Commit graph

187 commits

Author SHA1 Message Date
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
e5f03fe135
Add dirty workaround for speakers view inline script 2017-10-22 00:03:46 +02:00
Literallie
2b2b8d6d1d
Allow any connect-src in CSP
Managing these for all the integrations seems like a lot of effort
2017-10-22 00:03:46 +02:00
Literallie
d51da8c12c
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
2017-10-22 00:03:46 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Literallie
996cb37991
CSP: Workaround for ws:// protocol
The spec allows wss:// for 'self', but not ws:// :(
2017-10-22 00:03:45 +02:00
Literallie
4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Literallie
5d2d3ec875
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie
ba183ce654
Add basic CSP support 2017-10-22 00:03:44 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Wu Cheng-Han
c8d3951d32 Add support of Danish locale 2017-06-11 15:52:04 +08:00
Wu Cheng-Han
cceb5b1a26 Fix import module name typo in app.js 2017-05-08 20:35:51 +08:00
Raccoon Li
d79997808a fix(imageRouter): import missing dependency: getImageMimeType 2017-05-08 20:04:05 +08:00
BoHong Li
60ca6ed56c refactor: Rename checkURiVaild to checkURIValid to fit coding standard 2017-05-08 19:29:07 +08:00
BoHong Li
3919d4fc0e fix(app.js): Change config.maintenance to realtime.maintenance 2017-05-08 19:29:07 +08:00
BoHong Li
ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
4738ba7d36 fix: Add 'use strict' on app.js 2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
BoHong Li
d88502e331 refactor(app.js): Move passport serialize and deserialize to auth module 2017-05-08 19:29:06 +08:00
BoHong Li
7ef17fd4e6 refactor(app.js): Extract tooBusy 2017-05-08 19:29:06 +08:00
BoHong Li
768943002c refactor(app.js): Extract upload image 2017-05-08 19:29:06 +08:00
BoHong Li
d90bd6da31 fix(app.js): Fixed typo 2017-05-08 19:24:38 +08:00
BoHong Li
689bade730 refactor(app.js): Extract note action 2017-05-08 19:24:38 +08:00
BoHong Li
e2ac73f5a3 refactor(app.js): Extract /me page 2017-05-08 19:24:38 +08:00
BoHong Li
e3fde01e3a refactor(app.js): Remove unused modules 2017-05-08 19:24:38 +08:00
BoHong Li
706df11e23 refactor(app.js): Extract history api 2017-05-08 19:24:38 +08:00
BoHong Li
c99ae8e1f8 refactor(app.js): Remove unused import modules 2017-05-08 19:24:38 +08:00
BoHong Li
69a9f7ca38 refactor(app.js, auth.js): Extract all auth method to individual modules 2017-05-08 19:24:38 +08:00
BoHong Li
766022378a refactor(app.js): Extract status pages 2017-05-08 19:24:37 +08:00
BoHong Li
66c68254b4 refactor(app.js): Extract index, 403, 404, 500 pages 2017-05-08 19:24:37 +08:00
BoHong Li
9f1f16c8e3 refactor(app.js): Extract urlencodedParser to utils module 2017-05-08 19:24:37 +08:00
BoHong Li
dee77c459a refactor(app.js): Extract middleware to module
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li
7ba0d600f1 fix(app.js): Stream log
use logger instead of logger.stream
2017-05-08 19:24:37 +08:00
LluisArevalo
6e277100ca Add reference to utils library 2017-05-08 10:52:30 +02:00
LluisArevalo
03ef1bf4f0 Add Content-Type to the images uploaded to AWS S3 2017-05-08 10:22:52 +02:00
Wu Cheng-Han
dde6e622a4 Fix front-end constants generation not getting config properly 2017-03-23 20:00:48 +08:00
Wu Cheng-Han
011d043b2a Update to indicate version in status API header 2017-03-22 23:44:09 +08:00
Wu Cheng-Han
e751684aa3 Update to print info on exit term signals handled 2017-03-22 15:31:39 +08:00
Wu Cheng-Han
0bcd83576f Update to handle SIGQUIT 2017-03-22 15:26:35 +08:00
Wu Cheng-Han
7989b89591 Add support of Catalan locale 2017-03-20 14:52:25 +08:00
Wu Cheng-Han
19a64f6b06 Fix typo and possible wrong value on provider is false on generating front-end constants 2017-03-20 01:54:44 +08:00
Wu Cheng-Han
448b006194 Update to generate front-end constants on server startup
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han
506a381eca Add config option for gitlab api scope and auto adapt gitlab snippet feature on it 2017-03-14 18:04:23 +08:00
BoHong Li
4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
NV
90c83ebd5b Fix image path problem when using filesystem backend 2017-02-09 14:07:36 +09:00
Wu Cheng-Han
92ad67b813 Update to remove history cache to lower application coupling 2017-02-03 21:39:08 +08:00
Jan Kunzmann
20dc3127b1 Handle SIGTERM the same way SIGINT is handled 2017-01-20 02:13:09 +01:00
Max Wu
4851098477 Merge pull request #317 from SISheogorath/master+allowEmailRegister
Add `allowemailregister` option
2017-01-12 23:37:28 +08:00
Sheogorath
747629e549 Add allowemailregister option 2017-01-12 13:54:45 +01:00
Wu Cheng-Han
fc788e805e Fix SIGINT checkClean should only log error instead throw error 2017-01-12 17:17:01 +08:00
Max Wu
b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
James Stephenson
ec1ae8c6b5 Added Esperanto translation
Translation by Jonathan Powell and James Stephenson
2016-12-30 22:02:57 -05:00
knjcode
a2fbb3add9 Fix URL concatenation 2016-12-27 12:46:07 +09:00
S.Noda
c8bcc4c1c3 fix #284 2016-12-18 18:58:21 +09:00
alecdwm
fc8d709afb LDAP login improvements
- return bad request if no username or password given
- return to referer url on auth success
- flash error message on auth failure
2016-12-14 12:40:54 +01:00
alecdwm
02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han
bb3ed8e249 Fix missing dependency in app.js 2016-12-12 13:02:53 +08:00
Wu Cheng-Han
38505491ae Fix redirection to url without trailing slashes not considering about config urlpath 2016-12-12 10:50:43 +08:00
Yukai Huang
9e6fd505e1 Remove bower occurences 2016-12-11 11:18:08 +08:00
Wu Cheng-Han
778b6f32b3 Update to handle request with invalid uri 2016-12-03 14:37:24 +08:00
Wu Cheng-Han
5958654ea4 Remove preprocess image on upload image or it will losing support of image some formats 2016-12-03 14:37:12 +08:00
Wu Cheng-Han
a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Max Wu
bd3d4958e4 Merge pull request #248 from hackmdio/file-upload-options
Support other options for image uploading
2016-11-27 10:54:00 +08:00
Yukai Huang
1a4f3950e6 Handle preprocess image error 2016-11-22 07:20:48 +08:00
Wu Cheng-Han
f387bb312f Try to replace engine.io to uws in socket.io for better performance 2016-11-18 12:18:29 +08:00
Yukai Huang
2279986f97 Config sharp image preprocessing 2016-11-16 17:07:00 +08:00
Yukai Huang
518a4a120b upload image to s3 2016-11-16 12:05:24 +08:00
Yukai Huang
4d3672ae5d Join image path with config.serverurl 2016-11-16 10:50:07 +08:00
Yukai Huang
8db6624ae9 save to upload folder only when option enabled 2016-11-15 23:25:41 +08:00
Yukai Huang
a5dad29300 support filesystem image upload 2016-11-14 17:07:07 +08:00
Yukai Huang
81b368c11c upload image to public/uploads 2016-11-14 16:45:57 +08:00
Wu Cheng-Han
b9c4af8a65 Add to throw error when server not ready after db synced 2016-11-07 21:31:11 +08:00
Max Wu
7e05976a93 Revert "html minify in production environment" 2016-10-24 00:00:05 +08:00
Peter Dave Hello
731375c220 html minify in production environment 2016-10-23 23:31:04 +08:00
Wu Cheng-Han
215b5baa9f Update to support Swedish locale 2016-10-21 13:39:28 +08:00
Wu Cheng-Han
209534993a Fix socket disconnect might interrupt loop issue 2016-10-21 13:35:29 +08:00
Wu Cheng-Han
dbd7449740 Update to support Hindi locale 2016-10-14 22:52:54 +08:00
Wu Cheng-Han
bd6d69d7a7 Fix to handle checkAllNotesRevision might return null notes 2016-10-12 17:47:25 +08:00
Wu Cheng-Han
4ea5191d30 Fix fatal error should throw instead of return 2016-10-10 20:56:41 +08:00
Wu Cheng-Han
cbf078494b Update to add post history by note id with data, delete all history and delete history by id and rename methods 2016-10-10 20:52:09 +08:00
Wu Cheng-Han
af77bb8f59 Update to add cache to history 2016-10-10 20:51:46 +08:00
Wu Cheng-Han
a5e6b5dd3b Update to support Ukrainian locale 2016-10-10 19:48:05 +08:00
Wu Cheng-Han
4c9dc5fa1f Add support of Italian, Turkish, Russian, Dutch, Croatian, Polish locales 2016-10-10 16:29:40 +08:00
Wu Cheng-Han
aaf32dc4bf Update to support Greek and Portuguese locales 2016-10-02 10:34:10 +08:00
Jordan Matelsky
937e982109 Remove expiry from cookies
As per [this issue](https://github.com/expressjs/session/issues/365)
2016-09-26 12:13:24 -04:00
Wu Cheng-Han
79fd2d1364 Update to add revision saving policy 2016-09-18 16:50:20 +08:00
Wu Cheng-Han
0470a266fd Update to prevent caching and crawling status 2016-09-18 16:23:56 +08:00
Wu Cheng-Han
4cc00c6c40 Update to support French, Deutsch, Japanese and Spanish locales 2016-09-16 22:29:13 +08:00
robert
56a3a1d85d Removed redundant condition. 2016-09-06 14:37:05 +03:00
Wu Cheng-Han
b9c59c454d Add support of i18n with related patches and support "en" and "zh" locales for now 2016-08-19 11:49:24 +08:00
Wu Cheng-Han
87f4d05e8e Update to use proper way to render view and fix upload image error should response with code 2016-08-19 11:31:23 +08:00
Wu Cheng-Han
a013c9d3bc Update slide mode to show extra info and support url actions and support disqus via yaml-metadata 2016-08-15 11:25:27 +08:00
Wu Cheng-Han
7ea56c78a2 Update to support redirect back to previous url after signin 2016-08-01 00:06:07 +08:00
Wu Cheng-Han
b5d3570b1a Update to raise the body-parser limit to fix "Error: request entity too large" issue 2016-07-30 11:13:13 +08:00
Max Wu
44e2dab9ee Fix the signin and logout redirect url might be empty 2016-07-08 13:37:41 +08:00
Wu Cheng-Han
f7a4f8f8c2 Add rolling option on session to reset maxAge on every response to extend session life 2016-07-05 16:06:18 +08:00
Cheng-Han, Wu
8e351e7e33 Add revision api 2016-06-17 16:11:14 +08:00
Cheng-Han, Wu
dbc126b156 Add support of saving note revision and improve app start and stop procedure to ensure data integrity 2016-06-17 16:09:33 +08:00
Cheng-Han, Wu
16d5e3ea80 Add maintenance mode and update to gracefully exit process on signal 2016-06-01 14:18:54 +08:00