Since https://github.com/vesse/node-ldapauth-fork/commit
/741a648df98d789856b3301d65103b74872fdeea, ldapauth-fork calls `push` on
the attributes array.
Since we deep-freeze our config object in https://github
.com/hedgedoc/hedgedoc/blob/master/lib/config/index.js#L200, this
causes a crash.
This commit fixes the crash by creating a mutable clone of the LDAP
config and passing that to the LDAP strategy.
Fixes https://github.com/hedgedoc/hedgedoc/issues/2561
Signed-off-by: David Mehren <git@herrmehren.de>
This patch removes the call of `/usr/bin/env` when calling the migration
script in favour of using the processes own nodejs invocation path.
This should drop the requirement for `/usr/bin/env` to exist on a
system/in a container that runs hedgedoc.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The hex2rgb function seems to previously have been available globally.
It probably got lost in the great Webpack refactoring and nobody noticed
that.
This copies the function into its own file (to make importing it easy)
and adds an import in index.js.
Fixes https://github.com/hedgedoc/hedgedoc/issues/2248
Signed-off-by: David Mehren <git@herrmehren.de>
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.
Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>
We discourage allowing HedgeDoc to be embedded into other pages in the
FAQ.
Therefore, we should not advertise this feature, especially as it needs
a non-standard config.
Signed-off-by: David Mehren <git@herrmehren.de>
Sequelize generates invalid SQL for the 'fix-enum' migration from 2018.
Since nobody has complained about this issue since then, we can just
drop support for SQL Server.
Signed-off-by: David Mehren <git@herrmehren.de>
There were several reports of HedgeDoc not looking correctly when having some variants of fonts locally installed which HedgeDoc uses. The only way to fix this for the users was to remove the locally installed font or update them to another variant.
As we use woff font files which aren't very heavy in terms of file-size, it seems reasonable to fetch them always from the server (or the local browser cache).
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Previously, the HTML export template `html.hbs` included CDN links
for the HTML and CSS resources.
This commit enables Webpack to create a new `htmlexport.html` at
build-time, which includes all resources inline.
That template is then used as before by the frontend to be populated
with the rendered note content.
The tradeoff is that each exported .html file is about 5.6 MB in size,
as we need to inline all fonts (icons & emojis).
Signed-off-by: David Mehren <git@herrmehren.de>
This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
the `secure` flag is necessary to set any cookie.
Signed-off-by: David Mehren <git@herrmehren.de>
The shutdown handler calls `checkAllNotesRevision` on a 100 ms
interval. If the database connection is broken, this will return
an error. Previously, this error was effectively ignored and resulted
in an endless loop printing out the error message every 100 ms.
This improves the error handling by terminating the process with a
nonzero exit code when an error was encountered 30 times. The loop
interval is also increased to 200 ms, giving the database 6 seconds
total time to recover in case of intermittent issues.
Signed-off-by: David Mehren <git@herrmehren.de>
HedgeDoc crashed with
`uncaughtException: ENOENT: no such file or directory`
on startup, when `.git/ref/heads` did not contain
a file for the current branch. This seems to happen
regularly with current Git versions.
This fixes the crash by first trying to use the `git` executable for
getting the current commit SHA (before running our own parsing code)
and introducing a separate check to prevent accessing a nonexistent
file in `.git/ref/heads`.
Signed-off-by: David Mehren <git@herrmehren.de>
This commit moves the import of highlight.js into a `require.ensure`
block, that is only executed when a code-block is actually present
in a note. Webpack automatically splits the library into a separate
chunk and loads that on demand.
The call to `hljs.listLanguages()` in `index.js` is also replaced
by a static list. This is important, as `index.js` would otherwise
need to import highlight.js, which would cause the quite big
library to be included into nearly every entrypoint, needlessly
increasing the transferred code size.
Signed-off-by: David Mehren <git@herrmehren.de>
This commit moves the import of viz.js into a `require.ensure` block,
that is only executed when a graphviz diagram is actually present
in a note. Webpack automatically splits the library into a separate
chunk and loads that on demand.
To ensure that graphviz code-blocks are not treated as normal
code-blocks while the chunk is loading, a corresponding check is added
to `finishView`.
The library is also removed from the Webpack config file, as it only
is used at one place in extra.js, which is handled by Webpack
without any extra config.
Signed-off-by: David Mehren <git@herrmehren.de>