Commit graph

681 commits

Author SHA1 Message Date
Renovate Bot
c166d5bad2
Update NestJS packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-24 14:12:26 +00:00
Renovate Bot
39f4a2160a
Update dependency typescript to v4.2.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 23:51:55 +00:00
Renovate Bot
169639cf81
Update dependency eslint-config-prettier to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-21 12:01:55 +00:00
Renovate Bot
9f27657da5
Update dependency @types/node to v13.13.45
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-20 10:17:41 +00:00
Renovate Bot
099d9c684c
Update dependency @types/node to v13.13.44
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-19 05:29:49 +00:00
Renovate Bot
c9ae443dda
Update dependency @nestjs/cli to v7.5.5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-17 09:08:29 +00:00
Renovate Bot
215c47dcf9
Pin dependency nest-router to 1.0.9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 21:07:58 +00:00
David Mehren
77f00d961a
Merge pull request #916 from hedgedoc/feature/prefixPublicApi
PublicApi: Add correct prefix
2021-02-16 21:49:54 +01:00
Philip Molares
73113dc361 PublicApi: Add correct prefix
Using nest-router for this purpose as it is a rather easy addition to our structure. As we don't add the Router to any e2e tests we don't need to change them.

fixes #523

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 20:19:45 +01:00
Renovate Bot
d3e6a15eb0
Update dependency typeorm to v0.2.31
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 19:17:45 +00:00
David Mehren
b09fdd1f93
Merge pull request #913 from hedgedoc/renovate/develop-definitelytyped
Update dependency @types/node to v13.13.42 (develop)
2021-02-16 20:17:15 +01:00
Renovate Bot
861a970b8c
Update dependency class-transformer to v0.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 19:14:45 +00:00
Renovate Bot
b1bc079274
Update dependency @types/node to v13.13.42
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 19:14:30 +00:00
David Mehren
ca7c253af1
Merge pull request #918 from hedgedoc/renovate/develop-linters 2021-02-16 20:12:08 +01:00
Renovate Bot
d3790bf5dc
Update linters to v4.15.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 19:09:10 +00:00
Renovate Bot
772b2fac1d
Update dependency sqlite3 to v5.0.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 19:08:39 +00:00
Philip Molares
2a5f9df6dc Package.json: Switch yarn format and format:check
Make `yarn format` check the files and `yarn format:fix` do the actually
fixing

fixes #920

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 10:46:29 +01:00
Renovate Bot
eeb536aca3
Update dependency eslint to v7.20.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 00:59:10 +00:00
Renovate Bot
2db97168ea
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:27:03 +00:00
David Mehren
f304c428a3
Merge pull request #905 from hedgedoc/renovate/develop-typescript-4.x
Update dependency typescript to v4.1.5 (develop)
2021-02-12 23:25:52 +01:00
Renovate Bot
1a40440ef1
Update dependency typescript to v4.1.5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:21:49 +00:00
Renovate Bot
81285fd7e4
Update dependency ts-jest to v26.5.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:21:20 +00:00
Renovate Bot
8cb26623f1
Update dependency ts-loader to v8.0.17
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:17:13 +00:00
Renovate Bot
0c33c6b034
Update dependency joi to v17.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:11:05 +00:00
Renovate Bot
ade0cf3651
Update dependency @types/node to v13.13.41
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:03:57 +00:00
Renovate Bot
73fdcf8e23
Update NestJS packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 21:55:30 +00:00
Renovate Bot
1f26c992a1
chore(deps): update dependency ts-jest to v26.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-29 14:02:05 +00:00
Renovate Bot
df3e389b6f
fix(deps): update nestjs packages to v7.6.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:26:10 +00:00
Renovate Bot
af555d972b
chore(deps): update dependency supertest to v6.1.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 22:02:40 +00:00
Renovate Bot
999099c94b
fix(deps): pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 21:52:35 +00:00
Philip Molares
ee6293f5a3 auth: adds token-auth to public api
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:06 +01:00
Philip Molares
0a3247492a auth: Add cron to clean old tokens
Rename AuthToken.identifier to label

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:04 +01:00
Philip Molares
8d89614a4d auth: adds token-auth to public api
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:59 +01:00
Philip Molares
15ca030b67 auth: add hash function
the hash function uses bcrypt with 2^16 iterations.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:52 +01:00
Renovate Bot
2f126452ee
chore(deps): update linters to v4.14.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 19:38:27 +00:00
Renovate Bot
f37c131894
chore(deps): update dependency supertest to v6.1.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 06:43:08 +00:00
Renovate Bot
2f575600af
fix(deps): update nestjs packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-22 13:53:55 +00:00
Renovate Bot
519c191b42
fix(deps): update dependency @nestjs/swagger to v4.7.12
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-21 14:57:08 +00:00
Renovate Bot
a949d307d9
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-19 10:06:59 +00:00
Renovate Bot
bc6f591cac
Update dependency supertest to v6.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:45:12 +00:00
Renovate Bot
6eef37bed7
Update dependency @nestjs/swagger to v4.7.11
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:34:51 +00:00
Renovate Bot
bf3a35a44b
Update dependency @types/node to v13.13.40
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:28:54 +00:00
Renovate Bot
0a40edf8a7
Update dependency class-transformer to v0.3.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:24:49 +00:00
Renovate Bot
6018760779
Update dependency class-validator to v0.13.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-14 05:45:22 +00:00
Renovate Bot
0f2ed457d8
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 21:29:09 +00:00
David Mehren
c55f7060be
Add proof of concept config system
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2021-01-13 21:45:21 +01:00
Renovate Bot
7b89c94060
Update linters to v4.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 17:16:35 +00:00
Renovate Bot
3c324ab9c6
Update dependency typeorm to v0.2.30
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 17:07:58 +00:00
Renovate Bot
e4f2b25370
Update dependency file-type to v16.2.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:58:34 +00:00
Renovate Bot
9f38e596d4
Update dependency class-validator to v0.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:46:10 +00:00
Renovate Bot
762e2fda09
Update dependency @nestjs/swagger to v4.7.10
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:35:13 +00:00
Renovate Bot
b1101c8b0b
Update dependency @types/express to v4.17.11
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-12 22:29:20 +00:00
Renovate Bot
3254d32270
Update dependency sqlite3 to v5.0.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-08 15:41:58 +00:00
Renovate Bot
6918b7a0e5
Update definitelyTyped
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-07 09:15:51 +00:00
Renovate Bot
1f1fadf4f6
Update dependency @types/jest to v26
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 23:00:35 +00:00
Renovate Bot
4f8bb0f348
Update dependency ts-jest to v26.4.4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:57:36 +00:00
Renovate Bot
aabb4e19db
Update dependency file-type to v16
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:54:07 +00:00
Renovate Bot
25e74f4ae7
Update dependency prettier to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:44:29 +00:00
Renovate Bot
ffe2c8f557
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:25:56 +00:00
Renovate Bot
9429e8d6c5
Update dependency typescript to v4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:21:58 +00:00
Renovate Bot
6759f535c4
Update dependency jest to v26.6.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:16:28 +00:00
Renovate Bot
96fe8a39ce
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:13:17 +00:00
Renovate Bot
24de4cc477
Update dependency ts-node to v9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:51:21 +00:00
Renovate Bot
90f8dfb77a
Update dependency ts-loader to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:46:50 +00:00
Renovate Bot
07273bda1d
Update dependency supertest to v6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:40:56 +00:00
Renovate Bot
7580a7ba13
Update dependency swagger-ui-express to v4.1.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:25:55 +00:00
Renovate Bot
62be9eb442
Update dependency typeorm to v0.2.29
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:14:55 +00:00
Renovate Bot
c41124bb2e
Pin dependency class-transformer to 0.3.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:03:59 +00:00
David Mehren
a9afd5030f
Add cli-color dependency, that previously was in @nestjs/common
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 20:56:11 +01:00
Renovate Bot
3f1783dcde
Update NestJS packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 19:43:16 +00:00
Renovate Bot
50e7352467
Update dependency class-transformer to ^0.3.0 [SECURITY]
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 18:38:14 +00:00
David Mehren
cb44ebda5b
Add coverage analysis to CI workflow
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 13:05:15 +01:00
David Mehren
c6cdba4844
Add CI workflow
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 13:05:15 +01:00
Renovate Bot
86b54a9c5e
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-05 22:12:43 +00:00
David Mehren
560efc71d8
Use useStaticAssets instead of @nestjs/serve-static
`serve-static` does not work with `createTestingModule` and is not recommended when "just" serving a few images.

See https://github.com/nestjs/serve-static/issues/240

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-24 11:32:23 +02:00
David Mehren
9743018591
Use serve-static to serve uploaded files.
Add `@nestjs/serve-static` to serve uploaded media from the upload directory on the local filesystem.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-17 19:58:22 +02:00
David Mehren
7a6c06d068
Add MediaService
This service is responsible for operations regarding uploaded media. It should perform save, get and delete operations with the configured backend.
The service also checks, if the mime type of the uploaded media is allowed.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-17 19:58:22 +02:00
David Mehren
98e2bf106e
Collect coverage information for E2E tests
As proposed in https://github.com/nestjs/nest/issues/3169#issuecomment-588287478

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-03 18:00:12 +02:00
David Mehren
b4b91acddb
NotesController: Use custom logic to access raw markdown
NestJS does not support content-types other than application/json.
Therefore we need to directly access the request object to get the raw body content.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-09-25 21:35:47 +02:00
David Mehren
81126bb864
Do not automatically fix linting problems
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-21 21:45:53 +02:00
David Mehren
db026d6a57
Add Session entity
This entity implements the Session interface from connect-typeorm, which we will later use to store session data from express-session.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:12 +02:00
David Mehren
f3d1644f95
Enable automatic OpenAPI spec generation.
NestJS can automatically generate an OpenAPI spec by analyzing controllers and used DTOs.
This commit enables this feature. The API docs are served under /apidoc.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:08 +02:00
David Mehren
56d5a2e1b1
Add NoteModule
This contains the module, a model which was adapted from the old code and two DTOs.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:07 +02:00
David Mehren
4135b7e6e4
Add TypeORM support
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
David Mehren
f4caee2ac7
Add empty NestJS application
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
Sheogorath
6c1ca5bd8d
Run database migrations automatically on startup
Instead of using sequelize-cli and ensure migrations by shellscript,
this patch automates database migrations properly to the umzug library.
The sequelize CLI becomes a dev dependencies as it's still useful for
generating migrations.

This should eliminate the need for crude generating of database config
files and alike. Instead we utilize the pre-configured sequelize
connection that CodiMD will use anyway.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-07-11 20:33:35 +02:00
David Mehren
4df1ea6a5c
Upgrade pg package to fix node version 14 compatibility
This is a forward-port of d6ce60c.

The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-07-10 18:52:15 +02:00
Dexter Chua
c112a15171 Fully dedicate our soul to yarn
Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-18 16:18:37 +08:00
Sheogorath
5ced1f3cdd
Split frontend and backend build
It should be possible to run a backend build without the need to start
the application and without the need to fiddle around with PATH or
fiddling with `node_modules`. Therefore this patch splits the build
command into `build-frontend` and `build-backend`, which will allow
those builds to be done independent and have a separate command `build`
which will provide the combination of both of them.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-06-03 11:59:03 +02:00
David Mehren
591096ce8b
Add @types/codemirror
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:47 +02:00
David Mehren
a148e4d799
Add @types for sinon
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:15 +02:00
David Mehren
ac030760ba
Fix mocha tests in TypeScript
`mock-require` does not work with TypeScript, as the compiled JS expects a sub-object: `import { config } from Config` compiles to `const config_1 = require("./config")`, but the config object is now in `config_1.config`, *not* in `config_1` directly.

Therefore `mock-require` was replaced with `ts-mock-imports`, which also simplifies the code a bit.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:15 +02:00
David Mehren
3b8c85cc9b
Migrate tests to TypeScript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:11 +02:00
David Mehren
acdd627027
Lint .ts files too
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:11:37 +02:00
David Mehren
aaff73036b
Fix remaining paths after moving everything to src
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 14:19:12 +02:00
David Mehren
ba6055a03d
Downgrade jQuery to 3.4.1
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:19 +02:00
David Mehren
73d4023155
note/actions.ts: Formatting fixes and lint exceptions
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:17 +02:00
Philip Molares
3c216795e7
added all @types for passport-strategies as devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:15 +02:00
Philip Molares
ef6632cac9
added userRouter.ts
- added @types/passport
- added @types/archiver
- types all req and res arguments
- renamed unused argument next to _

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:12 +02:00
Philip Molares
ab5a654068
added @types/minio to devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
Philip Molares
7125072fc5
moved @types to devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
Yannick Bungers
6d256dd5b6
Added Types for csp.ts
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
David Mehren
b6ad2b2625
Add @types/lodash
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:05 +02:00
Philip Molares
f9193822a7
created letter-avatars.ts
added @types/randomcolor

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
7cdcf627db
note.ts: ESLint fixes, add types for diff-match-patch
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
0228d00c56
Use ESLint and 'typescript-eslint' plugin.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:03 +02:00
David Mehren
1d4107fe90
Migrate models to TypeScript
Co-authored-by: David Mehren <dmehren1@gmail.com>
Co-authored-by: Yannick Bungers <git@innay.de>
Co-authored-by: Philipp Hochkamp <me@phochkamp.de>
Co-authored-by: nzbr <mail@nzbr.de>

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:01 +02:00
David Mehren
54cd556f2f
Add sequelize-typescript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 12:36:39 +02:00
Bennet Bleßmann
d2b963f652
add resolution to resolve sub-package dependency ldapauth-fork to at least 4.3.0
Signed-off-by: Bennet Bleßmann <bb-github@t-online.de>
2020-04-21 16:07:25 +02:00
Sheogorath
a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
Erik Michelson
c976217c12
Remove mattermost integration
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-02-25 14:33:30 +01:00
David Mehren
0d788e0aec
Add typescript dependency & tsconfig.json
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:20 +01:00
Sheogorath
8ce7b28563
Release version 1.6.0
Thanks for all contributions, this community is awesome.
2020-02-18 00:17:48 +01:00
Antoine Aflalo
85e1eb4b90 Update mermaid
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
2020-02-10 17:12:31 +00:00
Sheogorath
b3d4cdbceb
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-01 12:53:15 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-23 18:11:17 +01:00
snyk-bot
5dbfb82b7f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
2019-11-16 05:35:27 +00:00
Sheogorath
01bff246b0
Merge pull request #210 from davidmehren/mathjax_fix
Fix compatibility with MathJax 2.7.6
2019-10-29 14:18:38 +01:00
Sheogorath
68ee654c16
Merge pull request #212 from davidmehren/webpack_cleanup
Remove unused webpack plugins from package.json
2019-10-29 14:17:41 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-28 01:43:22 +01:00
David Mehren
17f2a11310
Remove unused webpack plugins from package.json
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 21:54:09 +02:00
David Mehren
88b855beb2
Fix compatibility with MathJax 2.7.6
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 21:50:48 +02:00
snyk-bot
72f74b1b23 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
2019-10-10 05:32:44 +00:00
snyk-bot
511873e58a fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-09-30 05:32:48 +00:00
snyk-bot
0185add27f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-09-26 05:32:43 +00:00
Tobias Kremer
ea3c824978 Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
2019-09-06 10:42:30 +02:00
snyk-test
47d2b99582 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
2019-08-20 05:32:45 +00:00
Sheogorath
9c1665ae5b
Release version 1.5.0 2019-08-15 23:30:37 +02:00
Sheogorath
e574ae7588
Switch mysql library to mysql2
The recent sequelize upgrade introduced some other dependencies, this is
one of them. This patch replaces the old `mysql` library with `mysql2`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:53 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:48 +02:00
snyk-test
6f588826e0 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MERMAID-174698
2019-07-24 05:32:45 +00:00
Sheogorath
0d5923d61c
Update sequelize to latest version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
BoHong Li
63c96e7359
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-11 00:41:50 +02:00
Sheogorath
6462968e84
Merge pull request #97 from SISheogorath/fix/linting
Fix eslint warnings
2019-06-04 16:09:46 +02:00
Sheogorath
51d69d993c
Release version 1.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 01:08:45 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Claudius
806ebe6e1a drop node 6 support
We will no longer test on node6 and instead focus on 8+. This won't
break node6 immediately, but we will no longer go out of our way
supporting a version that does not receive security updates.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
4833f300c5 polyfilling scrypt for node 8.5+
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
4b579be93e Adding the first few lines of user model test
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1 2019-05-06 10:42:41 +02:00
Christoph (Sheogorath) Kern
81904b6717
Merge pull request #51 from SISheogorath/fix/wurl
Replace js-url with wurl
2019-04-19 21:46:08 +02:00
snyk-bot
54fd5ee0a2 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
2019-04-16 19:16:26 +00:00
Sheogorath
c0e75b8606
Replace js-url with wurl
js-url is outdated and wurl is it's successor. This will fix some
vulnerabilities in the dependencies and also optimize the build process
by removing the external library toward internal tooling.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 19:28:23 +02:00
Max Wu
fb399ebe73
Fix stored XSS in the graphviz error message rendering [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>

Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 14:05:26 +02:00
Sheogorath
e014a73393
Update meta-marked to fix possible vulnerabilities
Snyk informed us about possible vulnerabilities in meta-marked. It seems
like at least some of them were already address by HackMD around a year
ago but never pushed upstream to CodiMD.

This patch provides a fix by using an up-to-date dependency from our own
repository with CI integration.

Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:11:57 +02:00
Christoph (Sheogorath) Kern
ef348fc49b
Merge pull request #33 from codimd/lutim-support
Add support for image hosting with lutim
2019-04-10 11:39:11 +02:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Sheogorath
1f55150441
Fix broken dependency js-sequence-diagrams
A few days ago the dependency was removed from npm. this causes various
setups to fail and blocks deployments and development.

This patch should fix the dependency and allow CodiMD to move forward.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 00:18:24 +02:00
snyk-bot
502c70008e fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
2019-04-07 19:49:25 +00:00
Claudius
fb973d2a6f removing doctoc, which is no longer being used
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
5c607c4f80 cleanup of the heroku configuration
this removes the general `postinstall` call to `bin/heroku` and instead
puts it into a heroku-prebuild hook. At the same time, env vars get
updated to use the `CMD` prefix. The configured buildpacks were not used.
Finally, npm run build is now automatically
done by Heroku.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-03-31 01:29:34 +01:00
Sheogorath
4ffeab6129
Release version 1.3.2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:33:20 +01:00
Sheogorath
974dc8fc21
Update maintainers in package.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:30:20 +01:00
Sheogorath
7cde6958f3
Update links to new repositories
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.

Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27 19:31:34 +01:00
Sheogorath
50c80c99a4
Release version 1.3.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:27:39 +01:00
Sheogorath
87443dec5f
Release version 1.3.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 12:37:00 +01:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 19:14:12 +01:00
Sheogorath
bce58db97c
Update handlebar to version 4.0.13
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.

Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
2019-02-15 15:40:44 +01:00
Claudius Coenen
fa0dea0a1b Fixing deep dependency problem with node 6.x
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: 231275b5a4
see: https://github.com/salesforce/tough-cookie/pull/141

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2019-01-23 23:37:13 +01:00
Sheogorath
bf229d91c6
Add linting for tests
The tests are currently not linted. This causes a different coding style
than the rest of the sources.

This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-21 17:17:54 +01:00
Sheogorath
d408f4c0fe
Add tests for csp.js
Since we lack of tests but got some great point to start, let's write
more tests.

This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-19 13:54:52 +01:00
Sheogorath
62477f0279
Update bootstrap from 3.3.7 to 3.4.0
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-11 01:56:52 +01:00
Sheogorath
9eb4e545d2
Update SAML to version 1.0.0
Seems like there was a security problem with the library.

This patch updates to version 1.0.0 which fixed the details.

Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-09 01:15:02 +01:00
Daan Sprenkels
f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
Daan Sprenkels
318a37d41c Add a test for gravatar urls
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:45 +01:00
Sheogorath
cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Christoph (Sheogorath) Kern
8bace89cab
Merge pull request #1072 from SISheogorath/update/doctoc
Update doctoc to version 1.4.0
2018-11-24 17:36:16 +01:00
Christoph (Sheogorath) Kern
4856aa2840
Merge pull request #1069 from SISheogorath/fix/to-markdown
Update from to-markdown to turndown
2018-11-24 17:35:53 +01:00
Sheogorath
306c25d8f7
Update doctoc to version 1.4.0
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.

This patch updates to the version containing the new, namespaced,
package.

References:
https://github.com/thlorenz/doctoc/pull/151

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 16:43:26 +01:00
Sheogorath
1091efc259
Remove node-uuid
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.

This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:38:40 +01:00
Sheogorath
33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Christoph (Sheogorath) Kern
2323d203b4
Merge pull request #1063 from SISheogorath/fix/nodeVersion
After removing ws, node version 10 should work
2018-11-21 01:42:35 +01:00
Sheogorath
cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Sheogorath
bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Sheogorath
e3b6bcc5f8
After removing ws, node version 10 should work
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.

As far as I can say, it works, so let's try to remove the restriction to
"<10.x"

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:42:28 +01:00
Christoph (Sheogorath) Kern
6f7fd74b1a
Merge pull request #943 from SISheogorath/feature/improveSetup
Some minor improvements for setup script
2018-11-17 12:42:24 +01:00
Claudius Coenen
858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Sheogorath
c3584770f2
Upgrade winston
Our log library got a new major version which should be implemented.

That's exactly what this patch does. Implementing the new version of the
logging library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 00:47:11 +01:00
Sheogorath
77b2757a16
Upgrade some package versions
`npm audit` reports a ton of issues on CodiMD. Most of them are minor
issues, but these are still things that should be fixed.

This changes were created by running `npm audit fix`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 00:27:53 +01:00
MartB
6bce9ac5bf Fix #1016: webpack include defect for scripts and header files.
Signed-off-by: MartB <mart.b@outlook.de>
2018-10-16 11:40:21 +02:00
Christoph (Sheogorath) Kern
763b000bc6
Merge pull request #985 from SISheogorath/fix/helmetCSP
Add `data:` URL to CSP and upgrade helmet
2018-10-11 00:19:24 +02:00
Sheogorath
1d452a6ed4
Remove dead package octicon
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 23:42:41 +02:00
David Mehren
9f92bba036
Use webpack-merge.
Move html export config to own file.
Delete unnecessary config options.
Use cheap source maps.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
David Mehren
9a2dcd40d3
Rename Webpack config to official recommendation
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Christoph (Sheogorath) Kern
535ee36a26
Merge pull request #993 from SISheogorath/feature/useForkAwesome
Replace font-awesome with fork-awesome
2018-10-09 21:58:15 +02:00
Christoph (Sheogorath) Kern
466dc9bc21
Merge pull request #992 from SISheogorath/fix/maintainer
Fix maintainer and URL in package.json
2018-10-08 01:12:23 +02:00
Sheogorath
9f9c4089be
Add OpenID to CodiMD
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 22:43:32 +02:00
Sheogorath
5212bbf9c4
Replace font-awesome with fork-awesome
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 21:52:08 +02:00
Sheogorath
a006f53dea
Update URL to codimd's own URL
Since we have an own URL we should use it in here, since CodiMD and
HackMD are really drifting away from each other.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:36:45 +02:00
Sheogorath
36117195fa
Add myself as maintainer
Well, since I'm currently the maintainer of CodiMD, I should maybe
mentioned in the package.json, just in case someone is willing to
contact me about it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:35:43 +02:00
Sheogorath
d4a9bb3c7e
Add data: URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 03:04:36 +02:00
Sheogorath
a47d91dbd0
Add development mode for webpack in package.json
Seems like we have to explicitly tell the new webpack version that we
want to use the development environment. This provides us with source
maps and similar.

This patch adds the commandline option in our scripts in package.json

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:34:25 +02:00
Christoph (Sheogorath) Kern
ae8fa41f92
Merge pull request #958 from SISheogorath/fix/uws
Replace `uws` with `ws` package
2018-10-03 16:54:35 +02:00
Christoph (Sheogorath) Kern
edcd8a23ff
Merge pull request #932 from davidmehren/webpack-4
Upgrade to Webpack 4
2018-10-03 16:52:32 +02:00
Sheogorath
da818384af
Update version to 1.2.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 16:24:36 +02:00
Sheogorath
c402abb0a5
Revert "Remove unused dependency"
This reverts commit d2ded08f59.

Seems like the package is used for building the sqlite3 integration.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 13:23:10 +02:00
Sheogorath
d2ded08f59
Remove unused dependency
This dependency where installed, but it seems like they were never used.
Seems like it's a remaining piece from the the prototyping phase of the
project.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 12:42:11 +02:00
Sheogorath
db59bb99dc
Run db migrations on start
We should force db migrations to run on every start. This will minimize
the impact of breaking migrations in future. While it may causes some
issues with the next start since CodiMD won't start when the migrations
fail.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 19:58:55 +02:00
Sheogorath
6b80626dca
Replace uws with ws package
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-18 00:02:23 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
dcb10b0ec9
Upgrade to Webpack 4 - fix CSS import order
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
Sheogorath
b028baf77f
Switch to own, fixed, lz-string version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 12:09:02 +01:00
Sheogorath
53a846bdc5
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 14:15:45 +02:00
Sheogorath
33a4b88dab
Release 1.2.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 19:38:12 +02:00
Sheogorath
a26c142ade
Revert "Update pg"
This reverts commit 4d4163c170.
2018-06-30 17:43:08 +02:00
Sheogorath
f30cc3044a
Update randomcolor
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
4d4163c170
Update pg
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
dea62cf310
Update store
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
1812b1aaca
Update highlight.js
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
565cdc0197
Update xss protection
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
459fe2da07
Update sqlite
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
3f49aee63f
Update shortid
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
0cebeb68d7
Update passport
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
b6e1144627
Update to octicon 4.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
562985a115
Update passport-ldap
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
f51de7f3bb
Update validator
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
fd3733e7d1
Update password-gitlab2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
d8df6e4342
Update minio
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
76b2ba4954
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Ádám Hóka
376fcab2ca Add Azure Blob Storage support
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 10:07:52 +02:00
Sheogorath
6f8bd8fdc9
Fix missing dependency
To export the notes we need the archiver package that takes care of
creating the zip files.

Looks like I forgot this one in the initial commit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-27 15:28:46 +02:00
Sheogorath
a258719d34
Release 1.1.1-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-23 12:01:26 +02:00
Sheogorath
bd46230a7f
Add current requirements for node versions
Right now we can only run on node versions below 10.x thanks to scrypt
dependencies.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-21 23:08:13 +02:00
Sheogorath
af0a6b1d76
Upgrade base64url package
There was recently a possible security problem with base64url. Shouldn't
really hit us but it doesn't hurt.

Details: https://snyk.io/vuln/npm:base64url:20180511

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-17 15:19:24 +02:00
Sheogorath
c4dba48f79
Fix possible file limit errors
As we currently may need higher nofile limits than usual/default on
various systems this commit should probide a fix for that an allow to
build HackMD without highering these limits and increase security.

Inspiration was found in a copy-webpack-plugin-issue[1] and found by
@thegcat[2]. Thanks for that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

[1]:
https://github.com/webpack-contrib/copy-webpack-plugin/issues/59#issuecomment-228563990
[2]: https://github.com/thegcat
2018-04-16 21:08:34 +02:00
Sheogorath
8a3cec73c1
Add config.json.example to npm test
This commit extends the find command to also match the example config
file.

This should validate the syntax or this file to prevent syntax errors
for future pull request.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-14 22:20:35 +02:00
Sheogorath
bdb8631a7b
Release 1.1.0-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 16:24:36 +02:00
Christoph (Sheogorath) Kern
f6df2deb84
Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64
Fix to use url-safe base64 in note url
2018-03-18 15:13:06 +01:00
David Mehren
7904558292
Remove engine.io-client dependency and fix webpack config
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-03-06 14:45:14 +01:00
Max Wu
baa0418fb5 Remove and replace all note id compression in LZString with base64url
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 16:43:29 +08:00
Sheogorath
faa839ed3a
Use jq instead of jsonlint
As the jsonlint package from NPM causes problems and looks unmaintained,
it'll be replaced with `jq` a well maintained project which allows to
search through JSON files in a `grep`-like style, but knowing the JSON
structure.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-19 19:50:01 +01:00
Sheogorath
a01b4a843c
Update socket.io to version 2.0.4
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-30 19:44:32 +01:00
Dario Ernst
9e0359e079 Add simple user-management tool for emailsignin …
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-29 19:49:04 +01:00
Wu Cheng-Han
3c473e60a6 Upgrade reveal.js to 3.6.0 and useCDN option for CSS include 2018-01-29 13:09:52 +08:00
Christoph (Sheogorath) Kern
eec2318bda
Merge pull request #506 from erasys/minio
Add support for minio
2018-01-23 11:43:24 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Sheogorath
40d1d75704
Release 1.0.1-ce 2018-01-19 14:40:15 +01:00
Sheogorath
11a5dd0eb4
Release 1.0.0-ce 2018-01-18 13:03:18 +01:00
Max Wu
1b7d621fd1
Merge pull request #578 from hackmdio/licenseChangeAgreement
License Change Agreement
2017-12-07 06:54:12 +08:00
Norihito Nakae
4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Literallie
3a752fde51
Revert "Load js-url lib using legacy-loader"
Didn't work in Firefox for some reason.

`[Script Loader] ReferenceError: module is not defined`

This reverts commit 5b83deb043.
2017-11-02 17:57:44 +01:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Peter Dave Hello
f896432250 Upgrade mermaid to v7.1.0, fix #600 2017-10-30 00:18:53 +08:00
Sheogorath
94021e2d34 Merge pull request #574 from PeterDaveHello/README.md-Table-of-Contents
Add "Table of Contents" in README.md
2017-10-27 11:51:50 +02:00
Literallie
5b83deb043
Load js-url lib using legacy-loader
Doesn't use eval, plus no window object access
2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Peter Dave Hello
f70d2df1be Add jsonlint script to ensure all json files are valid 2017-10-14 00:19:32 +08:00
Peter Dave Hello
0864b06e0c Integrate npm package "doctoc" to update README.md 2017-10-13 16:21:25 +08:00
Wu Cheng-Han
bee5e2a558 Update license field in package.json 2017-10-13 01:56:13 +08:00
Marc Deop
2c780f53df
Add support for minio 2017-08-30 18:58:34 +02:00
Bryan Davis
723c9d79b6 Use git URLs in package.json
Using the "github:..." form to declare a dependency in package.json
makes npm attempt to install the package using an ssh clone rather than
an https clone. Some deployment environments may not allow ssh access
to external servers which will prevent the clones from succeeding. Using
the "git+https://..." form will clone the same repo from GitHub without
requiring ssh connectivity.
2017-07-01 15:41:56 -06:00
Sheogorath
8acceb28ed
Use non-zero exit codes when build fails 2017-06-03 18:22:37 +02:00
Max Wu
c37b666915 Merge branch 'master' into BackendRefactor 2017-05-14 17:42:14 +08:00
BoHong Li
ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
Yukai Huang
db06a51299 Load statusbar template by string-loader 2017-05-07 20:37:26 +08:00
Wu Cheng-Han
1d51fdaa7c chore(build): Upgrade uws to 0.14.1, other npm version have been removed 2017-03-29 12:43:03 +08:00
Wu Cheng-Han
1c6f5d272f style: Fix missing newline in variables 2017-03-29 12:41:23 +08:00
Wu Cheng-Han
7e3b74d0da Mark as 0.5.1 2017-03-23 00:22:44 +08:00
Max Wu
f6bd238b0f Merge pull request #387 from hackmdio/cm-refactor
Extract CodeMirror instance
2017-03-14 23:11:56 +08:00
Wu Cheng-Han
f55a4b8497 Update to fix pagination error in list.js over v1.5.0 2017-03-14 23:08:15 +08:00
Yukai Huang
24f1413654 Add inlineAttachment to global 2017-03-13 22:00:29 +08:00
Yukai Huang
b4424419c0 Add standarjs globals 2017-03-13 21:42:09 +08:00
BoHong Li
6cf06837f8 Remove eslint
1. Remove eslint , bacause we use JavaScript Standard Style.
2. Add lts/boron version to travis CI, web use it in docker version

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2017-03-13 02:23:58 +08:00
BoHong Li
4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
bananaappletw
40dfffd4f4 Using package.json to test lint instead
Exclude *.min.js from eslint
2017-02-16 13:05:46 +08:00
bananaappletw
af783b2746 Update node dependency up to 6.x in package.json 2017-02-15 19:17:51 +08:00
bananaappletw
4198d0d560 Add travis ci 2017-02-15 19:11:53 +08:00
Wu Cheng-Han
15bf2b6da8 Update webpack config to use parallel uglify plugin to speed up production build 2017-02-03 22:05:09 +08:00
Wu Cheng-Han
5ce5d4cd84 Update to use babel-polyfill to support ES6 features in old browsers 2017-02-03 22:04:43 +08:00
Wu Cheng-Han
4dbafe62a3 Upgrade mermaid to support class diagram 2017-02-02 23:28:05 +08:00
Wu Cheng-Han
3df5507589 Upgrade viz.js to fix manual workaround and get smaller file size 2017-02-02 23:27:34 +08:00
Yukai Huang
26d8942852 Revert experimental vue for now 2017-01-21 12:30:55 +08:00
Yukai Huang
3d6b319216 Merge branch 'master' into frontend-next 2017-01-13 22:53:33 +08:00
Max Wu
b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
alecdwm
b044c2ae19 Use randomcolor not seedrandom for avatar backgrounds 2017-01-06 07:08:07 +01:00
alecdwm
01361afa7a Profile pictures for LDAP users 2017-01-06 05:37:40 +01:00
bananaappletw
78c51e5e88 Revert "Rename npm script"
This reverts commit ed83dfc862.
2017-01-04 14:30:47 +08:00
Yukai Huang
65acaea8cf Merge branch 'master' into frontend-next 2017-01-02 15:09:19 +08:00
Wu Cheng-Han
bd4335964d Mark as 0.5.0 2017-01-02 11:19:01 +08:00
Wu Cheng-Han
6ac1df5965 Update dependencies 2017-01-02 11:17:23 +08:00
Yukai Huang
99dd107724 Basic setup for Vue app 2016-12-24 11:50:57 +08:00
Yukai Huang
a06fad974e Install vue and babel dependency 2016-12-24 11:10:18 +08:00
Wu Cheng-Han
39521f25a7 Mark as 0.4.6 2016-12-19 17:30:33 +08:00
Wu Cheng-Han
276d500406 Upgrade dependencies 2016-12-19 16:20:27 +08:00
Wu Cheng-Han
c6742e50ee Remove unused vendor code and add missing dependency 2016-12-19 16:13:56 +08:00
Wu Cheng-Han
59725e9390 Remove unused dependencies 2016-12-18 22:54:00 +08:00
alecdwm
02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Yukai Huang
9e6fd505e1 Remove bower occurences 2016-12-11 11:18:08 +08:00
Yukai Huang
ed83dfc862 Rename npm script
webpack scripts are meant to “build” assets, so place them under the same namespace

* dev => build:dev
* build => build:prod
2016-12-10 22:12:07 +08:00
Yukai Huang
65a1a62cc0 Drop nodemon dependency
Sometimes nodemon not reload source code correctly, so simply drop it.
2016-12-10 22:09:50 +08:00
Wu Cheng-Han
5958654ea4 Remove preprocess image on upload image or it will losing support of image some formats 2016-12-03 14:37:12 +08:00
Wu Cheng-Han
840cac7435 Add delay to throttle nodemon in dev script 2016-12-02 02:24:12 +08:00
Wu Cheng-Han
a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Wu Cheng-Han
b081302f3d Remove webpack shell plugin for webpack because it've been solved in another way 2016-11-28 03:19:15 +08:00
Wu Cheng-Han
9f79ed929e Update to move custom CodeMirror codebase to our own repo and update webpack build config 2016-11-28 01:36:48 +08:00
Max Wu
bd3d4958e4 Merge pull request #248 from hackmdio/file-upload-options
Support other options for image uploading
2016-11-27 10:54:00 +08:00
Wu Cheng-Han
5287d46931 Optimize hackmd resource packing and load orders 2016-11-26 23:18:51 +08:00
Wu Cheng-Han
3fbfdb7db8 Optimize index page resources packing and loads 2016-11-26 23:13:02 +08:00
Wu Cheng-Han
9383df59c9 Update socket.io to 1.6.0 2016-11-26 22:40:50 +08:00
Wu Cheng-Han
f387bb312f Try to replace engine.io to uws in socket.io for better performance 2016-11-18 12:18:29 +08:00
Yukai Huang
2279986f97 Config sharp image preprocessing 2016-11-16 17:07:00 +08:00
Yukai Huang
518a4a120b upload image to s3 2016-11-16 12:05:24 +08:00
Yukai Huang
a04c6ef127 Install nodemon for local development 2016-11-14 16:44:12 +08:00
Yukai Huang
689b1dc4d6 Add optimize-css webpack plugin 2016-11-03 13:59:25 +08:00
Max Wu
7e05976a93 Revert "html minify in production environment" 2016-10-24 00:00:05 +08:00
Peter Dave Hello
731375c220 html minify in production environment 2016-10-23 23:31:04 +08:00
Wu Cheng-Han
7e8d1f22b1 Fix missing dependency in d44e830366 2016-10-18 21:41:06 +08:00
Wu Cheng-Han
d44e830366 Update emoji parser using markdown-it-emoji instead of emojify to solve issue #217 2016-10-18 16:50:58 +08:00
Yukai Huang
9f63581c61 Config heroku deployment 2016-10-16 11:20:29 +08:00
Yukai Huang
4c1109b70b Move gist-embed to CDN 2016-10-14 09:56:19 +08:00
Yukai Huang
142b4c6771 Move highlight.js to CDN 2016-10-14 09:21:41 +08:00
Yukai Huang
83be3465cc Fix scrollspy 2016-10-13 13:59:34 +08:00
Yukai Huang
2cafe15e85 Enable production assets hash 2016-10-12 17:15:59 +08:00
Yukai Huang
91266f1cad Load more scripts using webpack 2016-10-12 17:03:47 +08:00
Yukai Huang
02eef3f68a Load customized vendor script through script-loader 2016-10-12 13:18:29 +08:00
Yukai Huang
2e929879ad Fix engine.io-client webpack load dependency 2016-10-12 12:57:16 +08:00
Yukai Huang
6e651c8108 Merge branch 'master' into webpack-frontend 2016-10-11 18:40:23 +08:00
Yukai Huang
f9e7f482d3 Setup webpack production config 2016-10-11 15:45:00 +08:00
Yukai Huang
06437ccaa9 Manage more packages with npm and webpack 2016-10-11 14:52:45 +08:00
Yukai Huang
3368b57b89 Remove ot from package.json 2016-10-11 14:09:40 +08:00
Yukai Huang
9c8752d452 Split common vendor javascript into chunks 2016-10-11 12:30:30 +08:00
Wu Cheng-Han
9a15cad42d Mark as 0.4.5 2016-10-11 11:01:05 +08:00
Wu Cheng-Han
fb5d7e4359 Update npm and bower dependencies with related patch 2016-10-10 21:14:28 +08:00
Wu Cheng-Han
138aa876f4 Remove unused npm dependency 2016-10-10 21:05:33 +08:00
Yukai Huang
e10203b7e9 More function expose workaround for reveal-markdown.js 2016-10-10 08:24:58 +08:00
Yukai Huang
a258897884 Revert some bower assets 2016-10-09 21:43:41 +08:00
Yukai Huang
3e2905be13 Revert to customized codemirror 2016-10-09 17:54:51 +08:00
Yukai Huang
8e2b03cfd6 Config bootstrap with webpack 2016-10-08 23:04:19 +08:00
Yukai Huang
963a435ae1 Resolve dependency module requiring
* es5 style module exports
* remove script tag require
* webpack config ProvidePlugin

Note that this commit only fix JavaScript module loading runtime error.
2016-10-08 20:02:30 +08:00
Yukai Huang
ebee5a8d05 Use xss in script tag 2016-10-08 19:57:50 +08:00
Yukai Huang
ab21311161 Change npm task 'build' to 'dev' 2016-10-08 10:16:49 +08:00
Yukai Huang
b8467a562c Remove Idle.Js dependency
use vendor minified js for now
2016-10-08 10:07:12 +08:00
Yukai Huang
325d1f1a32 Create webpack config 2016-10-08 08:13:40 +08:00
Wu Cheng-Han
b9c59c454d Add support of i18n with related patches and support "en" and "zh" locales for now 2016-08-19 11:49:24 +08:00
Wu Cheng-Han
f35aa94b41 Mark as 0.4.4 2016-08-02 17:17:33 +08:00
Wu Cheng-Han
b6ca8649af Update npm dependencies 2016-07-30 12:23:40 +08:00
Wu Cheng-Han
045c08447f Update to use own package of google-diff-match-patch to solve encodeURI exception issue 2016-07-30 11:12:28 +08:00
Wu Cheng-Han
2b5c7365ab Change npm imgur package to self owned repo in order to fix some exception 2016-07-13 10:42:32 +08:00
Wu Cheng-Han
458d07dde7 Update to change server-side pre-rendering engine from marked to markdown-it 2016-07-02 16:11:06 +08:00
Wu Cheng-Han
d7d83c102b Mark as 0.4.3 2016-06-28 09:38:31 +08:00
Cheng-Han, Wu
6fddab1bfc Update npm dependencies 2016-06-17 16:32:05 +08:00
Cheng-Han, Wu
dbc126b156 Add support of saving note revision and improve app start and stop procedure to ensure data integrity 2016-06-17 16:09:33 +08:00
Cheng-Han, Wu
c439797efd Mark as 0.4.2 2016-06-01 20:44:19 +08:00
Cheng-Han, Wu
16990e35a2 Update slide template using ejs instead of mustache to reduce similar package dependency 2016-05-29 17:54:24 +08:00
Cheng-Han, Wu
e52937df50 Update project infos, reclaim authors and add authors list 2016-05-28 01:49:15 +08:00
Cheng-Han, Wu
6405bb5056 Add support of google signin 2016-05-21 22:48:00 +08:00