Commit graph

515 commits

Author SHA1 Message Date
Sheogorath
7e5bb8a24b
Fix broken error template due to missing opengraph
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:

```
ReferenceError: /codimd/public/views/error.ejs:5
    3|
    4| <head>
 >> 5|     <%- include codimd/head %>
    6|     <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
    7| </head>
    8|
/codimd/public/views/codimd/head.ejs:7
    5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
    6| <meta name="mobile-web-app-capable" content="yes">
 >> 7| <% for (var og in opengraph) { %>
    8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
    9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
    10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
    at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
    at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
    at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
    at View.render (/codimd/node_modules/express/lib/view.js:135:8)
    at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
    at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
    at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
    at responseError (/codimd/lib/response.js:57:20)
    at Object.errorNotFound (/codimd/lib/response.js:30:5)
    at newNote (/codimd/lib/response.js:134:76)
    at /codimd/lib/response.js:172:16
    at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
    at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
    at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
    at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
    at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)

```

The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-11 17:03:09 +02:00
Sheogorath
cd34a8c702
Merge pull request #191 from ErikMichelson/feature/ogmetadata
Add customizable opengraph metadata for notes (see #40)
2019-10-10 14:55:34 +02:00
Erik Michelson
2881f8211a
Added customizable og-metadata to notes
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:49:45 +02:00
Amolith
71e900e9e8
remove unused variable to pass ci testing - #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 09:24:46 -04:00
Amolith
e6eab33e2d
remove legacy code to solve #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 08:39:51 -04:00
Sheogorath
e313b47b92
Merge pull request #170 from ErikMichelson/post-note-url
Added endpoint for note-creation with given alias
2019-09-26 12:20:57 +02:00
Erik Michelson
9e1cc2159f
Updated forbiddenNoteIDs
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:54:08 +02:00
Erik Michelson
6e5e6696ad
Refactored note-creation with given noteId
Known bugs/features:
 - pushing towards an existing note results in an error 500

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 20:25:32 +02:00
Erik Michelson
8d29d74b02 Added endpoint for note-creation with given alias
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 12:28:44 +02:00
Sheogorath
529075fd67
Merge pull request #168 from dargmuesli/fix/docker-secret-buffer
Config: Return String Instead Of Buffer For Docker Secrets
2019-09-03 18:11:47 +02:00
Jonas Thelemann
0be784351d
Docker Secrets: Use Encoding Parameter Directly
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 17:58:58 +02:00
Jonas Thelemann
3d9c97fc65
Config: Return String Instead Of Buffer For Docker Secrets
Prevents "TypeError: Cannot freeze array buffer views with elements".

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 00:28:44 +02:00
Jonas Thelemann
326b38dff9
Docker Secrets: Correct Source Path
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-02 18:45:16 +02:00
Sheogorath
2e627099d8
Merge pull request #32 from codimd/aws-endpoints
make aws s3 endpoint configurable
2019-09-02 18:50:29 +03:00
Matthias Lindinger
fe2c8634d3 Add link to imprint
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
2019-08-26 14:57:44 +02:00
Sheogorath
c178947402
Disable PDF export due to security issue
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.

I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:54 +02:00
Sheogorath
c07ae7eda1
Fix variable names for docker secrets
It seems like since we switched to camelcase we missed to update some
variable names in the config section. This patch fixes those.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:53 +02:00
chandi
6280e92d10 fix: migration should return promise
Signed-off-by: chandi <git@chandi.it>
2019-08-12 14:13:34 +02:00
Sheogorath
1bfed17f8c
Merge pull request #104 from SISheogorath/feature/dnt
Respect DNT header
2019-07-20 12:50:13 +02:00
Sheogorath
2f6e81e4db
Merge pull request #128 from dargmuesli/docker-secrets
DB URL: Secret File Support
2019-07-20 12:49:19 +02:00
Jonas Thelemann
cc78dd0428
Docker Secrets: Add DB URL Support
As the connection string may include a password it should be supported by Docker Secrets.

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-07-01 19:43:42 +02:00
Sheogorath
118314d8dd
Merge pull request #119 from lhw/patch-1
Add SVG image detection based on file extension
2019-07-01 19:03:18 +02:00
Lennart Weller
f22a563116 Add SVG image detection based on file extension
Add simple SVG image detecetion base on the file extension .svg.
This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG.

Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
2019-06-18 17:13:50 +02:00
BoHong Li
63c96e7359
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-11 00:41:50 +02:00
Sheogorath
da4665c759
Respect DNT header
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.

This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.

This should later-on extended towards other document content (i.e.
iframe based content).

The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08 23:43:50 +02:00
Sheogorath
b5fc6db75d
Rework debug logging
We have various places with overly simple if statements that could be
handled by our logging library. Also a lot of those logs are not marked
as debug logs but as info logs, which can cause confusion during
debugging.

This patch removed unneeded if clauses around debug logging statements,
reworks debug log messages towards ECMA templates and add some new
logging statements which might be helpful in order to debug things like
image uploads.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-08 21:27:29 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Sheogorath
e2990c56fd
Merge pull request #82 from SISheogorath/fix/doubleCount
Fix missing pictures for OpenID
2019-05-26 22:19:22 +02:00
Sheogorath
0dff8796ac
Fix missing pictures for OpenID
Currently a problem appears when using OpenID for authentication as
there is no method to add a profile picture right now.

This patch makes sure that all undefined login methods get a profile
picture.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-26 03:53:59 +02:00
Sheogorath
6c62efae2a
Add config for toobusy middleware
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.

This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-25 21:08:38 +02:00
Claudius
4833f300c5 polyfilling scrypt for node 8.5+
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
df666dd214 getting password hashing into a hook where it could be async
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Emmanuel Ormancey
df53f465c0
Added a configuration option for passport-saml:
disableRequestedAuthnContext: true|false

By default only Password authmethod is accepted, this option allows any other method.

Issue and option described here:
https://github.com/bergie/passport-saml/issues/226

Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
2019-04-06 17:54:58 +02:00
Thor77
022c7ad616
Hide port from minio URL for protocol default port
Signed-off-by: Thor77 <thor77@thor77.org>
2019-04-06 13:52:49 +02:00
Stéphane Guillou
afc8541c86 change default mode to "both" when clicking edit
Add "both" mode to URLs because I assume most people want to straight away see the code when they click the "edit" button in a published note.

Fixes https://github.com/codimd/server/issues/27

Not tested, followed instructions from @ccoenen , please do review! :)

Signed-off-by: Stéphane Guillou <stephane.guillou@member.fsf.org>
2019-04-05 20:58:06 +10:00
Christoph (Sheogorath) Kern
7f04013f4a
Merge pull request #7 from SISheogorath/feature/libravatar
Use libravatar as drop-in replacement for gravatar
2019-03-31 03:30:51 +02:00
Sheogorath
7cde6958f3
Update links to new repositories
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.

Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27 19:31:34 +01:00
Sheogorath
a5133e0f9b
Use libravatar as drop-in replacement for gravatar
Since libravatar got a default fallback to Gravatar and in generell
allows federated image hosting for avatars this shouldn't break any
existing implementations.

The federation functionality is not added yet. This would require to use
the libravatar library.

Details:
https://wiki.libravatar.org/api/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-17 23:51:54 +01:00
Christoph (Sheogorath) Kern
329d39d0d0
Merge pull request #1131 from SISheogorath/fix/gitlabSnippets
Fix shown but broken GitLab snippets
2019-03-09 14:50:47 +01:00
Sheogorath
cda878d377
Add required change for Google+ API deprecation
Since Google+ is shutting down soon, we need to get the profile data
from another URL. Since the library already supports it, all we need to
do is adding a single line of code.

Details:
https://github.com/hackmdio/codimd/issues/1160

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 14:42:06 +01:00
Sheogorath
bcb7972607
Fix shown but broken GitLab snippets
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.

This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-05 18:16:04 +01:00
Christoph (Sheogorath) Kern
de0acbb566
Merge pull request #1153 from toshi0123/for_empty_serverurl
Fix empty serverURL did not redirect properly
2019-03-05 18:11:37 +01:00
Sheogorath
b51a048777
Fix wrong value type for HSTS environment variable
Seem like also environment variables are affected. This patch fixes that
as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 17:13:43 +01:00
toshi0123
6aab032709 Fix empty serverURL did not redirect properly
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
2019-03-04 13:59:14 +09:00
Sheogorath
1ee9874393
Fix names with spaces in letter-avatars
Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-03 15:46:28 +01:00
Mathias Merscher
9613197f5d
make aws s3 endpoint configurable
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
2019-02-11 17:45:24 +01:00
Sheogorath
806f403045
Disable OpenID by default
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.

This patch disables OpenID by default.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-25 19:31:34 +01:00
Sheogorath
4e81079050
Fix broken PDF export by wrong unlink call
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.

This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 13:02:53 +01:00