HedgeDoc 1.9.x bundles Mermaid version 9.1.7, which
is old enough that current Mermaid syntax will fail to
render inside HedgeDoc notes.
Add a pointer to Mermaid 9.1.7 docs, so users of the
current stable HedgeDoc know what's actually supported.
https://github.com/mermaid-js/mermaid/blob/v9.1.7/docs/n00b-gettingStarted.md
Signed-off-by: Jordi Mallach <jordi@igalia.com>
After carefully studying the man pages of GNU sort and BSD sort,
we concluded that the version_lt function should also work on macOS.
Testing seemed to confirm that.
Signed-off-by: David Mehren <git@herrmehren.de>
I really don't know why this breaks only in a production build, but this
evil
hack makes the script work again.
Closes https://github.com/hedgedoc/hedgedoc/issues/3862
Signed-off-by: David Mehren <git@herrmehren.de>
Connection forbidden errors cause cleanup of note state without first
checking if other clients are still connected to the note. This leads
to inconsistent pad content and changes not being saved properly.
This change reverts parts of 725e982 (Fix realtime on forbidden not clean
up properly ...). The call to `interruptConnection()` on permission errors
is redundant, since `failConnection()` and `disconnect()` already perform
all required cleanup in this case. The other call to `interruptConnection()`
only happens when a client (the first client for a note) disconnects while
the note is being loaded from the database. It is refactored for clarity.
Fixes#3894
Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Julian Rother <julian@jrother.eu>
This endpoint returns the internal readiness state used by
the realtime code to indicate whether HedgeDoc is performing
properly. As it only returns the state of a variable, it is
less resource hungry compared to a call to /status for
checking the health of HedgeDoc.
By prepending the route with an underscore, it should not be conflicting with already created pads in FreeURL mode.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
It can be a security concern in some environments to expose system
capabilities even though they don't expose any PII. Add some
flags (defaulted `true` to maintain existing behaviour) to control
whether the /metrics and /status (and anything in the StatusRouter)
are exposed.
Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
In e17cc644 the Webpack build process for CodeMirror was changed.
For unknown reasons, not all plugins and modes were added.
This adds all plugins currently enabled in
https://github
.com/hedgedoc/CodeMirror/blob/951b3d94bb5ad9ac7b44642adbe595e843390506/release.sh
Signed-off-by: David Mehren <git@herrmehren.de>
The markdown for the publish-view is generated
using the `Note.extractMeta` method.
It uses meta-marked to separate the metadata from markdown.
Only the raw markdown is then sent to the client,
so it cannot respect the `breaks` option.
This adds an evil hack to send the `breaks` option with the markdown
if it is contained in the metadata block.
Fixes https://github.com/hedgedoc/hedgedoc/issues/2358
Signed-off-by: David Mehren <git@herrmehren.de>
When using mysql the normal text attribute has a fixed size. When this size is reached then the json will be cut off and becomes invalid.
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
Since https://github.com/vesse/node-ldapauth-fork/commit
/741a648df98d789856b3301d65103b74872fdeea, ldapauth-fork calls `push` on
the attributes array.
Since we deep-freeze our config object in https://github
.com/hedgedoc/hedgedoc/blob/master/lib/config/index.js#L200, this
causes a crash.
This commit fixes the crash by creating a mutable clone of the LDAP
config and passing that to the LDAP strategy.
Fixes https://github.com/hedgedoc/hedgedoc/issues/2561
Signed-off-by: David Mehren <git@herrmehren.de>
This patch removes the call of `/usr/bin/env` when calling the migration
script in favour of using the processes own nodejs invocation path.
This should drop the requirement for `/usr/bin/env` to exist on a
system/in a container that runs hedgedoc.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The hex2rgb function seems to previously have been available globally.
It probably got lost in the great Webpack refactoring and nobody noticed
that.
This copies the function into its own file (to make importing it easy)
and adds an import in index.js.
Fixes https://github.com/hedgedoc/hedgedoc/issues/2248
Signed-off-by: David Mehren <git@herrmehren.de>
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.
Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>