Commit graph

3342 commits

Author SHA1 Message Date
David Mehren
1c0af5f75d
Cleanup csp.js
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:30 +02:00
David Mehren
bd44cbc16c
Add config option to disallow framing via CSP
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:30 +02:00
David Mehren
9499add64c
Tighten up default Content-Security-Policy
This commit changes the
- default-src to none, so everything is disallowed by default
- base-uri, connect-uri and font-src to self,
  so these are restricted to the current origin
- frame-src to allow SlideShare, Vimeo and YouTube
- script-src to the specific paths that are used by HedgeDoc to serve scripts.
  This explicitly does not include the /uploads route
 - style-src to the specific paths that are used by HedgeDoc to serve styles
 -

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:30 +02:00
David Mehren
ed8119d314
Merge pull request #1546 from hedgedoc/fix/git_parsing
Fix unescaped line break in `git` output
2021-08-15 00:22:12 +02:00
David Mehren
8b69ac1bcf
Fix unescaped line break in git output
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:16:46 +02:00
David Mehren
3175fe18b2
Merge pull request #1545 from hedgedoc/fix/shutdown_loop 2021-08-15 00:04:17 +02:00
David Mehren
b8bb40b9b6
Forcefully exit on second term signal
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 23:59:37 +02:00
David Mehren
b8c3703c2f
Fix endless loop on shutdown when DB can't be reached
The shutdown handler calls `checkAllNotesRevision` on a 100 ms
interval. If the database connection is broken, this will return
an error. Previously, this error was effectively ignored and resulted
in an endless loop printing out the error message every 100 ms.

This improves the error handling by terminating the process with a
nonzero exit code when an error was encountered 30 times. The loop
interval is also increased to 200 ms, giving the database 6 seconds
total time to recover in case of intermittent issues.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 23:47:26 +02:00
David Mehren
cc76201cfb
Merge pull request #1533 from hedgedoc/feature/database-env
feat(config): Improve configurability of database by env
2021-08-14 23:41:58 +02:00
David Mehren
8eb4e7e6e8
Merge pull request #1541 from hedgedoc/maint/ci_updates 2021-08-14 23:31:02 +02:00
David Mehren
60f1c630e1
Merge pull request #1537 from hedgedoc/maint/remove_ws
Remove redundant `ws` dependency
2021-08-14 23:24:46 +02:00
David Mehren
84b3504911
Merge pull request #1543 from hedgedoc/feat/db_reconnect 2021-08-14 22:27:29 +02:00
David Mehren
4ad5c705c4
Add changelog entry for DB auto-reconnect
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 22:23:26 +02:00
David Mehren
44ebf12d25
Automatically retry DB connection on startup
This adds retry logic to the initial DB connection on startup.
HedgeDoc now tries connecting to the database up to 30 times, waiting
one second after each try.
This gives a database that was simultaneously started (e.g. via
docker-compose) enough time to get ready to accept connections.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 22:23:08 +02:00
David Mehren
936b87f3b4
Merge pull request #1542 from hedgedoc/docs/pg_13
Docs: Use Postgres 13 in Docker example
2021-08-14 21:56:29 +02:00
David Mehren
de64142511
Merge pull request #1540 from hedgedoc/fix/get_git_commit 2021-08-14 21:47:18 +02:00
David Mehren
277a2424bc
Merge pull request #1544 from hedgedoc/fix/stop-swollowing-errors
fix(image-upload): Fix swallowing of errors for filesystem
2021-08-14 20:19:32 +02:00
Sheogorath
c025d6abee
fix(image-upload): Fix swallowing of errors for filesystem
This patch fixes the swollowing of the actual error message that appears
when a file fails to move, after being uploaded to Hedgedoc on an
instance that is using the upload-method `filesystem` active.

This became apparent when the error messages provided by some users,
where less than helpful.

As a solution the error message of the copy command was added to the
error that is output to the console.

https://community.hedgedoc.org/t/image-upload-fail-docker/439

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2021-08-14 20:04:08 +02:00
David Mehren
9650950d00
Docs: Use Postgres 13 in Docker example
After https://github.com/hedgedoc/container/pull/181 has been merged,
we should now also use PG 13 in the example snippet.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 17:15:40 +02:00
David Mehren
b55593734f
Merge pull request #1508 from hedgedoc/renovate/master-esbuild-loader-2.x 2021-08-14 16:54:56 +02:00
David Mehren
0e9fc1f05d
CI: Use short Node versions
https://github.com/actions/setup-node#supported-version-syntax
documents only the short versions, without `.x`, so we shall use them.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:54:26 +02:00
David Mehren
b9a0cb6150
CI: Node Node 16 for single tasks
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:54:26 +02:00
David Mehren
313ed46888
CI: Migrate to integrated dependency cache
Since https://github.com/actions/setup-node/releases/tag/v2.2.0
the setup-node action supports caching dependencies natively.
We can therefore simplify our CI config.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:54:26 +02:00
David Mehren
acf2d643f9
CI: Remove Node 15 from matrix
Node 15 is EOL since 01 June 2021

See https://endoflife.date/nodejs

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:54:25 +02:00
David Mehren
d159241f0f
Exclude mathjax a11y files from ESBuild
`MathJax/extensions/a11y/mathmaps` contains .js files that are
not actually valid JavaScript, tripping up ESBuild.
This excludes them from the minification step

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:18:23 +02:00
David Mehren
b719ce79db
Fix crash while getting current git commit
HedgeDoc crashed with
`uncaughtException: ENOENT: no such file or directory`
on startup, when `.git/ref/heads` did not contain
a file for the current branch. This seems to happen
regularly with current Git versions.

This fixes the crash by first trying to use the `git` executable for
getting the current commit SHA (before running our own parsing code)
and introducing a separate check to prevent accessing a nonexistent
file in `.git/ref/heads`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:08:55 +02:00
Renovate Bot
0c8ac678a3
chore(deps): update dependency esbuild-loader to v2.15.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-08-14 14:07:29 +00:00
David Mehren
ca9c389b87
Revert "Run CI for Renovate branches"
Renovate needs to use PRs anyway, so we can save some CI resources.

This reverts commit 4566622c01.
2021-08-14 14:37:13 +02:00
David Mehren
870c654ba5
Merge pull request #1518 from hedgedoc/renovate/master-linters
chore(deps): update dependency eslint-plugin-import to v2.24.0 (master)
2021-08-14 14:25:34 +02:00
Renovate Bot
d7ec1404cf
chore(deps): update dependency eslint-plugin-import to v2.24.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-08-14 12:13:25 +00:00
David Mehren
f53bff35cb
Merge pull request #1477 from hedgedoc/renovate/master-js-cookie-3.x
chore(deps): update dependency js-cookie to v3 (master)
2021-08-14 14:11:50 +02:00
David Mehren
9831a55287
Remove redundant ws dependency
`socket.io` already depends on `ws` and uses it by default.
The separate dependency to and initialization of `ws` sees to be
a relic of the past usage of `uws`, but is redundant now.

As documented in https://socket.io/docs/v2/server-initialization/#Notable-options,
`perMessageDeflate` is now `false` by default.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 12:52:12 +02:00
Renovate Bot
8bea370c3a
chore(deps): update dependency js-cookie to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-08-14 10:22:34 +00:00
David Mehren
540c86009b
Merge pull request #1531 from hedgedoc/renovate/master-major-remark-monorepo
chore(deps): update dependency remark-preset-lint-markdown-style-guide to v5 (master)
2021-08-14 12:20:46 +02:00
Renovate Bot
25786de736
chore(deps): update dependency remark-preset-lint-markdown-style-guide to v5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-08-14 09:24:20 +00:00
David Mehren
e4c23297cc
Merge pull request #1535 from hedgedoc/docs/typos
docs: fix typos
2021-08-14 11:22:33 +02:00
Philip Molares
e158839f46 docs: fix typos
Fixed some typos geeked pointed out on the forum

See https://community.hedgedoc.org/t/couple-spelling-errors-on-your-docs-home-page/453

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-14 00:28:09 +02:00
Sheogorath
1428a8e006
feat(config): Improve configurability of database by env
This patch implements 6 additional environment variables that are used
for configuration of the database in order to allow easier configuration
in containerised environments, such as Kubernetes.

An example is the upcoming deployment of the demo instance that will use
an operator-backed postgresql database. This operator exposes username
and password as separate variables and while it's obviously possible to
generate a dbURL from that, this won't be possible without additional
code. Aiming for a solution in Hedgedoc itself, will help us to enable
other people in using Hedgedoc on Kubernetes without resulting in overly
customised setups for simple tasks like this.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2021-08-13 01:58:53 +02:00
renovate[bot]
6c17823da1
chore(deps): update dependency mkdocs-material to v7.2.4 (#1528)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-11 22:19:17 +00:00
renovate[bot]
d0244affdf
chore(deps): update dependency mkdocs-material to v7.2.3 (#1524)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-09 20:53:48 +00:00
renovate[bot]
7e3ed970e5
chore(deps): lock file maintenance (#1520)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-09 04:56:24 +00:00
renovate[bot]
fad7ae416b
chore(deps): update dependency mermaid to v8.11.4 (#1511)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-05 19:33:12 +00:00
David Mehren
e59c9eb1d2
Merge pull request #1499 from hedgedoc/renovate/master-major-remark-monorepo
chore(deps): update dependency remark-cli to v10 (master)
2021-08-05 20:24:14 +02:00
Renovate Bot
91512bcc2c
chore(deps): update dependency remark-cli to v10
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-08-05 07:56:50 +00:00
David Mehren
c3c8a7ad8f
Merge pull request #1505 from matejc/master
fix(s3): replace dash with dot for s3 endpoint
2021-08-05 09:38:10 +02:00
renovate[bot]
0a01ee314b
chore(deps): update dependency mermaid to v8.11.3 (#1506)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-04 19:06:46 +00:00
Matej Cotman
65fac143f6 fix(s3): replace dash with dot for s3 endpoint
According to the AWS documentation there is no situation that there is a dash in `s3-<region>.amazonaws.com`, the correct way is with a dot `s3.<region>.amazonaws.com`
Source: https://docs.aws.amazon.com/general/latest/gr/s3.html

Signed-off-by: Matej Cotman <matej.cotman@eficode.com>
2021-08-04 16:09:08 +03:00
David Mehren
8ab173e994
Merge pull request #1475 from hedgedoc/renovate/master-lock-file-maintenance
chore(deps): lock file maintenance (master)
2021-08-01 18:58:24 +02:00
David Mehren
56111a4ae7
Merge pull request #1487 from hedgedoc/renovate/master-linters
chore(deps): update dependency eslint to v7.32.0 (master)
2021-08-01 18:58:07 +02:00
David Mehren
84571ac0e8
Merge pull request #1474 from hedgedoc/failing-migrations-notice
[1.x] Add help link and short explanation for failing migrations
2021-08-01 18:22:37 +02:00