Commit graph

2423 commits

Author SHA1 Message Date
Charles Parmentier
856fc01fb9 Fixes relative path for fetching the style when set
Signed-off-by: Charles Parmentier <charles.parmentier@hotmail.com>
2020-03-06 00:09:54 +01:00
Sheogorath
97628595ed
Fix unsused import of fs
Let's make the CI happy again :-)

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:11:24 +01:00
Sheogorath
144f17aade
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:09:26 +01:00
Sheogorath
a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
Sheogorath
37923d11f8
Rewrite slide controller to TypeScript
Before this patch the non-TypeScript version of the slide mode causes
problems with the TypeScript code. Therefore, in order to get things
working, this patch does minimalistic changes to the slide mode
controller to bring it into TypeScript convention. And unbreak slide
mode. Further changes are required, but this gets slide mode back to a
usable state.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:51 +01:00
Sheogorath
a3f5dcb4c7
Merge pull request #258 from ErikMichelson/misc/dropMattermost
Remove mattermost integration
2020-02-25 15:02:50 +01:00
Erik Michelson
c976217c12
Remove mattermost integration
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-02-25 14:33:30 +01:00
Sheogorath
95355b8f01
Fix broken assets
Since switching to TypeScript our assets are broken due to the move of
app.js to the `./lib` subdirectory and the relative patch specified for
the public directory.

This patch solves the problem by adding a proper config element for the
path and referencing it in `./lib/app.js`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-25 11:21:48 +01:00
Sheogorath
004e2fbcb2
TypeScript: Tighten configs to improve type validation
TypeScript considers null and undefined as fine for all variable by
default. This patch enables `strictNullChecks`, which should cause
errors to be thrown as soon as a variable is null or undefined without
having it explicitly decleared for itself.[1]

[1]: https://www.typescriptlang.org/docs/handbook/migrating-from-javascript.html#strict-null--undefined-checks

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-24 16:19:17 +01:00
Sheogorath
d8c424297b
Ignore the build directory from git
This should prevent people from commiting the built directory by
accident.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-24 15:46:22 +01:00
Sheogorath
06d0438013
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-24 15:10:14 +01:00
David Mehren
f0b1d85ae9
Fix typo in Author model
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:27 +01:00
David Mehren
f6eec0ce90
Convert first files to TypeScript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:23 +01:00
David Mehren
0d788e0aec
Add typescript dependency & tsconfig.json
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:20 +01:00
David Mehren
63095e6c78
Move app.js to lib
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:07:07 +01:00
Sheogorath
8ce7b28563
Release version 1.6.0
Thanks for all contributions, this community is awesome.
2020-02-18 00:17:48 +01:00
Sheogorath
1686edfd97 Update sv.json (POEditor.com) 2020-02-17 00:01:08 +01:00
Sheogorath
c84753a409 Update es.json (POEditor.com) 2020-02-17 00:01:07 +01:00
Sheogorath
75db992bee Update ru.json (POEditor.com) 2020-02-17 00:01:05 +01:00
Sheogorath
51a9b6cede Update pt.json (POEditor.com) 2020-02-17 00:01:03 +01:00
Sheogorath
4a74bac43b Update ja.json (POEditor.com) 2020-02-17 00:01:00 +01:00
Sheogorath
62b758b906 Update de.json (POEditor.com) 2020-02-17 00:00:58 +01:00
Sheogorath
a728b71514 Update nl.json (POEditor.com) 2020-02-17 00:00:48 +01:00
Sheogorath
d812bf1042 Update zh-CN.json (POEditor.com) 2020-02-17 00:00:46 +01:00
Sheogorath
a5659210a3
Remove Tests for EOL node version 8
Node 8 is End of Life since the beginning of 2020.[1] Due to not
deprecating it earlier, the next release will be the last release
supporting it. There are no breaking changes to be expected anymore,
therefore removing the Tests can be considered safe and the release can
start its existence with a green CI.

This patch removes the test for NodeJS version 8 from the TravisCI jobs.

[1]: https://nodejs.org/en/about/releases/
2020-02-16 23:41:28 +01:00
Sheogorath
afe38bcbb7
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-16 23:41:12 +01:00
Sheogorath
acd333c6da
Merge pull request #271 from SuperSandro2000/patch-2
Replace dead browser icons and add missing
2020-02-16 23:27:20 +01:00
Sandro
1fb3da3a1e
Replace dead browser icons and add missing
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
2020-02-16 04:23:55 +01:00
Sheogorath
d49844d075
Merge pull request #268 from stefandesu/patch-1
Adjust description of CMD_ALLOW_ANONYMOUS_EDITS
2020-02-11 14:18:18 +01:00
Stefan Peters
5ee3213086
Adjust description of CMD_ALLOW_ANONYMOUS_EDITS
`CMD_ALLOW_ANONYMOUS_EDITS` is only applied when `CMD_ALLOW_ANONYMOUS` is `false`, see [here](9c1665ae5b/lib/config/index.js (L71-L73)).

Signed-off-by: Stefan Peters <stefandesu@exo.pm>
2020-02-11 13:32:22 +09:00
Sheogorath
ea2ab05ffc
Merge pull request #267 from SISheogorath/fix/revisionLinks
Fix revision redirect to index page
2020-02-10 21:55:09 +01:00
Sheogorath
487298a574
Merge pull request #264 from Belphemur/update-mermaid
Update mermaid
2020-02-10 21:26:03 +01:00
Antoine Aflalo
adf37550be Update mermaid in CDN
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
2020-02-10 17:12:31 +00:00
Antoine Aflalo
85e1eb4b90 Update mermaid
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
2020-02-10 17:12:31 +00:00
Sheogorath
45cc1325fb
Fix revision redirect to index page
The revision view had a bug that clicking on a list entry would redirect
the user back to the index page instead of providing the revision diff.

This was cased by the baseurl which is now used as reference for hrefs.
Therefore when clicking on the `href="#"` this was actually pointing at
`<baseurl>#` which is usually the index page.

This patch simply removes the href from the list items and therefore the
link functionality. This fixes the whole problem by removing 9
characters from our source code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-10 17:45:43 +01:00
Sheogorath
2a28c832fc
Merge pull request #266 from SISheogorath/feature/change-cdn-defaults
Update CDN defaults
2020-02-10 17:34:57 +01:00
Sheogorath
651db60985
Update CDN defaults
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]

There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]

Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.

[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 21:59:17 +01:00
Sheogorath
8039066f99
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 14:34:28 +01:00
Sheogorath
d5ae45b268
Merge branch 'google-oauth'
See https://github.com/codimd/server/pull/265
2020-02-09 13:48:26 +01:00
ike
78682f57c4 Update app.json
Signed-off-by: ike <developer@ikewat.com>
2020-02-08 15:57:35 +08:00
ike
197223dc81 Add Google oauth variable: hostedDomain
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3

Signed-off-by: ike <developer@ikewat.com>
2020-02-08 15:57:22 +08:00
Sheogorath
b3d4cdbceb
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-01 12:53:15 +01:00
Sheogorath
c9e66c0385
Merge pull request #261 from ErikMichelson/fix/privacy-template-libravatar
Changed Gravatar to Libravatar in privacy-template
2020-01-23 09:32:19 +01:00
Erik Michelson
b4a25da931
Changed Gravatar to Libravatar in privacy-template
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-01-23 00:19:25 +01:00
Sheogorath
5fd3d21ee8
Merge pull request #259 from Amolith/master
update env docs in reference to #247
2020-01-21 01:49:10 +01:00
Sheogorath
5a8621bdee
Merge pull request #250 from ErikMichelson/fix/signin-focus
Fix #249 - Focus user field after opening login modal
2020-01-20 18:55:33 +01:00
Amolith
412540b8e5 update env docs in reference to #247
Signed-off-by: Amolith <amolith@nixnet.xyz>
2020-01-16 17:25:41 -05:00
Sheogorath
bebbf77217
Merge pull request #257 from bluehood/fix_fonts_without_cdn
Fix font loading when useCDN is false
2020-01-15 18:51:00 +01:00
Enrico Guiraud
2acd54bbdb
Fix font path when useCND is false and urlPath is used
Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
2020-01-15 16:32:55 +01:00
Enrico Guiraud
2d3b009e13
Fix font paths when useCDN is false and no urlPath is present
Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
2020-01-15 16:32:12 +01:00