Commit graph

2308 commits

Author SHA1 Message Date
Jonas Zohren
625f4e336b Replaces npm with yarn commands in docs.
Signed-off-by: Jonas Zohren <jonas.zohren@tu-dortmund.de>
2019-10-25 19:51:13 +02:00
Sheogorath
20a67e3446
Update yarn.lock 2019-10-23 21:21:35 +02:00
Sheogorath
7a27579589
Merge pull request #205 from hoijui/linkifyHeaderStyle
Allow to generate lower case header references through the config
2019-10-23 21:18:57 +02:00
Sheogorath
3db757754f
Merge pull request #206 from SISheogorath/fix/CVE-2019-15499
Don't accept sandbox attribute
2019-10-22 19:30:23 +02:00
RyotaK
8494f6a085
Don't accept sandbox attribute
Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default.

Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
2019-10-22 12:04:12 +02:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:05:37 +02:00
hoijui
20adab2f32 slight doc comment touch-up/simplification [minor]
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:02:40 +02:00
Sheogorath
145285abf6
Merge pull request #200 from ErikMichelson/docs/api
Add API documentation (#172)
2019-10-20 13:11:37 +02:00
Erik Michelson
ae4d5c619a
Fixed JSON syntax error in api doc example
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-18 10:59:39 +02:00
Erik Michelson
b7c02a901f
Finishing openapi doc
version 1.6.0 is noted as this document already contains the 1.6.0 endpoint /new/alias

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-17 23:26:48 +02:00
Erik Michelson
93ca037a75
WIP: Adding openapi doc
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-15 00:58:40 +02:00
Erik Michelson
447d9bc1d8
Added API-doc as markdown file
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-13 01:34:09 +02:00
Sheogorath
ce99a79352
Merge pull request #199 from SISheogorath/fix/opengraph
Fix broken error template due to missing opengraph
2019-10-12 19:48:09 +02:00
Sheogorath
7e5bb8a24b
Fix broken error template due to missing opengraph
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:

```
ReferenceError: /codimd/public/views/error.ejs:5
    3|
    4| <head>
 >> 5|     <%- include codimd/head %>
    6|     <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
    7| </head>
    8|
/codimd/public/views/codimd/head.ejs:7
    5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
    6| <meta name="mobile-web-app-capable" content="yes">
 >> 7| <% for (var og in opengraph) { %>
    8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
    9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
    10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
    at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
    at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
    at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
    at View.render (/codimd/node_modules/express/lib/view.js:135:8)
    at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
    at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
    at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
    at responseError (/codimd/lib/response.js:57:20)
    at Object.errorNotFound (/codimd/lib/response.js:30:5)
    at newNote (/codimd/lib/response.js:134:76)
    at /codimd/lib/response.js:172:16
    at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
    at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
    at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
    at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
    at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)

```

The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-11 17:03:09 +02:00
Sheogorath
cd34a8c702
Merge pull request #191 from ErikMichelson/feature/ogmetadata
Add customizable opengraph metadata for notes (see #40)
2019-10-10 14:55:34 +02:00
Sheogorath
3255649917
Merge pull request #192 from MartinTuroci/master
Add Slovak locale
2019-10-10 11:25:48 +02:00
Sheogorath
1fefdd893f
Merge pull request #194 from codimd/snyk-fix-27d859743049494e0baa12ce95beef65
[Snyk] Fix for 1 vulnerabilities
2019-10-10 11:23:16 +02:00
snyk-bot
72f74b1b23 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
2019-10-10 05:32:44 +00:00
Erik Michelson
f26f48793f
Fixed bugs, added default image
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-09 23:01:43 +02:00
Sheogorath
344c868f28 Update ar.json (POEditor.com) 2019-10-08 17:05:45 +02:00
Sheogorath
766d112b50 Update pl.json (POEditor.com) 2019-10-08 17:05:43 +02:00
Sheogorath
ee1b47d4ae Update id.json (POEditor.com) 2019-10-08 17:05:42 +02:00
Sheogorath
7a87d6236e Update de.json (POEditor.com) 2019-10-08 17:05:40 +02:00
Sheogorath
ef018ca60d Update en.json (POEditor.com) 2019-10-08 17:05:38 +02:00
Sheogorath
588ee8301c Update zh-TW.json (POEditor.com) 2019-10-08 17:05:37 +02:00
Martin Turoci
c1f629161b Slovak locale
Signed-off-by: Martin Turoci <martinturoci@gmail.com>
2019-10-05 22:32:47 +02:00
Sheogorath
7c78e29e2a
Merge pull request #189 from PetrTodorov/master
Added Czech translation
2019-10-05 13:31:39 +02:00
Sheogorath
09cf1057ef
Merge pull request #187 from Amolith/master
remove legacy code to solve #58
2019-10-05 13:30:38 +02:00
Erik Michelson
8f61d840de
Added documentation for opengraph metadata
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:58:02 +02:00
Erik Michelson
2881f8211a
Added customizable og-metadata to notes
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:49:45 +02:00
Erik Michelson
116bd7230c
Added og-metadata to index page
- image and URL properties are only included if
 the server url is set, because opengraph
 protocol does not support relative links

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 11:04:58 +02:00
PetrTodorov
f0a8ff5eb3 Added Czech translation
Signed-off-by: PetrTodorov <info@petrtodorov.cz>
2019-10-03 23:02:03 +02:00
Amolith
71e900e9e8
remove unused variable to pass ci testing - #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 09:24:46 -04:00
Amolith
e6eab33e2d
remove legacy code to solve #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 08:39:51 -04:00
Sheogorath
7182fecf5b
Merge pull request #186 from codimd/snyk-fix-67ec214d52c0e9b5cf1620e19ace6b1a
[Snyk] Fix for 1 vulnerabilities
2019-09-30 12:59:37 +02:00
snyk-bot
511873e58a fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-09-30 05:32:48 +00:00
Sheogorath
494ff49503
Merge pull request #185 from codimd/snyk-fix-905c5c88626d5047fb1568d93ce366ca
[Snyk] Fix for 1 vulnerabilities
2019-09-26 13:49:50 +02:00
Sheogorath
e313b47b92
Merge pull request #170 from ErikMichelson/post-note-url
Added endpoint for note-creation with given alias
2019-09-26 12:20:57 +02:00
snyk-bot
0185add27f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-09-26 05:32:43 +00:00
Sheogorath
7f69ec5bca
Merge pull request #180 from ErikMichelson/fix/trailingSlashRedirect
Fixed #179 (redirect loop with a trailing slash)
2019-09-18 22:59:43 +02:00
Erik Michelson
9e1cc2159f
Updated forbiddenNoteIDs
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:54:08 +02:00
Erik Michelson
4d62e6b0b5
Fixed #179 (redirect loop with a trailing slash)
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:18:22 +02:00
Sheogorath
110eef691e
Merge pull request #173 from ErikMichelson/docs
Extended config.js documentation on login methods and libravatar
2019-09-18 21:36:19 +02:00
Sheogorath
10a6e7c816
Merge pull request #176 from SISheogorath/docs/security
Add security note to repository
2019-09-12 21:35:19 +02:00
Sheogorath
42d42d5b6f
Add security note to repository
In order to simplify the communication with security researcher and
allow reporting of issues, this document should provide a rough idea
about:

1. What versions are supported
2. Who to contact
3. How to send findings properly secured
4. What to expect from an approved security issue
5. What if it's not considered a security issue

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-09-10 14:11:23 +02:00
Erik Michelson
6110aafc5b
Added link to libravatar.org
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 15:20:09 +02:00
Erik Michelson
efe246f183
Extended login methods section
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 01:48:22 +02:00
Erik Michelson
5a359ab648
Changed Gravatar to Libravatar
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-09 00:47:22 +02:00
Sheogorath
c6e4f3757e
Merge pull request #171 from soulchild/master
Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
2019-09-07 20:26:54 +02:00
Tobias Kremer
ea3c824978 Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
2019-09-06 10:42:30 +02:00