Commit graph

183 commits

Author SHA1 Message Date
Erik Michelson
bf740ad910 fix(a11y): hide duplicated link text from screen readers
Because screen readers don't know that the anchor icon is not meant to be read,
they might read the title (which is the same as the heading itself) in addition
to the heading, thus causing a duplicated output.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-23 17:44:14 +02:00
Erik Michelson
858d7bf5d1 feat: option to disable note creation
The abuse of the demo instance required us to disallow note creation

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2024-07-21 11:03:35 +02:00
Erik Michelson
c85b11463d fix(minio): metadata as object not string
A change in the minio JS SDK resulted in uploads being stored
with a defect metadata object in minio, resulting in all
files served as application/octet-stream. This was caused as
the fifth argument to putObject is a metadata object and not
the content-type alone anymore.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-06-20 21:58:17 +02:00
Erik Michelson
307a634157 fix(router): do not create sessions for /_health
When the /_health endpoint for the docker container
healthcheck was introduced, it seems that it was
forgotten to exclude that route from the session
creation. As the healthcheck runs quite periodically,
this created a huge amount of session entries in the
database. This commit excludes the route from
session creation.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-02-10 15:52:08 +01:00
Erik Michelson
538f41cf1c fix(opengraph): treat user frontmatter values as String
A bug was reported that having frontmatter fields being only numeric results in an error. This seems to be caused
as the frontmatter is processed by the yaml-parser but returned
with the types as given. So a numeric value is returned as a number,
a "true" or "false" is returned as boolean etc.
As we expect strings in the template, that resulted in an exception.

This commit fixes this by treating every value as string in the template.
Since we've got no other usages of opengraph data, this should not have been
a security problem.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-01-17 17:10:06 +01:00
Jordi Mallach
91acb9063b Add a reference to Mermaid 9.1.7 documentation
HedgeDoc 1.9.x bundles Mermaid version 9.1.7, which
is old enough that current Mermaid syntax will fail to
render inside HedgeDoc notes.

Add a pointer to Mermaid 9.1.7 docs, so users of the
current stable HedgeDoc know what's actually supported.

https://github.com/mermaid-js/mermaid/blob/v9.1.7/docs/n00b-gettingStarted.md

Signed-off-by: Jordi Mallach <jordi@igalia.com>
2023-11-12 20:47:40 +01:00
David Mehren
de066ed6d9 Import translations from POEditor
Signed-off-by: David Mehren <git@herrmehren.de>
2023-07-30 20:07:27 +02:00
David Mehren
1da964a2f6 Add release notes for 1.9.9
Signed-off-by: David Mehren <git@herrmehren.de>
2023-07-30 20:07:27 +02:00
David Mehren
57c2865224 Bump version to 1.9.8
Signed-off-by: David Mehren <git@herrmehren.de>
2023-06-04 21:35:20 +02:00
David Mehren
689ca2018d Import translations from POEditor
Signed-off-by: David Mehren <git@herrmehren.de>
2023-06-04 21:35:20 +02:00
Erik Michelson
143864b8d9 enhancement(metrics): allow disabling via config option
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-06-04 21:03:46 +02:00
Tilman Vatteroth
a349ddde56 doc: add note about arm64 to the release notes
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-04 20:51:34 +02:00
David Mehren
bbee1aa278 fix: macOS compatibility for bin/setup
After carefully studying the man pages of GNU sort and BSD sort,
we concluded that the version_lt function should also work on macOS.

Testing seemed to confirm that.

Signed-off-by: David Mehren <git@herrmehren.de>
2023-06-04 20:38:57 +02:00
David Mehren
3d9607e83a Add release notes for Yarn 3
Signed-off-by: David Mehren <git@herrmehren.de>
2023-06-03 12:09:40 +02:00
David Mehren
1a9cea0ec1 Update release notes for more supported node versions
Signed-off-by: David Mehren <git@herrmehren.de>
2023-05-29 11:23:21 +02:00
David Mehren
b1928b77b4 fix(webpack): give reveal.js's marked.js a 'exports' variable
I really don't know why this breaks only in a production build, but this
 evil
 hack makes the script work again.

 Closes https://github.com/hedgedoc/hedgedoc/issues/3862

Signed-off-by: David Mehren <git@herrmehren.de>
2023-05-28 19:16:32 +02:00
Julian Rother
2eb4c8e05f Fix premature note cleanup on error
Connection forbidden errors cause cleanup of note state without first
checking if other clients are still connected to the note. This leads
to inconsistent pad content and changes not being saved properly.

This change reverts parts of 725e982 (Fix realtime on forbidden not clean
up properly ...). The call to `interruptConnection()` on permission errors
is redundant, since `failConnection()` and `disconnect()` already perform
all required cleanup in this case. The other call to `interruptConnection()`
only happens when a client (the first client for a note) disconnects while
the note is being loaded from the database. It is refactored for clarity.

Fixes #3894

Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Julian Rother <julian@jrother.eu>
2023-05-28 16:10:51 +02:00
Tilman Vatteroth
cd83499bc0 chore: drop support for node 14
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-14 21:12:48 +02:00
Erik Michelson
9949e3a875 feat(healthcheck): add /_health endpoint
This endpoint returns the internal readiness state used by
the realtime code to indicate whether HedgeDoc is performing
properly. As it only returns the state of a variable, it is
less resource hungry compared to a call to /status for
checking the health of HedgeDoc.

By prepending the route with an underscore, it should not be conflicting with already created pads in FreeURL mode.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-19 22:09:16 +01:00
Jordi Mallach
9bda8f2180 Allow setting documentMaxLength via CMD_DOCUMENT_MAX_LENGTH
Signed-off-by: Jordi Mallach <jordi@igalia.com>
2023-03-09 10:20:42 +01:00
Tilman Vatteroth
e2b84e134a fix: extend parsing of boolean environment vars
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-02 21:12:27 +01:00
David Mehren
d4f19e4e38
Bump version to 1.9.7
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 21:46:50 +01:00
David Mehren
f02702149e
Import translations from POEditor
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 21:46:50 +01:00
Erik Michelson
057777f31f fix(night-mode): migrate cookie solution to store only
Signed-off-by: Erik Michelson <michelson@uni-bremen.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-02-19 21:40:01 +01:00
Stéphane Maniaci
488e5f8a0a Revert "config: Add a flag to control the /metrics and /status endpoints"
This reverts commit d10ead4c6c.

Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
2023-02-05 20:39:13 +01:00
Stéphane Maniaci
d10ead4c6c config: Add a flag to control the /metrics and /status endpoints
It can be a security concern in some environments to expose system
capabilities even though they don't expose any PII. Add some
flags (defaulted `true` to maintain existing behaviour) to control
whether the /metrics and /status (and anything in the StatusRouter)
are exposed.

Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
2023-01-31 10:26:41 +01:00
Erik Michelson
9229fb2d90 chore(changelog): add bugfix entry in changelog
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-11-27 20:51:37 +01:00
David Mehren
6bad318c35 Bump version to 1.9.6
Signed-off-by: David Mehren <git@herrmehren.de>
2022-11-06 23:10:59 +01:00
David Mehren
5f988de6a2 docs: update release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2022-11-06 22:24:48 +01:00
Philip Molares
912bea3e23 docs: add changelog entry about migration fix
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-06 22:24:48 +01:00
David Mehren
bed9835d36 Add contributors and update AUTHORS
Signed-off-by: David Mehren <git@herrmehren.de>
2022-10-30 22:15:16 +01:00
David Mehren
50cac714ce Bump version and update release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2022-10-30 22:15:16 +01:00
David Mehren
e2b0117c3e Fix missing syntax highlighting in the markdown editor
In e17cc644 the Webpack build process for CodeMirror was changed.
For unknown reasons, not all plugins and modes were added.
This adds all plugins currently enabled in
https://github
.com/hedgedoc/CodeMirror/blob/951b3d94bb5ad9ac7b44642adbe595e843390506/release.sh

Signed-off-by: David Mehren <git@herrmehren.de>
2022-10-16 21:05:34 +02:00
David Mehren
3aeb2a619b Pass through breaks option to published note
The markdown for the publish-view is generated
using the `Note.extractMeta` method.
It uses meta-marked to separate the metadata from markdown.
Only the raw markdown is then sent to the client,
so it cannot respect the `breaks` option.

This adds an evil hack to send the `breaks` option with the markdown
if it is contained in the metadata block.

Fixes https://github.com/hedgedoc/hedgedoc/issues/2358

Signed-off-by: David Mehren <git@herrmehren.de>
2022-10-03 20:18:16 +02:00
Tilman Vatteroth
68466f6f09 fix: Change data type of history attribute in user table to long text
When using mysql the normal text attribute has a fixed size. When this size is reached then the json will be cut off and becomes invalid.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-09-25 11:09:23 +02:00
Pol Dellaiera
99bab9c309 Update public/docs/yaml-metadata.md
Co-authored-by: Yannick Bungers <github@innay.de>
Signed-off-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
2022-09-05 10:11:48 +02:00
Pol Dellaiera
8c56c8d733 Update documentation based on code-review feedback.
Signed-off-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
2022-09-05 10:11:48 +02:00
Pol Dellaiera
1b58871c06 Update yaml-metadata.md.
Update `slideOptions` documentation and links.

Signed-off-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
2022-09-05 10:11:48 +02:00
Pol Dellaiera
9d93a95d32 docs: Improve consistency in MathJax examples.
Signed-off-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
2022-09-04 21:09:01 +02:00
Tilman Vatteroth
164fe21d18 Replace embedding shortcode regexes with more specific ones to safeguard against xss attacks
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-08-26 18:59:06 +02:00
David Mehren
9ab8bf3cac Fix crash in LDAP authentication
Since https://github.com/vesse/node-ldapauth-fork/commit
/741a648df98d789856b3301d65103b74872fdeea, ldapauth-fork calls `push` on
 the attributes array.

 Since we deep-freeze our config object in https://github
 .com/hedgedoc/hedgedoc/blob/master/lib/config/index.js#L200, this
 causes a crash.

 This commit fixes the crash by creating a mutable clone of the LDAP
 config and passing that to the LDAP strategy.

 Fixes https://github.com/hedgedoc/hedgedoc/issues/2561

Signed-off-by: David Mehren <git@herrmehren.de>
2022-08-22 09:01:04 +02:00
David Mehren
58f321ce29 Add dark mode toggle in mobile view
Fixes #2534

Signed-off-by: David Mehren <git@herrmehren.de>
2022-08-22 08:52:49 +02:00
David Mehren
d1f2a028b4
1.9.4 release notes
Signed-off-by: David Mehren <git@herrmehren.de>
2022-07-10 22:02:17 +02:00
Sheogorath
dd539273fb fix(migrations): Remove unexpected shell call
This patch removes the call of `/usr/bin/env` when calling the migration
script in favour of using the processes own nodejs invocation path.

This should drop the requirement for `/usr/bin/env` to exist on a
system/in a container that runs hedgedoc.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2022-05-17 14:04:02 +02:00
David Mehren
e222225866 Drop support for Node.js 12
Signed-off-by: David Mehren <git@herrmehren.de>
2022-05-01 21:03:19 +02:00
David Mehren
680e6917af
Add warning about MariaDB charset changes to changelog
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-10 21:49:35 +02:00
David Mehren
5154598557
Update changelog for 1.9.3
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-10 21:49:23 +02:00
Erik Michelson
0093aa4783 Fix GitLab snippet export
The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-04-10 21:24:30 +02:00
David Mehren
e0021036ae
Fix missing inline authorship colors
The hex2rgb function seems to previously have been available globally.
It probably got lost in the great Webpack refactoring and nobody noticed
 that.

 This copies the function into its own file (to make importing it easy)
 and adds an import in index.js.

 Fixes https://github.com/hedgedoc/hedgedoc/issues/2248

Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-08 12:13:37 +02:00
Tilman Vatteroth
61e092e8af Force change of aria-hidden when modal shows or hides
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-04-03 22:52:53 +02:00