Commit graph

186 commits

Author SHA1 Message Date
David Mehren
a6fa562a17
Fix cardinality between Authorship and User in database schema
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:11 +02:00
David Mehren
a38622ea19
Delete superfluous authorship attribute from Revision in the database schema.
Authorships are saved in a separate table, this attribute was probably left over from the old schema.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:11 +02:00
David Mehren
c3af748a52
Fix cardinality between NoteGroupPermission and Group in database schema
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:11 +02:00
David Mehren
2050f5acc2
Update database schema.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:10 +02:00
David Mehren
d0c1c93fba
Add (still incomplete) database schema
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:10 +02:00
David Mehren
574c7d1dd4
Log warnings when using hardcoded data.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:08 +02:00
Bennet Bleßmann
8811ba6dfe
add ldap.starttls to config file docs
Signed-off-by: Bennet Bleßmann <bb-github@t-online.de>
2020-08-05 00:45:38 +02:00
Erik Michelson
7838f9b03a
Added config property for locales
There's a new config property 'localesPath' - pointing to './locales' by default. The path resolution is similar to the docsPath, uploadsPath etc.

Signed-off-by: Erik Michelson <erik@liltv.de>
2020-04-24 19:09:18 +02:00
Sheogorath
4104f9835d
Merge pull request #278 from elespike/master
Add OIDC scopes for email & profile retrieval
2020-04-22 20:56:58 +02:00
Sheogorath
a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
Erik Michelson
c976217c12
Remove mattermost integration
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-02-25 14:33:30 +01:00
Marius
574781ed6e Add environment variables and doc entries
Signed-off-by: Marius <elespike@lab26.net>
2020-02-22 00:16:26 -05:00
Stefan Peters
5ee3213086
Adjust description of CMD_ALLOW_ANONYMOUS_EDITS
`CMD_ALLOW_ANONYMOUS_EDITS` is only applied when `CMD_ALLOW_ANONYMOUS` is `false`, see [here](9c1665ae5b/lib/config/index.js (L71-L73)).

Signed-off-by: Stefan Peters <stefandesu@exo.pm>
2020-02-11 13:32:22 +09:00
Sheogorath
651db60985
Update CDN defaults
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]

There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]

Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.

[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 21:59:17 +01:00
ike
197223dc81 Add Google oauth variable: hostedDomain
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3

Signed-off-by: ike <developer@ikewat.com>
2020-02-08 15:57:22 +08:00
Amolith
412540b8e5 update env docs in reference to #247
Signed-off-by: Amolith <amolith@nixnet.xyz>
2020-01-16 17:25:41 -05:00
Ian Tsai
deb3b94662 Update example config for gitlab authorization
Update example config for gitlab authorization

Signed-off-by: Ian Tsai <b10102016@gmail.com>
2020-01-13 19:30:15 +08:00
Matteo Savatteri
8496baa5b9 [DOC] Run manage_users with NODE_ENV=production set.
`manage_user` script defaults to `development` environment.

Signed-off-by: Matteo Savatteri <matteosavatteri@lcm.mi.infn.it>
2019-12-24 18:02:55 +01:00
Enrico Guiraud
ed2a792886
[DOC] Use npm start, not yarn start to start
`yarn start --production` ignores the `--production` flag,
`npm start --production` does not.

Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
2019-12-20 11:08:40 +01:00
Enrico Guiraud
5c552b81a0
[DOC] Misc improvements to manual setup instructions
Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
2019-12-20 00:26:48 +01:00
Sheogorath
31803d6730
Merge pull request #209 from davidmehren/webpack_docs
Improve webpack dev documentation
2019-10-29 14:18:14 +01:00
David Mehren
b714baa36e
Improve webpack dev documentation
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 20:52:15 +02:00
Jonas Zohren
625f4e336b Replaces npm with yarn commands in docs.
Signed-off-by: Jonas Zohren <jonas.zohren@tu-dortmund.de>
2019-10-25 19:51:13 +02:00
Erik Michelson
ae4d5c619a
Fixed JSON syntax error in api doc example
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-18 10:59:39 +02:00
Erik Michelson
b7c02a901f
Finishing openapi doc
version 1.6.0 is noted as this document already contains the 1.6.0 endpoint /new/alias

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-17 23:26:48 +02:00
Erik Michelson
93ca037a75
WIP: Adding openapi doc
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-15 00:58:40 +02:00
Erik Michelson
447d9bc1d8
Added API-doc as markdown file
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-13 01:34:09 +02:00
Erik Michelson
6110aafc5b
Added link to libravatar.org
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 15:20:09 +02:00
Erik Michelson
efe246f183
Extended login methods section
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 01:48:22 +02:00
Erik Michelson
5a359ab648
Changed Gravatar to Libravatar
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 00:47:22 +02:00
Sheogorath
c765f34d03
Merge pull request #143 from Fonata/improve-docs
Slightly improve documentation
2019-09-02 19:24:04 +03:00
Matthias Lindinger
e07f70c231 Remove useless blank line
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
2019-09-02 13:09:23 +02:00
Matthias Lindinger
eef2b57bde Add documentation for the new imprint feature
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
2019-09-02 13:05:17 +02:00
Christian Bläul
d21ede4df8 Documentation: improved 'Users and Privileges' section
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 12:19:34 +02:00
Christian Bläul
3684c65f10 Documentation: improved English
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 12:14:51 +02:00
Christian Bläul
49663390d1 Not serverurl, but serverURL is used as a default for issuer
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 12:14:24 +02:00
Christian Bläul
ef857a565c Documentation: improved sessionLife description
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 11:56:31 +02:00
Christian Bläul
32f00e9830 Documentation: improved 'Email (local account)' sections
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 11:53:49 +02:00
Christian Bläul
29e1ff7699 Documentation: improved dbURL description
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 11:40:53 +02:00
Christian Bläul
60d6a6a15d Documentation: Improved descriptions of 'Users and Privileges' section
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 10:53:17 +02:00
Christian Bläul
374ee58790 Documentation: converted descriptions to sentences to allow more details
No content was added; this is just a formatting commit.

Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 10:49:03 +02:00
Christian Bläul
305525aa0c Config documentation: Improved spelling and capitalization of services
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 00:03:37 +02:00
Christian Bläul
f49bbf4c45 Documentation of config options: Improve loglevel
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 00:03:29 +02:00
Christian Bläul
c065d45da8 Documentation of config options: Improve db
Signed-off-by: Christian Bläul <christian@blaeul.de>
2019-08-17 00:03:04 +02:00
Salim B
5e7715a4e2
Slightly improve docker-linux-server.md
- fix typo
- add link to PhantomJS
- improve formatting

Signed-off-by: Salim B <salim@posteo.de>
2019-08-01 20:11:55 +02:00
Sheogorath
788d8ca933
Fix some minor quirks in the LinuxServer.io docs
The current documents might end up confusing people and are not
completely accessible. This minor fixes should clear up the situation
and add alt texts to all badges, explain the links at the end of the
docs, and list LinuxServer.io in the supported provider section of the
README.

Some reasoning on the change in the listing:
Since we maintain an own container image which is for sure kept updated
on release, this is our first listing, as well as general solutions that
are build on that image, like the K8s integration.

The next listings are integrated provides which allow self-hosting, like
Cloudron and I also consider LinuxServer.io as this kind of providers.
Which try to enable people to run CodiMD on their own hardware or rented
servers in a very easy way, but by using their own images.

As third category I would look at hosted offers, like Heroku, which are
not completely SaaS but far enough away from the self-hostability that
I consider them as an own category. PaaS-based solutions are not as
FOSS-style as we want our setups to be, but of course still supported.

Finally the manual setup. We keep it down here, because we support it,
but don't recommend it in general. It's hard to upgrade and can cause
problems when dependencies are not correctly updated or people don't run
the db migrations.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-01 20:03:07 +02:00
chbmb
04d26637d6 Add docker image from LinuxServer.io as an install option.
As requested by @SISheogorath [here](https://github.com/linuxserver/docker-codimd/issues/4#issue-454332233) and further to discussion about previous PR [here.](https://github.com/codimd/server/pull/110#issuecomment-501214087)

Signed-off-by: Neil Green <chbmb@linuxserver.io>
2019-06-12 11:46:49 +01:00
Sheogorath
7cdb325e1c
Move DCO into docs section
The DCO currently resides in an own directory creating a pointless
additional click/tab in order to reach end read it. It also just
clutteres the directory structure of the project.

Therefore this patch provides moves the DCO into an own legal section in
the docs directory, which is hopefully a more reasonable place.

This section can also be extended in future in order to host other legal
documents as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-10 17:35:36 +02:00
Claudius Coenen
8d576895ea
mentioning the node 6 deprecation along with the migration guide
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-31 15:16:24 +02:00
Sheogorath
6c62efae2a
Add config for toobusy middleware
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.

This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-25 21:08:38 +02:00
Claudius
806ebe6e1a drop node 6 support
We will no longer test on node6 and instead focus on 8+. This won't
break node6 immediately, but we will no longer go out of our way
supporting a version that does not receive security updates.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Simon Fish
d1fbf63291 Improve documentation
Signed-off-by: Simon Fish <si@mon.fish>
2019-05-06 17:15:07 +01:00
Simon Fish
335065cba9 Provide documentation for configuration with Keycloak
Signed-off-by: Simon Fish <si@mon.fish>
2019-05-06 17:15:07 +01:00
Mauricio Robayo
d4ac3fdd5f Add name of directory to clone into
Signed-off-by: Mauricio Robayo <rfmajo@gmail.com>
2019-05-05 19:28:30 -05:00
Claudius
32d3b914b2 fixing manual upgrade instructions and completing requirements
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-15 22:25:06 +02:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Emmanuel Ormancey
df53f465c0
Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2019-04-06 17:54:58 +02:00
Claudius
a140bff47e minor fixes to internal links in documentation 2019-04-01 09:42:33 +02:00
Claudius
33b22cf26f breaking up config docs into sections
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:16:24 +02:00
Claudius
54edec8900 striving for consistency across various docs
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
74fdd26ea0 integrating information from the old wiki
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
edf301cfa3 splitting README.md into files in /docs for better readability
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Sheogorath
982a12f569
Fix some remaining references to the old repository
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-28 22:45:57 +01:00
Sheogorath
7cde6958f3
Update links to new repositories
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.

Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27 19:31:34 +01:00
Felix Yan
1ccadec5a3 Fix several typos in auth/saml.md
Signed-off-by: Felix Yan <felixonmars@archlinux.org>
2019-02-15 04:14:17 +08:00
Daan Sprenkels
1f8e8b476f Add an etherpad migration guide
In this guide I share how a migration from etherpad to codimd can
be done. I am not completely sure if the script that is included is
completely error-free. Readers/reviewers should be aware that there
may be bugs.may be bugs.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-11-10 23:48:03 +01:00
David Mehren
ea027c9b19
Add dev-docs for webpack.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Claudius Coenen
a10f551023 How to use Nextcloud as OAuth2 Provider for CodiMD
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-10-04 11:06:33 +02:00
Christoph (Sheogorath) Kern
7ea2c3b55f
Merge pull request #974 from mcnesium/patch-1
fix image paths
2018-10-03 19:14:36 +02:00
mcnesium
ac95c4e442 fix image paths in moved GitLab auth guide
Signed-off-by: mcnesium <git@mcnesium.com>
2018-09-30 11:09:01 +02:00
Sheogorath
3122e351cd
Add documentation for an LDAP setup against Active Directory
Since our documentation on our LDAP configs is quite small, I add this
example for LDAP in an Active Directory environment.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-26 19:13:07 +02:00
Ondřej Slabý
6ce7b20a7f Add an auth provider guide for Mattermost
Signed-off-by: Ondřej Slabý <kron258@gmail.com>
2018-08-28 11:00:00 +02:00
Sheogorath
20b75a4924
Add docs for usage of terms and privacy policy
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-27 23:44:32 +02:00
Sheogorath
97a08e7954
Add note about renaming to docs
It's way easier to add a note to the guides than to redo all the images,
etc. We have more important things to spend our time on, but if someone
wants to redo them, you are very welcome!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 14:06:32 +02:00
Sheogorath
3251bcbadc
Split authentication guides into multiple documents
Splitting the documentation should provide an easier access to the
documentation people searching for and result in less merge conflicts
when adding new documentation here.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-01 14:36:33 +02:00
mcnesium
18d2bbb5f3 Add documentation for setting up authentication with a self-hosted GitLab
Signed-off-by: mcnesium <git@mcnesium.com>
2018-03-27 17:51:59 +02:00
Robin Naundorf
e547664727 Fix small typo
Signed-off-by: Robin Naundorf <r.naundorf@fh-muenster.de>
2018-03-05 09:06:37 +01:00
Sheogorath
bd92010dd2
Remove camel case from imageuploadtype in config
This removes the only camel cased option of the config options
**we** added to the config.json.

In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.

Fixes #315

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath
a99467f006
Add minio guide
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-23 11:48:00 +01:00
Norihito Nakae
2db2ff484f added guide for SAML settings 2017-12-04 20:13:15 +09:00
Devon Jue
8c916bb987 added auth docs and images for GitHub and Twitter 2017-11-08 21:20:50 -08:00
Johannes Weißl
89a2389586 Correct documentation of S3 bucket
Documentation added in aaf034b on Nov 17th 2016 says the S3 bucket can
be specified with `s3.bucket`, but commit c8bcc4c (#285) on Dec 18th
2016 used `s3bucket`. Instead of fixing the code (#552) to match the
documentation this commit changes just the documentation so that
existing configurations are not broken. Also, the `s3` object is passed
as is to `AWS.S3()`, which does not know the option `bucket` (but
silently ignores it in my test).

http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property

Following the old documentation leads to this exception:

    2017-09-23T09:42:38.079Z - error:  MissingRequiredParameter: Missing required key 'Bucket' in params
        at ParamValidator.fail (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:50:37)
        at ParamValidator.validateStructure (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:61:14)
        at ParamValidator.validateMember (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:88:21)
        at ParamValidator.validate (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:34:10)
        at Request.VALIDATE_PARAMETERS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:125:42)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
        at callNextListener (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:95:12)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:85:9
        at finish (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:315:7)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:333:9
        at Credentials.get (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/credentials.js:126:7)
        at getAsyncCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:327:24)
        at Config.getCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:347:9)
        at Request.VALIDATE_CREDENTIALS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:80:26)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:101:18)
        at Request.emit (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
2017-09-23 18:28:57 +02:00
Yukai Huang
aaf034bfbc Update README 2016-11-17 18:27:53 +08:00
Yukai Huang
1f409197c3 Fix order list 2016-11-16 14:46:38 +08:00
Yukai Huang
7830184993 Create s3 config guide 2016-11-16 14:27:18 +08:00