Commit graph

144 commits

Author SHA1 Message Date
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Christoph (Sheogorath) Kern
268c81a323
Merge pull request #673 from fooker/master
Allow posting new note with content
2018-01-20 19:45:41 +01:00
Dario Ernst
6ae4b8bf13 Add option to enable freely permission in closed instance
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Dustin Frisch
f47601857e
Allow posting new note with content
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-01-18 10:41:58 +01:00
Peter Dave Hello
76873d3f7e Fix file permission, remove useless executable 2017-12-14 05:05:18 +08:00
Norihito Nakae
4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Sheogorath
8808399c48
Fix mattermost breaking notes 2017-10-31 13:48:35 +01:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
geekyd
f7d2ef970a Adds 403 response if PDF export is disabled 2017-10-25 19:21:34 +05:30
geekyd
d63e6780eb Adds PDF export via config 2017-10-25 19:19:37 +05:30
Literallie
080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Wu Cheng-Han
ca95901204 Fix slide might not provide slideOptions meta 2017-06-05 01:12:40 +08:00
butlerx
c531d96f66
check if reveal theme exists 2017-06-01 10:12:40 +01:00
butlerx
e5834c077f
add the ability to set slide theme in slide options 2017-05-31 23:28:43 +01:00
BoHong Li
ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li
aca01f064d refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
BoHong Li
5870d988b5 Use strict mode in all backend files
add ‘use strict’ in all backend file
2017-03-14 13:02:43 +08:00
BoHong Li
4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
Wu Cheng-Han
1473437295 Refactor checkViewPermission to fix limited & protected permission check bug and fix code style 2017-01-16 23:47:53 +08:00
Wu Cheng-Han
3c0667813c Fix missing config in hackmd response 2017-01-16 12:41:34 +08:00
Sheogorath
747629e549 Add allowemailregister option 2017-01-12 13:54:45 +01:00
Max Wu
a8068d38d5 Merge pull request #313 from elct9620/feature/disable_anonymous_view
WIP: Add options to limit anonymous view note
2017-01-10 20:23:47 +08:00
蒼時弦也
89b8ddeaba Add limited and protected permission 2017-01-10 10:02:37 +08:00
蒼時弦也
c21fb8e2a0 Recovery tariling spaces 2017-01-10 09:35:21 +08:00
蒼時弦也
f8e5b54767 Remove temporary change 2017-01-10 09:32:44 +08:00
Max Wu
b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
蒼時弦也
1fbecbb03d Fix anonymouse view permission check 2017-01-05 23:37:10 +08:00
蒼時弦也
aaf1ff4b2f Add limit for constrain anonymous view note 2017-01-05 22:36:40 +08:00
Wu Cheng-Han
c1b5e74cf9 Fix and refactor extracting content using metaMarked directly might lead in invalid object 2017-01-04 23:57:16 +08:00
Wu Cheng-Han
10a8448c6a Fix yaml metadata description not able to show 2017-01-02 11:13:41 +08:00
Wu Cheng-Han
f6d8e3ab00 Remove LZString compression for data storage 2017-01-02 10:59:53 +08:00
Florian Rhiem
fdea226159 Fixed typo: anonmyous 2016-12-21 14:36:54 +01:00
Wu Cheng-Han
5bb3de2675 Add support of allow free url config option with correspond modifications 2016-12-16 15:38:05 +08:00
Wu Cheng-Han
5c7eb48319 Add support of allow anonymous config option with correspond modifications 2016-12-15 14:11:23 +08:00
alecdwm
02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Wu Cheng-Han
a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Wu Cheng-Han
71a356552f Update to auto generate meta description based on content in publish note and slide 2016-11-26 23:04:29 +08:00
Wu Cheng-Han
9d4ede4cff Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue] 2016-11-26 22:55:31 +08:00
Wu Cheng-Han
f86a9e0c4b Fix slide might trigger script when processing markdown which cause XSS [Security Issue] 2016-11-26 22:46:08 +08:00
Wu Cheng-Han
1d2a9826af Update to improve history api error and bad request handling 2016-10-10 20:52:31 +08:00
Wu Cheng-Han
55ac4dcccb Update to allow CORS as API on revision actions 2016-10-10 20:33:48 +08:00
Wu Cheng-Han
3175616573 Update to support showing owner on the infobar 2016-10-10 20:32:20 +08:00
Wu Cheng-Han
0470a266fd Update to prevent caching and crawling status 2016-09-18 16:23:56 +08:00
Wu Cheng-Han
87f4d05e8e Update to use proper way to render view and fix upload image error should response with code 2016-08-19 11:31:23 +08:00
Wu Cheng-Han
4d7c3d2120 Add info api for note 2016-08-19 11:24:36 +08:00
Wu Cheng-Han
a013c9d3bc Update slide mode to show extra info and support url actions and support disqus via yaml-metadata 2016-08-15 11:25:27 +08:00
Wu Cheng-Han
9bf7b92707 Fix meta might be null issue 2016-08-15 10:59:40 +08:00
Wu Cheng-Han
3bcb36b46c Improve index layout and UX with UI adjustments and better wording 2016-08-15 10:56:14 +08:00
Wu Cheng-Han
be81ee22ec Update slide mode, now respect all meta settings and update default styles 2016-08-14 15:02:05 +08:00
Wu Cheng-Han
b367e110b6 Update to support slideOptions in the YAML metadata 2016-08-01 00:08:22 +08:00
Wu Cheng-Han
0f4f270193 Fix yaml metadata title should pass to generateWebTitle 2016-07-30 11:01:07 +08:00
Wu Cheng-Han
95c8f25fb5 Update response to force note, publish note, publish slide redirect to their expected url 2016-07-02 16:11:30 +08:00
Wu Cheng-Han
d39f1fc700 Update to make slide mode support all extra syntax and change it's rendering engine 2016-07-02 16:09:26 +08:00
Cheng-Han, Wu
558304ff62 Update to support new metadata: title, description, tags and google-analytics (GA) and refactor render publish slide response function 2016-06-21 21:42:03 +08:00
Cheng-Han, Wu
ad6982e77e Remove robot meta on note edit page and html template, add prevent crawling header to enhance note privacy 2016-06-21 21:37:56 +08:00
Cheng-Han, Wu
a125f80535 Fix pdf tmp path is missing a folder slash before timestamp 2016-06-17 16:33:58 +08:00
Cheng-Han, Wu
8e351e7e33 Add revision api 2016-06-17 16:11:14 +08:00
Cheng-Han, Wu
16990e35a2 Update slide template using ejs instead of mustache to reduce similar package dependency 2016-05-29 17:54:24 +08:00
Cheng-Han, Wu
6405bb5056 Add support of google signin 2016-05-21 22:48:00 +08:00
Cheng-Han, Wu
eb5873a94d Update to move gitlab api path to sub path and fix its find user method for PR #121 2016-05-16 18:16:45 +08:00
Cheng-Han, Wu
93c6205aa6 Fix merge conflicts 2016-05-15 11:17:02 +08:00
Cheng-Han, Wu
8a01b7242c Merge branch 'gitlab_snippets' of https://github.com/jccrofty30/hackmd into jccrofty30-gitlab_snippets
# Conflicts:
#	lib/response.js
2016-05-15 11:02:15 +08:00
Cheng-Han, Wu
73835763c6 Merge PR #118 2016-05-15 10:58:41 +08:00
Cheng-Han, Wu
a70ebf7762 Update to move dropbox app key setting to common.js and will auto load client-side related scripts 2016-05-15 10:54:24 +08:00
Jason Croft
a3876dfc92 Start extending to support GitLab authentication.
Add necessary dependency.
Add baseURL parameter for self-hosted GitLab
Add necessary require.
Add block for GitLab auth.
Fix typo
Update font-awesome dependency for GitLab icon.
Use a color closer to GitLab orange.
More direct TODO
2016-05-11 21:02:53 -04:00
Jason Croft
17daf32239 Remove skeleton functions 2016-05-11 17:04:55 -04:00
Jason Croft
521f96fb11 Skeletons for GitLab actions. 2016-05-09 17:07:23 -04:00
Jason Croft
079822dfec Start extending to support GitLab authentication.
Add necessary dependency.
Add baseURL parameter for self-hosted GitLab
Add necessary require.
Add block for GitLab auth.
Fix typo
Update font-awesome dependency for GitLab icon.
Use a color closer to GitLab orange.
More direct TODO
2016-05-09 16:27:35 -04:00
Jannik Lorenz
404e44649f
Fix error page (missing googleDrive config) 2016-04-23 14:15:24 +02:00
Jannik Lorenz
d7648e9cea
Hide Dropbox and Google Drive in Import/ Export when disabled 2016-04-23 12:58:24 +02:00
Cheng-Han, Wu
49b51e478f Refactor server with Sequelize ORM, refactor server configs, now will show note status (created or updated) and support docs (note alias) 2016-04-20 18:03:55 +08:00
Cheng-Han, Wu
b6ca50072e Updated to add headers to prevent search engine crawl some unnecessary paths 2016-03-15 10:54:21 +08:00
Cheng-Han, Wu
845ef9bad6 Support export to and import from Google Drive 2016-03-04 23:17:35 +08:00
Cheng-Han, Wu
c183002c14 Fixed note title might get wrong 2016-03-04 23:12:03 +08:00
Cheng-Han, Wu
b2b1be3dda Support set url path and use relative url, move raphael to bower and fixed minor issue in history 2016-02-16 20:08:44 -08:00
Cheng-Han, Wu
3f2f063e9b Fixed export gist title might null and fake referer that redirect to gist html_url 2016-02-16 19:54:29 -08:00
Cheng-Han, Wu
4c4a0e0f3f Fixed prevent XSS might break lots of tags and only need after rendered 2016-02-11 03:45:13 -06:00
Cheng-Han, Wu
6700f033ab Prevent XSS in markdown rendering 2016-02-11 02:36:52 -06:00
Cheng-Han, Wu
1fb42bd276 Updated to allow CORS in download as API 2016-02-01 00:41:28 -06:00
Cheng-Han, Wu
ff2fc76491 Supported export to gist 2016-01-31 15:42:26 -06:00
Cheng-Han, Wu
16dcd27b78 Fixed potential bug in realtime startConnection and bugs in note findOrNewNote, response showNote 2016-01-20 23:20:50 -06:00
Wu Cheng-Han
49c7dded45 Added private permission and clean up codes, solved potential race condition in realtime.js 2016-01-17 09:51:27 -06:00
Wu Cheng-Han
2ecec3b59a Support show last change user with profile and support YAML config inside the note with robots, lang, dir, breaks options 2016-01-12 08:01:42 -06:00
Wu Cheng-Han
f5010af4f1 Added 404 and 403 status on routes 2015-12-30 00:33:36 -05:00
Wu Cheng-Han
031c96c72d Updated slide mode 2015-12-18 09:40:52 -06:00
Wu Cheng-Han
b070de8fa9 Updated and merge reveal.js to use bower 2015-11-29 01:04:20 -06:00
xnum
f51b7370f0 Add Slide Mode
using reveal.js
and some part of reveal-md
2015-11-23 20:38:26 +08:00
Wu Cheng-Han
75ae505a15 Updated response.js, the render url now using config getserverurl() 2015-11-17 01:19:01 +08:00
Ikumi Shimizu
7fc7325f87 fixed a bug in response.js:useCdn 2015-09-23 10:25:42 +09:00
Wu Cheng-Han
b6c758f2fc Added server option "useCdn", use template statement to route resources' source 2015-09-22 12:06:13 +08:00
Wu Cheng-Han
04eef71b11 Change note action "share" to "publish" to avoid misleading 2015-07-06 13:51:55 +08:00
Wu Cheng-Han
10c9811fc5 Jump to 0.3.1 2015-07-02 00:10:20 +08:00
Wu Cheng-Han
4e64583a0b Marked as 0.2.8 2015-05-15 12:58:13 +08:00
Wu Cheng-Han
4b0ca55eb7 First commit, version 0.2.7 2015-05-04 15:53:29 +08:00