Commit graph

2504 commits

Author SHA1 Message Date
RyotaK
8494f6a085
Don't accept sandbox attribute
Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default.

Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
2019-10-22 12:04:12 +02:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:05:37 +02:00
hoijui
20adab2f32 slight doc comment touch-up/simplification [minor]
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:02:40 +02:00
Sheogorath
145285abf6
Merge pull request #200 from ErikMichelson/docs/api
Add API documentation (#172)
2019-10-20 13:11:37 +02:00
Erik Michelson
ae4d5c619a
Fixed JSON syntax error in api doc example
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-18 10:59:39 +02:00
Erik Michelson
b7c02a901f
Finishing openapi doc
version 1.6.0 is noted as this document already contains the 1.6.0 endpoint /new/alias

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-17 23:26:48 +02:00
Erik Michelson
93ca037a75
WIP: Adding openapi doc
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-15 00:58:40 +02:00
Erik Michelson
447d9bc1d8
Added API-doc as markdown file
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-13 01:34:09 +02:00
Sheogorath
ce99a79352
Merge pull request #199 from SISheogorath/fix/opengraph
Fix broken error template due to missing opengraph
2019-10-12 19:48:09 +02:00
Sheogorath
7e5bb8a24b
Fix broken error template due to missing opengraph
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:

```
ReferenceError: /codimd/public/views/error.ejs:5
    3|
    4| <head>
 >> 5|     <%- include codimd/head %>
    6|     <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
    7| </head>
    8|
/codimd/public/views/codimd/head.ejs:7
    5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
    6| <meta name="mobile-web-app-capable" content="yes">
 >> 7| <% for (var og in opengraph) { %>
    8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
    9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
    10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
    at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
    at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
    at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
    at View.render (/codimd/node_modules/express/lib/view.js:135:8)
    at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
    at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
    at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
    at responseError (/codimd/lib/response.js:57:20)
    at Object.errorNotFound (/codimd/lib/response.js:30:5)
    at newNote (/codimd/lib/response.js:134:76)
    at /codimd/lib/response.js:172:16
    at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
    at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
    at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
    at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
    at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)

```

The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-11 17:03:09 +02:00
Sheogorath
cd34a8c702
Merge pull request #191 from ErikMichelson/feature/ogmetadata
Add customizable opengraph metadata for notes (see #40)
2019-10-10 14:55:34 +02:00
Sheogorath
3255649917
Merge pull request #192 from MartinTuroci/master
Add Slovak locale
2019-10-10 11:25:48 +02:00
Sheogorath
1fefdd893f
Merge pull request #194 from codimd/snyk-fix-27d859743049494e0baa12ce95beef65
[Snyk] Fix for 1 vulnerabilities
2019-10-10 11:23:16 +02:00
snyk-bot
72f74b1b23 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
2019-10-10 05:32:44 +00:00
Erik Michelson
f26f48793f
Fixed bugs, added default image
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-09 23:01:43 +02:00
Sheogorath
344c868f28 Update ar.json (POEditor.com) 2019-10-08 17:05:45 +02:00
Sheogorath
766d112b50 Update pl.json (POEditor.com) 2019-10-08 17:05:43 +02:00
Sheogorath
ee1b47d4ae Update id.json (POEditor.com) 2019-10-08 17:05:42 +02:00
Sheogorath
7a87d6236e Update de.json (POEditor.com) 2019-10-08 17:05:40 +02:00
Sheogorath
ef018ca60d Update en.json (POEditor.com) 2019-10-08 17:05:38 +02:00
Sheogorath
588ee8301c Update zh-TW.json (POEditor.com) 2019-10-08 17:05:37 +02:00
Martin Turoci
c1f629161b Slovak locale
Signed-off-by: Martin Turoci <martinturoci@gmail.com>
2019-10-05 22:32:47 +02:00
Sheogorath
7c78e29e2a
Merge pull request #189 from PetrTodorov/master
Added Czech translation
2019-10-05 13:31:39 +02:00
Sheogorath
09cf1057ef
Merge pull request #187 from Amolith/master
remove legacy code to solve #58
2019-10-05 13:30:38 +02:00
Erik Michelson
8f61d840de
Added documentation for opengraph metadata
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:58:02 +02:00
Erik Michelson
2881f8211a
Added customizable og-metadata to notes
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:49:45 +02:00
Erik Michelson
116bd7230c
Added og-metadata to index page
- image and URL properties are only included if
 the server url is set, because opengraph
 protocol does not support relative links

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 11:04:58 +02:00
PetrTodorov
f0a8ff5eb3 Added Czech translation
Signed-off-by: PetrTodorov <info@petrtodorov.cz>
2019-10-03 23:02:03 +02:00
Amolith
71e900e9e8
remove unused variable to pass ci testing - #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 09:24:46 -04:00
Amolith
e6eab33e2d
remove legacy code to solve #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 08:39:51 -04:00
Sheogorath
7182fecf5b
Merge pull request #186 from codimd/snyk-fix-67ec214d52c0e9b5cf1620e19ace6b1a
[Snyk] Fix for 1 vulnerabilities
2019-09-30 12:59:37 +02:00
snyk-bot
511873e58a fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-09-30 05:32:48 +00:00
Sheogorath
494ff49503
Merge pull request #185 from codimd/snyk-fix-905c5c88626d5047fb1568d93ce366ca
[Snyk] Fix for 1 vulnerabilities
2019-09-26 13:49:50 +02:00
Sheogorath
e313b47b92
Merge pull request #170 from ErikMichelson/post-note-url
Added endpoint for note-creation with given alias
2019-09-26 12:20:57 +02:00
snyk-bot
0185add27f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-09-26 05:32:43 +00:00
Sheogorath
7f69ec5bca
Merge pull request #180 from ErikMichelson/fix/trailingSlashRedirect
Fixed #179 (redirect loop with a trailing slash)
2019-09-18 22:59:43 +02:00
Erik Michelson
9e1cc2159f
Updated forbiddenNoteIDs
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:54:08 +02:00
Erik Michelson
4d62e6b0b5
Fixed #179 (redirect loop with a trailing slash)
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:18:22 +02:00
Sheogorath
110eef691e
Merge pull request #173 from ErikMichelson/docs
Extended config.js documentation on login methods and libravatar
2019-09-18 21:36:19 +02:00
Sheogorath
10a6e7c816
Merge pull request #176 from SISheogorath/docs/security
Add security note to repository
2019-09-12 21:35:19 +02:00
Sheogorath
42d42d5b6f
Add security note to repository
In order to simplify the communication with security researcher and
allow reporting of issues, this document should provide a rough idea
about:

1. What versions are supported
2. Who to contact
3. How to send findings properly secured
4. What to expect from an approved security issue
5. What if it's not considered a security issue

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-09-10 14:11:23 +02:00
Erik Michelson
6110aafc5b
Added link to libravatar.org
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 15:20:09 +02:00
Erik Michelson
efe246f183
Extended login methods section
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 01:48:22 +02:00
Erik Michelson
5a359ab648
Changed Gravatar to Libravatar
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 00:47:22 +02:00
Sheogorath
c6e4f3757e
Merge pull request #171 from soulchild/master
Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
2019-09-07 20:26:54 +02:00
Tobias Kremer
ea3c824978 Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
2019-09-06 10:42:30 +02:00
Erik Michelson
6e5e6696ad
Refactored note-creation with given noteId
Known bugs/features:
 - pushing towards an existing note results in an error 500

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 20:25:32 +02:00
Erik Michelson
8d29d74b02 Added endpoint for note-creation with given alias
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 12:28:44 +02:00
Sheogorath
529075fd67
Merge pull request #168 from dargmuesli/fix/docker-secret-buffer
Config: Return String Instead Of Buffer For Docker Secrets
2019-09-03 18:11:47 +02:00
Jonas Thelemann
0be784351d
Docker Secrets: Use Encoding Parameter Directly
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 17:58:58 +02:00