Commit graph

271 commits

Author SHA1 Message Date
Sheogorath
bf229d91c6
Add linting for tests
The tests are currently not linted. This causes a different coding style
than the rest of the sources.

This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-21 17:17:54 +01:00
Sheogorath
d408f4c0fe
Add tests for csp.js
Since we lack of tests but got some great point to start, let's write
more tests.

This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-19 13:54:52 +01:00
Sheogorath
62477f0279
Update bootstrap from 3.3.7 to 3.4.0
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-11 01:56:52 +01:00
Sheogorath
9eb4e545d2
Update SAML to version 1.0.0
Seems like there was a security problem with the library.

This patch updates to version 1.0.0 which fixed the details.

Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-09 01:15:02 +01:00
Daan Sprenkels
f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
Daan Sprenkels
318a37d41c Add a test for gravatar urls
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:45 +01:00
Sheogorath
cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Christoph (Sheogorath) Kern
8bace89cab
Merge pull request #1072 from SISheogorath/update/doctoc
Update doctoc to version 1.4.0
2018-11-24 17:36:16 +01:00
Christoph (Sheogorath) Kern
4856aa2840
Merge pull request #1069 from SISheogorath/fix/to-markdown
Update from to-markdown to turndown
2018-11-24 17:35:53 +01:00
Sheogorath
306c25d8f7
Update doctoc to version 1.4.0
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.

This patch updates to the version containing the new, namespaced,
package.

References:
https://github.com/thlorenz/doctoc/pull/151

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 16:43:26 +01:00
Sheogorath
1091efc259
Remove node-uuid
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.

This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:38:40 +01:00
Sheogorath
33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Christoph (Sheogorath) Kern
2323d203b4
Merge pull request #1063 from SISheogorath/fix/nodeVersion
After removing ws, node version 10 should work
2018-11-21 01:42:35 +01:00
Sheogorath
cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Sheogorath
bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Sheogorath
e3b6bcc5f8
After removing ws, node version 10 should work
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.

As far as I can say, it works, so let's try to remove the restriction to
"<10.x"

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:42:28 +01:00
Christoph (Sheogorath) Kern
6f7fd74b1a
Merge pull request #943 from SISheogorath/feature/improveSetup
Some minor improvements for setup script
2018-11-17 12:42:24 +01:00
Claudius Coenen
858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Sheogorath
c3584770f2
Upgrade winston
Our log library got a new major version which should be implemented.

That's exactly what this patch does. Implementing the new version of the
logging library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 00:47:11 +01:00
Sheogorath
77b2757a16
Upgrade some package versions
`npm audit` reports a ton of issues on CodiMD. Most of them are minor
issues, but these are still things that should be fixed.

This changes were created by running `npm audit fix`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 00:27:53 +01:00
MartB
6bce9ac5bf Fix #1016: webpack include defect for scripts and header files.
Signed-off-by: MartB <mart.b@outlook.de>
2018-10-16 11:40:21 +02:00
Christoph (Sheogorath) Kern
763b000bc6
Merge pull request #985 from SISheogorath/fix/helmetCSP
Add `data:` URL to CSP and upgrade helmet
2018-10-11 00:19:24 +02:00
Sheogorath
1d452a6ed4
Remove dead package octicon
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 23:42:41 +02:00
David Mehren
9f92bba036
Use webpack-merge.
Move html export config to own file.
Delete unnecessary config options.
Use cheap source maps.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
David Mehren
9a2dcd40d3
Rename Webpack config to official recommendation
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Christoph (Sheogorath) Kern
535ee36a26
Merge pull request #993 from SISheogorath/feature/useForkAwesome
Replace font-awesome with fork-awesome
2018-10-09 21:58:15 +02:00
Christoph (Sheogorath) Kern
466dc9bc21
Merge pull request #992 from SISheogorath/fix/maintainer
Fix maintainer and URL in package.json
2018-10-08 01:12:23 +02:00
Sheogorath
9f9c4089be
Add OpenID to CodiMD
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 22:43:32 +02:00
Sheogorath
5212bbf9c4
Replace font-awesome with fork-awesome
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 21:52:08 +02:00
Sheogorath
a006f53dea
Update URL to codimd's own URL
Since we have an own URL we should use it in here, since CodiMD and
HackMD are really drifting away from each other.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:36:45 +02:00
Sheogorath
36117195fa
Add myself as maintainer
Well, since I'm currently the maintainer of CodiMD, I should maybe
mentioned in the package.json, just in case someone is willing to
contact me about it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:35:43 +02:00
Sheogorath
d4a9bb3c7e
Add data: URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 03:04:36 +02:00
Sheogorath
a47d91dbd0
Add development mode for webpack in package.json
Seems like we have to explicitly tell the new webpack version that we
want to use the development environment. This provides us with source
maps and similar.

This patch adds the commandline option in our scripts in package.json

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:34:25 +02:00
Christoph (Sheogorath) Kern
ae8fa41f92
Merge pull request #958 from SISheogorath/fix/uws
Replace `uws` with `ws` package
2018-10-03 16:54:35 +02:00
Christoph (Sheogorath) Kern
edcd8a23ff
Merge pull request #932 from davidmehren/webpack-4
Upgrade to Webpack 4
2018-10-03 16:52:32 +02:00
Sheogorath
da818384af
Update version to 1.2.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 16:24:36 +02:00
Sheogorath
c402abb0a5
Revert "Remove unused dependency"
This reverts commit d2ded08f59.

Seems like the package is used for building the sqlite3 integration.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 13:23:10 +02:00
Sheogorath
d2ded08f59
Remove unused dependency
This dependency where installed, but it seems like they were never used.
Seems like it's a remaining piece from the the prototyping phase of the
project.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 12:42:11 +02:00
Sheogorath
db59bb99dc
Run db migrations on start
We should force db migrations to run on every start. This will minimize
the impact of breaking migrations in future. While it may causes some
issues with the next start since CodiMD won't start when the migrations
fail.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 19:58:55 +02:00
Sheogorath
6b80626dca
Replace uws with ws package
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-18 00:02:23 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
dcb10b0ec9
Upgrade to Webpack 4 - fix CSS import order
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
Sheogorath
b028baf77f
Switch to own, fixed, lz-string version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 12:09:02 +01:00
Sheogorath
53a846bdc5
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 14:15:45 +02:00
Sheogorath
33a4b88dab
Release 1.2.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 19:38:12 +02:00
Sheogorath
a26c142ade
Revert "Update pg"
This reverts commit 4d4163c170.
2018-06-30 17:43:08 +02:00
Sheogorath
f30cc3044a
Update randomcolor
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
4d4163c170
Update pg
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
dea62cf310
Update store
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
1812b1aaca
Update highlight.js
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
565cdc0197
Update xss protection
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
459fe2da07
Update sqlite
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
3f49aee63f
Update shortid
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
0cebeb68d7
Update passport
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
b6e1144627
Update to octicon 4.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
562985a115
Update passport-ldap
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
f51de7f3bb
Update validator
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
fd3733e7d1
Update password-gitlab2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
d8df6e4342
Update minio
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
76b2ba4954
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Ádám Hóka
376fcab2ca Add Azure Blob Storage support
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 10:07:52 +02:00
Sheogorath
6f8bd8fdc9
Fix missing dependency
To export the notes we need the archiver package that takes care of
creating the zip files.

Looks like I forgot this one in the initial commit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-27 15:28:46 +02:00
Sheogorath
a258719d34
Release 1.1.1-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-23 12:01:26 +02:00
Sheogorath
bd46230a7f
Add current requirements for node versions
Right now we can only run on node versions below 10.x thanks to scrypt
dependencies.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-21 23:08:13 +02:00
Sheogorath
af0a6b1d76
Upgrade base64url package
There was recently a possible security problem with base64url. Shouldn't
really hit us but it doesn't hurt.

Details: https://snyk.io/vuln/npm:base64url:20180511

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-17 15:19:24 +02:00
Sheogorath
c4dba48f79
Fix possible file limit errors
As we currently may need higher nofile limits than usual/default on
various systems this commit should probide a fix for that an allow to
build HackMD without highering these limits and increase security.

Inspiration was found in a copy-webpack-plugin-issue[1] and found by
@thegcat[2]. Thanks for that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

[1]:
https://github.com/webpack-contrib/copy-webpack-plugin/issues/59#issuecomment-228563990
[2]: https://github.com/thegcat
2018-04-16 21:08:34 +02:00
Sheogorath
8a3cec73c1
Add config.json.example to npm test
This commit extends the find command to also match the example config
file.

This should validate the syntax or this file to prevent syntax errors
for future pull request.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-14 22:20:35 +02:00
Sheogorath
bdb8631a7b
Release 1.1.0-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 16:24:36 +02:00
Christoph (Sheogorath) Kern
f6df2deb84
Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64
Fix to use url-safe base64 in note url
2018-03-18 15:13:06 +01:00
David Mehren
7904558292
Remove engine.io-client dependency and fix webpack config
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-03-06 14:45:14 +01:00
Max Wu
baa0418fb5 Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Sheogorath
faa839ed3a
Use jq instead of jsonlint
As the jsonlint package from NPM causes problems and looks unmaintained,
it'll be replaced with `jq` a well maintained project which allows to
search through JSON files in a `grep`-like style, but knowing the JSON
structure.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-19 19:50:01 +01:00
Sheogorath
a01b4a843c
Update socket.io to version 2.0.4
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 19:44:32 +01:00
Dario Ernst
9e0359e079 Add simple user-management tool for emailsignin …
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-29 19:49:04 +01:00
Wu Cheng-Han
3c473e60a6 Upgrade reveal.js to 3.6.0 and useCDN option for CSS include 2018-01-29 13:09:52 +08:00
Christoph (Sheogorath) Kern
eec2318bda
Merge pull request #506 from erasys/minio
Add support for minio
2018-01-23 11:43:24 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Sheogorath
40d1d75704
Release 1.0.1-ce 2018-01-19 14:40:15 +01:00
Sheogorath
11a5dd0eb4
Release 1.0.0-ce 2018-01-18 13:03:18 +01:00
Max Wu
1b7d621fd1
Merge pull request #578 from hackmdio/licenseChangeAgreement
License Change Agreement
2017-12-07 06:54:12 +08:00
Norihito Nakae
4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Literallie
3a752fde51
Revert "Load js-url lib using legacy-loader"
Didn't work in Firefox for some reason.

`[Script Loader] ReferenceError: module is not defined`

This reverts commit 5b83deb043.
2017-11-02 17:57:44 +01:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Peter Dave Hello
f896432250 Upgrade mermaid to v7.1.0, fix #600 2017-10-30 00:18:53 +08:00
Sheogorath
94021e2d34 Merge pull request #574 from PeterDaveHello/README.md-Table-of-Contents
Add "Table of Contents" in README.md
2017-10-27 11:51:50 +02:00
Literallie
5b83deb043
Load js-url lib using legacy-loader
Doesn't use eval, plus no window object access
2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Peter Dave Hello
f70d2df1be Add jsonlint script to ensure all json files are valid 2017-10-14 00:19:32 +08:00
Peter Dave Hello
0864b06e0c Integrate npm package "doctoc" to update README.md 2017-10-13 16:21:25 +08:00
Wu Cheng-Han
bee5e2a558 Update license field in package.json 2017-10-13 01:56:13 +08:00
Marc Deop
2c780f53df
Add support for minio 2017-08-30 18:58:34 +02:00
Bryan Davis
723c9d79b6 Use git URLs in package.json
Using the "github:..." form to declare a dependency in package.json
makes npm attempt to install the package using an ssh clone rather than
an https clone. Some deployment environments may not allow ssh access
to external servers which will prevent the clones from succeeding. Using
the "git+https://..." form will clone the same repo from GitHub without
requiring ssh connectivity.
2017-07-01 15:41:56 -06:00
Sheogorath
8acceb28ed
Use non-zero exit codes when build fails 2017-06-03 18:22:37 +02:00
Max Wu
c37b666915 Merge branch 'master' into BackendRefactor 2017-05-14 17:42:14 +08:00
BoHong Li
ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
Yukai Huang
db06a51299 Load statusbar template by string-loader 2017-05-07 20:37:26 +08:00
Wu Cheng-Han
1d51fdaa7c chore(build): Upgrade uws to 0.14.1, other npm version have been removed 2017-03-29 12:43:03 +08:00