Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
...
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
e5f03fe135
Add dirty workaround for speakers view inline script
2017-10-22 00:03:46 +02:00
Literallie
2b2b8d6d1d
Allow any connect-src in CSP
...
Managing these for all the integrations seems like a lot of effort
2017-10-22 00:03:46 +02:00
Literallie
d51da8c12c
Don't add nonce to CSP if unsafe-inline is on
...
Browsers ignore unsafe-inline if a nonce is sent
2017-10-22 00:03:46 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive
2017-10-22 00:03:46 +02:00
Literallie
996cb37991
CSP: Workaround for ws:// protocol
...
The spec allows wss:// for 'self', but not ws:// :(
2017-10-22 00:03:45 +02:00
Literallie
4238b9b3ef
Fix MathJax CSP issues
2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS
2017-10-22 00:03:45 +02:00
Literallie
5d2d3ec875
CSP: Upgrade insecure requests if possible
...
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie
ba183ce654
Add basic CSP support
2017-10-22 00:03:44 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584
2017-10-13 01:42:05 +02:00
Wu Cheng-Han
c8d3951d32
Add support of Danish locale
2017-06-11 15:52:04 +08:00
Wu Cheng-Han
cceb5b1a26
Fix import module name typo in app.js
2017-05-08 20:35:51 +08:00
Raccoon Li
d79997808a
fix(imageRouter): import missing dependency: getImageMimeType
2017-05-08 20:04:05 +08:00
BoHong Li
60ca6ed56c
refactor: Rename checkURiVaild to checkURIValid to fit coding standard
2017-05-08 19:29:07 +08:00
BoHong Li
3919d4fc0e
fix(app.js): Change config.maintenance to realtime.maintenance
2017-05-08 19:29:07 +08:00
BoHong Li
ecb0533605
refactor(config.js): Extract config file
...
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
4738ba7d36
fix: Add 'use strict' on app.js
2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d
refactor: Remove require
extension filename
2017-05-08 19:29:06 +08:00
BoHong Li
d88502e331
refactor(app.js): Move passport serialize and deserialize to auth module
2017-05-08 19:29:06 +08:00
BoHong Li
7ef17fd4e6
refactor(app.js): Extract tooBusy
2017-05-08 19:29:06 +08:00
BoHong Li
768943002c
refactor(app.js): Extract upload image
2017-05-08 19:29:06 +08:00
BoHong Li
d90bd6da31
fix(app.js): Fixed typo
2017-05-08 19:24:38 +08:00
BoHong Li
689bade730
refactor(app.js): Extract note action
2017-05-08 19:24:38 +08:00
BoHong Li
e2ac73f5a3
refactor(app.js): Extract /me page
2017-05-08 19:24:38 +08:00
BoHong Li
e3fde01e3a
refactor(app.js): Remove unused modules
2017-05-08 19:24:38 +08:00
BoHong Li
706df11e23
refactor(app.js): Extract history api
2017-05-08 19:24:38 +08:00
BoHong Li
c99ae8e1f8
refactor(app.js): Remove unused import modules
2017-05-08 19:24:38 +08:00
BoHong Li
69a9f7ca38
refactor(app.js, auth.js): Extract all auth method to individual modules
2017-05-08 19:24:38 +08:00
BoHong Li
766022378a
refactor(app.js): Extract status pages
2017-05-08 19:24:37 +08:00
BoHong Li
66c68254b4
refactor(app.js): Extract index, 403, 404, 500 pages
2017-05-08 19:24:37 +08:00
BoHong Li
9f1f16c8e3
refactor(app.js): Extract urlencodedParser to utils module
2017-05-08 19:24:37 +08:00
BoHong Li
dee77c459a
refactor(app.js): Extract middleware to module
...
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li
7ba0d600f1
fix(app.js): Stream log
...
use logger instead of logger.stream
2017-05-08 19:24:37 +08:00
LluisArevalo
6e277100ca
Add reference to utils library
2017-05-08 10:52:30 +02:00
LluisArevalo
03ef1bf4f0
Add Content-Type to the images uploaded to AWS S3
2017-05-08 10:22:52 +02:00
Wu Cheng-Han
dde6e622a4
Fix front-end constants generation not getting config properly
2017-03-23 20:00:48 +08:00
Wu Cheng-Han
011d043b2a
Update to indicate version in status API header
2017-03-22 23:44:09 +08:00
Wu Cheng-Han
e751684aa3
Update to print info on exit term signals handled
2017-03-22 15:31:39 +08:00
Wu Cheng-Han
0bcd83576f
Update to handle SIGQUIT
2017-03-22 15:26:35 +08:00
Wu Cheng-Han
7989b89591
Add support of Catalan locale
2017-03-20 14:52:25 +08:00
Wu Cheng-Han
19a64f6b06
Fix typo and possible wrong value on provider is false on generating front-end constants
2017-03-20 01:54:44 +08:00
Wu Cheng-Han
448b006194
Update to generate front-end constants on server startup
...
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han
506a381eca
Add config option for gitlab api scope and auto adapt gitlab snippet feature on it
2017-03-14 18:04:23 +08:00
BoHong Li
4889e9732d
Use JavaScript Standard Style
...
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
NV
90c83ebd5b
Fix image path problem when using filesystem backend
2017-02-09 14:07:36 +09:00
Wu Cheng-Han
92ad67b813
Update to remove history cache to lower application coupling
2017-02-03 21:39:08 +08:00
Jan Kunzmann
20dc3127b1
Handle SIGTERM the same way SIGINT is handled
2017-01-20 02:13:09 +01:00
Max Wu
4851098477
Merge pull request #317 from SISheogorath/master+allowEmailRegister
...
Add `allowemailregister` option
2017-01-12 23:37:28 +08:00
Sheogorath
747629e549
Add allowemailregister
option
2017-01-12 13:54:45 +01:00
Wu Cheng-Han
fc788e805e
Fix SIGINT checkClean should only log error instead throw error
2017-01-12 17:17:01 +08:00
Max Wu
b13635aac9
Merge pull request #279 from alecdwm/ldap-auth
...
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
James Stephenson
ec1ae8c6b5
Added Esperanto translation
...
Translation by Jonathan Powell and James Stephenson
2016-12-30 22:02:57 -05:00
knjcode
a2fbb3add9
Fix URL concatenation
2016-12-27 12:46:07 +09:00
S.Noda
c8bcc4c1c3
fix #284
2016-12-18 18:58:21 +09:00
alecdwm
fc8d709afb
LDAP login improvements
...
- return bad request if no username or password given
- return to referer url on auth success
- flash error message on auth failure
2016-12-14 12:40:54 +01:00
alecdwm
02e9927714
Initial support for LDAP server authentication
...
Limitations as of this commit:
- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
- instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
because we aren't using oauth. The currently generated
tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han
bb3ed8e249
Fix missing dependency in app.js
2016-12-12 13:02:53 +08:00
Wu Cheng-Han
38505491ae
Fix redirection to url without trailing slashes not considering about config urlpath
2016-12-12 10:50:43 +08:00
Yukai Huang
9e6fd505e1
Remove bower occurences
2016-12-11 11:18:08 +08:00
Wu Cheng-Han
778b6f32b3
Update to handle request with invalid uri
2016-12-03 14:37:24 +08:00
Wu Cheng-Han
5958654ea4
Remove preprocess image on upload image or it will losing support of image some formats
2016-12-03 14:37:12 +08:00
Wu Cheng-Han
a73d9ce39e
Update to support optional email register and signin
2016-12-02 01:58:14 +08:00
Max Wu
bd3d4958e4
Merge pull request #248 from hackmdio/file-upload-options
...
Support other options for image uploading
2016-11-27 10:54:00 +08:00
Yukai Huang
1a4f3950e6
Handle preprocess image error
2016-11-22 07:20:48 +08:00
Wu Cheng-Han
f387bb312f
Try to replace engine.io to uws in socket.io for better performance
2016-11-18 12:18:29 +08:00
Yukai Huang
2279986f97
Config sharp image preprocessing
2016-11-16 17:07:00 +08:00
Yukai Huang
518a4a120b
upload image to s3
2016-11-16 12:05:24 +08:00
Yukai Huang
4d3672ae5d
Join image path with config.serverurl
2016-11-16 10:50:07 +08:00
Yukai Huang
8db6624ae9
save to upload folder only when option enabled
2016-11-15 23:25:41 +08:00
Yukai Huang
a5dad29300
support filesystem image upload
2016-11-14 17:07:07 +08:00
Yukai Huang
81b368c11c
upload image to public/uploads
2016-11-14 16:45:57 +08:00
Wu Cheng-Han
b9c4af8a65
Add to throw error when server not ready after db synced
2016-11-07 21:31:11 +08:00
Max Wu
7e05976a93
Revert "html minify in production environment"
2016-10-24 00:00:05 +08:00
Peter Dave Hello
731375c220
html minify in production environment
2016-10-23 23:31:04 +08:00
Wu Cheng-Han
215b5baa9f
Update to support Swedish locale
2016-10-21 13:39:28 +08:00
Wu Cheng-Han
209534993a
Fix socket disconnect might interrupt loop issue
2016-10-21 13:35:29 +08:00
Wu Cheng-Han
dbd7449740
Update to support Hindi locale
2016-10-14 22:52:54 +08:00
Wu Cheng-Han
bd6d69d7a7
Fix to handle checkAllNotesRevision might return null notes
2016-10-12 17:47:25 +08:00
Wu Cheng-Han
4ea5191d30
Fix fatal error should throw instead of return
2016-10-10 20:56:41 +08:00
Wu Cheng-Han
cbf078494b
Update to add post history by note id with data, delete all history and delete history by id and rename methods
2016-10-10 20:52:09 +08:00
Wu Cheng-Han
af77bb8f59
Update to add cache to history
2016-10-10 20:51:46 +08:00
Wu Cheng-Han
a5e6b5dd3b
Update to support Ukrainian locale
2016-10-10 19:48:05 +08:00
Wu Cheng-Han
4c9dc5fa1f
Add support of Italian, Turkish, Russian, Dutch, Croatian, Polish locales
2016-10-10 16:29:40 +08:00
Wu Cheng-Han
aaf32dc4bf
Update to support Greek and Portuguese locales
2016-10-02 10:34:10 +08:00
Jordan Matelsky
937e982109
Remove expiry from cookies
...
As per [this issue](https://github.com/expressjs/session/issues/365 )
2016-09-26 12:13:24 -04:00
Wu Cheng-Han
79fd2d1364
Update to add revision saving policy
2016-09-18 16:50:20 +08:00
Wu Cheng-Han
0470a266fd
Update to prevent caching and crawling status
2016-09-18 16:23:56 +08:00
Wu Cheng-Han
4cc00c6c40
Update to support French, Deutsch, Japanese and Spanish locales
2016-09-16 22:29:13 +08:00
robert
56a3a1d85d
Removed redundant condition.
2016-09-06 14:37:05 +03:00
Wu Cheng-Han
b9c59c454d
Add support of i18n with related patches and support "en" and "zh" locales for now
2016-08-19 11:49:24 +08:00
Wu Cheng-Han
87f4d05e8e
Update to use proper way to render view and fix upload image error should response with code
2016-08-19 11:31:23 +08:00
Wu Cheng-Han
a013c9d3bc
Update slide mode to show extra info and support url actions and support disqus via yaml-metadata
2016-08-15 11:25:27 +08:00
Wu Cheng-Han
7ea56c78a2
Update to support redirect back to previous url after signin
2016-08-01 00:06:07 +08:00
Wu Cheng-Han
b5d3570b1a
Update to raise the body-parser limit to fix "Error: request entity too large" issue
2016-07-30 11:13:13 +08:00
Max Wu
44e2dab9ee
Fix the signin and logout redirect url might be empty
2016-07-08 13:37:41 +08:00
Wu Cheng-Han
f7a4f8f8c2
Add rolling option on session to reset maxAge on every response to extend session life
2016-07-05 16:06:18 +08:00
Cheng-Han, Wu
8e351e7e33
Add revision api
2016-06-17 16:11:14 +08:00
Cheng-Han, Wu
dbc126b156
Add support of saving note revision and improve app start and stop procedure to ensure data integrity
2016-06-17 16:09:33 +08:00
Cheng-Han, Wu
16d5e3ea80
Add maintenance mode and update to gracefully exit process on signal
2016-06-01 14:18:54 +08:00