Commit graph

99 commits

Author SHA1 Message Date
Sheogorath
d939de17df
Fix CSP for disqus and Google Analytics
This commit should fix existing problems with Disqus and Google
Analytics enabled in the meta-yaml section of a note.

Before this commit they were blocked by the strict CSP. It's still
possible to disable the added directives using `addDisqus` and
`addGoogleAnalytics` in the `csp` config section.

They are enabled by default to prevent breaking changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-30 16:33:52 +02:00
Sheogorath
2411dffa2c
Change config to camel case with backwards compatibility
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Max Wu
baa0418fb5 Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Max Wu
15ef54c2dc Fix to show 500 message when got error in parseNoteId
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-17 00:57:00 +08:00
Sheogorath
e44751b3f1
Fix ldap provider name in template
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 10:46:22 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Christoph (Sheogorath) Kern
268c81a323
Merge pull request #673 from fooker/master
Allow posting new note with content
2018-01-20 19:45:41 +01:00
Dario Ernst
6ae4b8bf13 Add option to enable freely permission in closed instance
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Dustin Frisch
f47601857e
Allow posting new note with content
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-01-18 10:41:58 +01:00
Peter Dave Hello
76873d3f7e Fix file permission, remove useless executable 2017-12-14 05:05:18 +08:00
Norihito Nakae
4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Sheogorath
8808399c48
Fix mattermost breaking notes 2017-10-31 13:48:35 +01:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
geekyd
f7d2ef970a Adds 403 response if PDF export is disabled 2017-10-25 19:21:34 +05:30
geekyd
d63e6780eb Adds PDF export via config 2017-10-25 19:19:37 +05:30
Literallie
080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Wu Cheng-Han
ca95901204 Fix slide might not provide slideOptions meta 2017-06-05 01:12:40 +08:00
butlerx
c531d96f66
check if reveal theme exists 2017-06-01 10:12:40 +01:00
butlerx
e5834c077f
add the ability to set slide theme in slide options 2017-05-31 23:28:43 +01:00
BoHong Li
ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
BoHong Li
5870d988b5 Use strict mode in all backend files
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li
4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
Wu Cheng-Han
1473437295 Refactor checkViewPermission to fix limited & protected permission check bug and fix code style 2017-01-16 23:47:53 +08:00
Wu Cheng-Han
3c0667813c Fix missing config in hackmd response 2017-01-16 12:41:34 +08:00
Sheogorath
747629e549 Add allowemailregister option 2017-01-12 13:54:45 +01:00
Max Wu
a8068d38d5 Merge pull request #313 from elct9620/feature/disable_anonymous_view
WIP: Add options to limit anonymous view note
2017-01-10 20:23:47 +08:00
蒼時弦也
89b8ddeaba Add limited and protected permission 2017-01-10 10:02:37 +08:00
蒼時弦也
c21fb8e2a0 Recovery tariling spaces 2017-01-10 09:35:21 +08:00
蒼時弦也
f8e5b54767 Remove temporary change 2017-01-10 09:32:44 +08:00
Max Wu
b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
蒼時弦也
1fbecbb03d Fix anonymouse view permission check 2017-01-05 23:37:10 +08:00
蒼時弦也
aaf1ff4b2f Add limit for constrain anonymous view note 2017-01-05 22:36:40 +08:00
Wu Cheng-Han
c1b5e74cf9 Fix and refactor extracting content using metaMarked directly might lead in invalid object 2017-01-04 23:57:16 +08:00
Wu Cheng-Han
10a8448c6a Fix yaml metadata description not able to show 2017-01-02 11:13:41 +08:00
Wu Cheng-Han
f6d8e3ab00 Remove LZString compression for data storage 2017-01-02 10:59:53 +08:00
Florian Rhiem
fdea226159 Fixed typo: anonmyous 2016-12-21 14:36:54 +01:00
Wu Cheng-Han
5bb3de2675 Add support of allow free url config option with correspond modifications 2016-12-16 15:38:05 +08:00
Wu Cheng-Han
5c7eb48319 Add support of allow anonymous config option with correspond modifications 2016-12-15 14:11:23 +08:00
alecdwm
02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han
a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Wu Cheng-Han
71a356552f Update to auto generate meta description based on content in publish note and slide 2016-11-26 23:04:29 +08:00
Wu Cheng-Han
9d4ede4cff Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue] 2016-11-26 22:55:31 +08:00
Wu Cheng-Han
f86a9e0c4b Fix slide might trigger script when processing markdown which cause XSS [Security Issue] 2016-11-26 22:46:08 +08:00
Wu Cheng-Han
1d2a9826af Update to improve history api error and bad request handling 2016-10-10 20:52:31 +08:00
Wu Cheng-Han
55ac4dcccb Update to allow CORS as API on revision actions 2016-10-10 20:33:48 +08:00
Wu Cheng-Han
3175616573 Update to support showing owner on the infobar 2016-10-10 20:32:20 +08:00
Wu Cheng-Han
0470a266fd Update to prevent caching and crawling status 2016-09-18 16:23:56 +08:00
Wu Cheng-Han
87f4d05e8e Update to use proper way to render view and fix upload image error should response with code 2016-08-19 11:31:23 +08:00
Wu Cheng-Han
4d7c3d2120 Add info api for note 2016-08-19 11:24:36 +08:00