Commit graph

1163 commits

Author SHA1 Message Date
David Mehren
9ab8bf3cac Fix crash in LDAP authentication
Since https://github.com/vesse/node-ldapauth-fork/commit
/741a648df98d789856b3301d65103b74872fdeea, ldapauth-fork calls `push` on
 the attributes array.

 Since we deep-freeze our config object in https://github
 .com/hedgedoc/hedgedoc/blob/master/lib/config/index.js#L200, this
 causes a crash.

 This commit fixes the crash by creating a mutable clone of the LDAP
 config and passing that to the LDAP strategy.

 Fixes https://github.com/hedgedoc/hedgedoc/issues/2561

Signed-off-by: David Mehren <git@herrmehren.de>
2022-08-22 09:01:04 +02:00
David Mehren
58f321ce29 Add dark mode toggle in mobile view
Fixes #2534

Signed-off-by: David Mehren <git@herrmehren.de>
2022-08-22 08:52:49 +02:00
David Mehren
d1f2a028b4
1.9.4 release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2022-07-10 22:02:17 +02:00
Sheogorath
dd539273fb fix(migrations): Remove unexpected shell call
This patch removes the call of `/usr/bin/env` when calling the migration
script in favour of using the processes own nodejs invocation path.

This should drop the requirement for `/usr/bin/env` to exist on a
system/in a container that runs hedgedoc.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2022-05-17 14:04:02 +02:00
David Mehren
d26dcd04a1
Adapt code for eslint-config-standard 17
Signed-off-by: David Mehren <git@herrmehren.de>
2022-05-01 21:19:44 +02:00
David Mehren
e222225866 Drop support for Node.js 12
Signed-off-by: David Mehren <git@herrmehren.de>
2022-05-01 21:03:19 +02:00
David Mehren
680e6917af
Add warning about MariaDB charset changes to changelog
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-10 21:49:35 +02:00
David Mehren
5154598557
Update changelog for 1.9.3
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-10 21:49:23 +02:00
Erik Michelson
c99d30931d Remove duplicated jQuery selectors
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-04-10 21:24:30 +02:00
Erik Michelson
0093aa4783 Fix GitLab snippet export
The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-04-10 21:24:30 +02:00
David Mehren
e0021036ae
Fix missing inline authorship colors
The hex2rgb function seems to previously have been available globally.
It probably got lost in the great Webpack refactoring and nobody noticed
 that.

 This copies the function into its own file (to make importing it easy)
 and adds an import in index.js.

 Fixes https://github.com/hedgedoc/hedgedoc/issues/2248

Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-08 12:13:37 +02:00
Tilman Vatteroth
61e092e8af Force change of aria-hidden when modal shows or hides
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-04-03 22:52:53 +02:00
Tilman Vatteroth
bb4acb02bc Improve aria tags for view mode labels
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-04-03 22:40:07 +02:00
David Mehren
101bedaecd bin/manage_users: Always treat pass argument as string
Fixes #1945

Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-03 22:14:27 +02:00
Moritz Schlarb
e6fc9f01a3 Allow SAML authentication provider to be named
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.

Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>
2022-03-20 19:59:53 +01:00
Tilman Vatteroth
cc0c469c2d
Add error message to log if database cannot be reached
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-02-04 11:49:51 +01:00
Erik Michelson
8705c4abd1
Update tests and changelog
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-01-07 18:21:33 +01:00
David Mehren
a72f2455ca
Add release notes for 1.9.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-03 20:31:17 +01:00
David Mehren
1baf7db914
Add changelog entry
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-03 10:35:01 +01:00
Yannick Bungers
d676008ff7
Merge pull request #1855 from hedgedoc/release/1.9.1 2021-12-02 22:18:49 +01:00
Tilman Vatteroth
22ecc7bb0d
Add release notes for 1.9.1
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-02 22:14:31 +01:00
David Mehren
381d360d58
Fix mermaid import
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-02 19:11:39 +01:00
David Mehren
489f785992
Set global timeout for Ajax operations
`ajaxSetup()` sets the default values for future Ajax operations.

See also
https://api.jquery.com/jQuery.ajaxSetup/
https://api.jquery.com/jquery.ajax/

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-04 20:49:53 +01:00
Tilman Vatteroth
d7986b1920
Refactor existing code to add the configured domain to connect-src
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-09-16 19:43:20 +02:00
David Mehren
ebc58a71cf
Add translators to release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-13 22:11:33 +02:00
David Mehren
07d447757a
Update release notes for 1.9.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-13 22:11:33 +02:00
David Mehren
30722503c5
Update release notes for 1.9.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:55:19 +02:00
David Mehren
c2691210af
Update FAQ link in features page
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-26 20:12:09 +02:00
David Mehren
f2cce60761
Remove embedding from feature page
We discourage allowing HedgeDoc to be embedded into other pages in the
FAQ.
Therefore, we should not advertise this feature, especially as it needs
a non-standard config.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-26 20:11:46 +02:00
David Mehren
7729cc49a7
Drop support for MS SQL Server
Sequelize generates invalid SQL for the 'fix-enum' migration from 2018.
Since nobody has complained about this issue since then, we can just
drop support for SQL Server.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-23 17:45:45 +02:00
Erik Michelson
2c180517fd
Add changelog snippet
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-08-18 22:59:13 +02:00
Erik Michelson
d641954c73
Ignore local installed fonts
There were several reports of HedgeDoc not looking correctly when having some variants of fonts locally installed which HedgeDoc uses. The only way to fix this for the users was to remove the locally installed font or update them to another variant.
As we use woff font files which aren't very heavy in terms of file-size, it seems reasonable to fetch them always from the server (or the local browser cache).

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-08-18 22:47:22 +02:00
David Mehren
957d7d553e
Merge pull request #1394 from hedgedoc/remove-cdn 2021-08-15 20:11:26 +02:00
David Mehren
a865ed0822
Merge pull request #1538 from hedgedoc/fix/secure_cookies 2021-08-15 00:42:52 +02:00
David Mehren
8973e85ba6
Hardcode YouTube and Vimeo URLs to HTTPS
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
d56ff5bdf3
Fix slideshare CSP error by always using HTTPS
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
832f3522b3
Add new CSP config options to release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
4526542944
Replace Cloudflare links in exported HTML
Emoji images are now converted to data URLs

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:09:53 +02:00
David Mehren
515fed3db0
Remove unused Google Fonts import
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:09:53 +02:00
David Mehren
3b00601872
Inline CSS & JS into HTML export template
Previously, the HTML export template `html.hbs` included CDN links
for the HTML and CSS resources.

This commit enables Webpack to create a new `htmlexport.html` at
build-time, which includes all resources inline.
That template is then used as before by the frontend to be populated
with the rendered note content.

The tradeoff is that each exported .html file is about 5.6 MB in size,
as we need to inline all fonts (icons & emojis).

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:09:53 +02:00
Tilman Vatteroth
9498ee6bfe
Remove cdn support
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-08-15 00:09:53 +02:00
David Mehren
7b00a59661
Set secure flag for non-session cookies
This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
 the `secure` flag is necessary to set any cookie.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:08:31 +02:00
David Mehren
b8c3703c2f
Fix endless loop on shutdown when DB can't be reached
The shutdown handler calls `checkAllNotesRevision` on a 100 ms
interval. If the database connection is broken, this will return
an error. Previously, this error was effectively ignored and resulted
in an endless loop printing out the error message every 100 ms.

This improves the error handling by terminating the process with a
nonzero exit code when an error was encountered 30 times. The loop
interval is also increased to 200 ms, giving the database 6 seconds
total time to recover in case of intermittent issues.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 23:47:26 +02:00
David Mehren
4ad5c705c4
Add changelog entry for DB auto-reconnect
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 22:23:26 +02:00
David Mehren
b719ce79db
Fix crash while getting current git commit
HedgeDoc crashed with
`uncaughtException: ENOENT: no such file or directory`
on startup, when `.git/ref/heads` did not contain
a file for the current branch. This seems to happen
regularly with current Git versions.

This fixes the crash by first trying to use the `git` executable for
getting the current commit SHA (before running our own parsing code)
and introducing a separate check to prevent accessing a nonexistent
file in `.git/ref/heads`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 16:08:55 +02:00
Tilman Vatteroth
c767bad386
Make anchor links base uri independent
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-07-26 22:29:33 +02:00
David Mehren
7ff685933e
Lazy-load highlight.js
This commit moves the import of highlight.js into a `require.ensure`
block, that is only executed when a code-block is actually present
in a note. Webpack automatically splits the library into a separate
chunk and loads that on demand.

The call to `hljs.listLanguages()` in `index.js` is also replaced
by a static list. This is important, as `index.js` would otherwise
need to import highlight.js, which would cause the quite big
library to be included into nearly every entrypoint, needlessly
increasing the transferred code size.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-11 09:29:27 +02:00
David Mehren
5b8b76135b
Lazy-load viz.js
This commit moves the import of viz.js into a `require.ensure` block,
that is only executed when a graphviz diagram is actually present
in a note. Webpack automatically splits the library into a separate
chunk and loads that on demand.

To ensure that graphviz code-blocks are not treated as normal
code-blocks while the chunk is loading, a corresponding check is added
to `finishView`.

The library is also removed from the Webpack config file, as it only
is used at one place in extra.js, which is handled by Webpack
without any extra config.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-11 09:29:26 +02:00
David Mehren
1c023e7881
Lazy-load abcjs
This commit moves the import of abcjs into a `require.ensure` block,
that is only executed when a abc diagram is actually present
in a note. Webpack automatically splits the library into a separate
chunk and loads that on demand.

To ensure that abc code-blocks are not treated as normal
code-blocks while the chunk is loading, a corresponding check is added
to `finishView`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-11 09:29:26 +02:00
David Mehren
938afbddc3
Replace handlebars with string.replace
The html.hbs template does not contain any logic,
so we can replace the lib with good old string.replace calls.
This significantly reduces the bundle size, as we don't have to ship
a full template engine to the client.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-11 09:29:26 +02:00