:06 +08:00
BoHong Li
d90bd6da31
fix(app.js): Fixed typo
2017-05-08 19:24:38 +08:00
BoHong Li
689bade730
refactor(app.js): Extract note action
2017-05-08 19:24:38 +08:00
BoHong Li
e2ac73f5a3
refactor(app.js): Extract /me page
2017-05-08 19:24:38 +08:00
BoHong Li
e3fde01e3a
refactor(app.js): Remove unused modules
2017-05-08 19:24:38 +08:00
BoHong Li
706df11e23
refactor(app.js): Extract history api
2017-05-08 19:24:38 +08:00
BoHong Li
c99ae8e1f8
refactor(app.js): Remove unused import modules
2017-05-08 19:24:38 +08:00
BoHong Li
69a9f7ca38
refactor(app.js, auth.js): Extract all auth method to individual modules
2017-05-08 19:24:38 +08:00
BoHong Li
766022378a
refactor(app.js): Extract status pages
2017-05-08 19:24:37 +08:00
BoHong Li
66c68254b4
refactor(app.js): Extract index, 403, 404, 500 pages
2017-05-08 19:24:37 +08:00
BoHong Li
9f1f16c8e3
refactor(app.js): Extract urlencodedParser to utils module
2017-05-08 19:24:37 +08:00
BoHong Li
dee77c459a
refactor(app.js): Extract middleware to module
...
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li
7ba0d600f1
fix(app.js): Stream log
...
use logger instead of logger.stream
2017-05-08 19:24:37 +08:00
LluisArevalo
6e277100ca
Add reference to utils library
2017-05-08 10:52:30 +02:00
LluisArevalo
03ef1bf4f0
Add Content-Type to the images uploaded to AWS S3
2017-05-08 10:22:52 +02:00
Wu Cheng-Han
dde6e622a4
Fix front-end constants generation not getting config properly
2017-03-23 20:00:48 +08:00
Wu Cheng-Han
011d043b2a
Update to indicate version in status API header
2017-03-22 23:44:09 +08:00
Wu Cheng-Han
e751684aa3
Update to print info on exit term signals handled
2017-03-22 15:31:39 +08:00
Wu Cheng-Han
0bcd83576f
Update to handle SIGQUIT
2017-03-22 15:26:35 +08:00
Wu Cheng-Han
7989b89591
Add support of Catalan locale
2017-03-20 14:52:25 +08:00
Wu Cheng-Han
19a64f6b06
Fix typo and possible wrong value on provider is false on generating front-end constants
2017-03-20 01:54:44 +08:00
Wu Cheng-Han
448b006194
Update to generate front-end constants on server startup
...
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han
506a381eca
Add config option for gitlab api scope and auto adapt gitlab snippet feature on it
2017-03-14 18:04:23 +08:00
BoHong Li
4889e9732d
Use JavaScript Standard Style
...
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
NV
90c83ebd5b
Fix image path problem when using filesystem backend
2017-02-09 14:07:36 +09:00
Wu Cheng-Han
92ad67b813
Update to remove history cache to lower application coupling
2017-02-03 21:39:08 +08:00
Jan Kunzmann
20dc3127b1
Handle SIGTERM the same way SIGINT is handled
2017-01-20 02:13:09 +01:00
Max Wu
4851098477
Merge pull request #317 from SISheogorath/master+allowEmailRegister
...
Add `allowemailregister` option
2017-01-12 23:37:28 +08:00
Sheogorath
747629e549
Add allowemailregister
option
2017-01-12 13:54:45 +01:00
Wu Cheng-Han
fc788e805e
Fix SIGINT checkClean should only log error instead throw error
2017-01-12 17:17:01 +08:00
Max Wu
b13635aac9
Merge pull request #279 from alecdwm/ldap-auth
...
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
James Stephenson
ec1ae8c6b5
Added Esperanto translation
...
Translation by Jonathan Powell and James Stephenson
2016-12-30 22:02:57 -05:00
knjcode
a2fbb3add9
Fix URL concatenation
2016-12-27 12:46:07 +09:00
S.Noda
c8bcc4c1c3
fix #284
2016-12-18 18:58:21 +09:00
alecdwm
fc8d709afb
LDAP login improvements
...
- return bad request if no username or password given
- return to referer url on auth success
- flash error message on auth failure
2016-12-14 12:40:54 +01:00
alecdwm
02e9927714
Initial support for LDAP server authentication
...
Limitations as of this commit:
- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
- instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
because we aren't using oauth. The currently generated
tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han
bb3ed8e249
Fix missing dependency in app.js
2016-12-12 13:02:53 +08:00
Wu Cheng-Han
38505491ae
Fix redirection to url without trailing slashes not considering about config urlpath
2016-12-12 10:50:43 +08:00
Yukai Huang
9e6fd505e1
Remove bower occurences
2016-12-11 11:18:08 +08:00
Wu Cheng-Han
778b6f32b3
Update to handle request with invalid uri
2016-12-03 14:37:24 +08:00
Wu Cheng-Han
5958654ea4
Remove preprocess image on upload image or it will losing support of image some formats
2016-12-03 14:37:12 +08:00
Wu Cheng-Han
a73d9ce39e
Update to support optional email register and signin
2016-12-02 01:58:14 +08:00
Max Wu
bd3d4958e4
Merge pull request #248 from hackmdio/file-upload-options
...
Support other options for image uploading
2016-11-27 10:54:00 +08:00
Yukai Huang
1a4f3950e6
Handle preprocess image error
2016-11-22 07:20:48 +08:00
Wu Cheng-Han
f387bb312f
Try to replace engine.io to uws in socket.io for better performance
2016-11-18 12:18:29 +08:00
Yukai Huang
2279986f97
Config sharp image preprocessing
2016-11-16 17:07:00 +08:00
Yukai Huang
518a4a120b
upload image to s3
2016-11-16 12:05:24 +08:00
Yukai Huang
4d3672ae5d
Join image path with config.serverurl
2016-11-16 10:50:07 +08:00
Yukai Huang
8db6624ae9
save to upload folder only when option enabled
2016-11-15 23:25:41 +08:00
Yukai Huang
a5dad29300
support filesystem image upload
2016-11-14 17:07:07 +08:00
Yukai Huang
81b368c11c
upload image to public/uploads
2016-11-14 16:45:57 +08:00
Wu Cheng-Han
b9c4af8a65
Add to throw error when server not ready after db synced
2016-11-07 21:31:11 +08:00
Max Wu
7e05976a93
Revert "html minify in production environment"
2016-10-24 00:00:05 +08:00
Peter Dave Hello
731375c220
html minify in production environment
2016-10-23 23:31:04 +08:00
Wu Cheng-Han
215b5baa9f
Update to support Swedish locale
2016-10-21 13:39:28 +08:00