Commit graph

543 commits

Author SHA1 Message Date
David Mehren
f0b1d85ae9
Fix typo in Author model
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:27 +01:00
David Mehren
f6eec0ce90
Convert first files to TypeScript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:23 +01:00
David Mehren
63095e6c78
Move app.js to lib
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:07:07 +01:00
Sheogorath
651db60985
Update CDN defaults
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]

There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]

Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.

[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 21:59:17 +01:00
ike
197223dc81 Add Google oauth variable: hostedDomain
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3

Signed-off-by: ike <developer@ikewat.com>
2020-02-08 15:57:22 +08:00
Sheogorath
b3d4cdbceb
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-01 12:53:15 +01:00
Sheogorath
33150b79c7
Merge pull request #218 from hoijui/linkifyHeaderStyle
Linkify header style
2019-12-03 14:40:00 +01:00
Ralph Krimmel
9534cdafbf Making the linter happy by removing superfluous ;
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-28 14:00:34 +01:00
Ralph Krimmel
3fb3ca54e9 Removing returnTo setting from referer in all other authentication sources
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-28 12:25:59 +01:00
Ralph Krimmel
e0a8872742 Moving the storage of referrer information to main authorization check instead of doing it in the authentication source
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-28 10:59:59 +01:00
Ralph Krimmel
3e8cf5778f Fixing linting problems
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-27 15:17:00 +01:00
foobarable
1881775379 Fixing redirection after SAML login
Saving referer into session in SAML auth so passport can redirect correctly after SAML login.

Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
2019-11-27 15:08:30 +01:00
Sheogorath
689f5a0a95
Merge pull request #213 from davidmehren/refactor_backend_notes
First steps in refactoring the backend code
2019-11-20 20:07:35 +01:00
hoijui
e1ff73877b allow to define header link generation style via environment var
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:38 +01:00
hoijui
cfa2ec38c5 document linkifyHeaderStyle in default.js
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:17 +01:00
Girish Ramakrishnan
c034ee5571 Fix crash in lutim integration
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
2019-10-29 20:23:13 -07:00
David Mehren
b5ccceff59
Inline renderPublishSlide
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:50:24 +01:00
David Mehren
3c39d07723
Inline responseCodiMD
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:29:10 +01:00
David Mehren
ca9e6e49c9
Inline publish and slide
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:27:48 +01:00
David Mehren
25a540ebbc
Inline renderPublish
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:26:50 +01:00
David Mehren
2bc4233ba8
Move showPublishNote and publishNoteActions to note controller
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:23:38 +01:00
David Mehren
dee62ce571
Move showNote to note controller
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:23:38 +01:00
David Mehren
181d5646cf
Move note actions into their own file
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 15:23:31 +01:00
David Mehren
30487f7c01
Rename actions.js to controller.js and rename functions to be more descriptive
Move postNote to NoteController and rename to createFromPost

Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 14:40:36 +01:00
David Mehren
afb317b551
Move slide actions to own file
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 14:27:15 +01:00
David Mehren
9d938c334a
Fix errors constant in note/actions.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 14:19:46 +01:00
David Mehren
f78540c3fb
Move note actions to their own file.
Because of circular import problems, this commit also moves the error messages from response.js to errors.js

Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-27 13:51:53 +01:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:05:37 +02:00
Sheogorath
7e5bb8a24b
Fix broken error template due to missing opengraph
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:

```
ReferenceError: /codimd/public/views/error.ejs:5
    3|
    4| <head>
 >> 5|     <%- include codimd/head %>
    6|     <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
    7| </head>
    8|
/codimd/public/views/codimd/head.ejs:7
    5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
    6| <meta name="mobile-web-app-capable" content="yes">
 >> 7| <% for (var og in opengraph) { %>
    8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
    9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
    10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
    at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
    at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
    at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
    at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
    at View.render (/codimd/node_modules/express/lib/view.js:135:8)
    at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
    at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
    at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
    at responseError (/codimd/lib/response.js:57:20)
    at Object.errorNotFound (/codimd/lib/response.js:30:5)
    at newNote (/codimd/lib/response.js:134:76)
    at /codimd/lib/response.js:172:16
    at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
    at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
    at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
    at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
    at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)

```

The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-11 17:03:09 +02:00
Sheogorath
cd34a8c702
Merge pull request #191 from ErikMichelson/feature/ogmetadata
Add customizable opengraph metadata for notes (see #40)
2019-10-10 14:55:34 +02:00
Erik Michelson
2881f8211a
Added customizable og-metadata to notes
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-10-04 19:49:45 +02:00
Amolith
71e900e9e8
remove unused variable to pass ci testing - #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 09:24:46 -04:00
Amolith
e6eab33e2d
remove legacy code to solve #58
Signed-off-by: Amolith <amolith@nixnet.xyz>
2019-10-03 08:39:51 -04:00
Sheogorath
e313b47b92
Merge pull request #170 from ErikMichelson/post-note-url
Added endpoint for note-creation with given alias
2019-09-26 12:20:57 +02:00
Erik Michelson
9e1cc2159f
Updated forbiddenNoteIDs
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-18 22:54:08 +02:00
Erik Michelson
6e5e6696ad
Refactored note-creation with given noteId
Known bugs/features:
 - pushing towards an existing note results in an error 500

Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 20:25:32 +02:00
Erik Michelson
8d29d74b02 Added endpoint for note-creation with given alias
Signed-off-by: Erik Michelson <erik@liltv.de>
2019-09-04 12:28:44 +02:00
Sheogorath
529075fd67
Merge pull request #168 from dargmuesli/fix/docker-secret-buffer
Config: Return String Instead Of Buffer For Docker Secrets
2019-09-03 18:11:47 +02:00
Jonas Thelemann
0be784351d
Docker Secrets: Use Encoding Parameter Directly
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 17:58:58 +02:00
Jonas Thelemann
3d9c97fc65
Config: Return String Instead Of Buffer For Docker Secrets
Prevents "TypeError: Cannot freeze array buffer views with elements".

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-03 00:28:44 +02:00
Jonas Thelemann
326b38dff9
Docker Secrets: Correct Source Path
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-09-02 18:45:16 +02:00
Sheogorath
2e627099d8
Merge pull request #32 from codimd/aws-endpoints
make aws s3 endpoint configurable
2019-09-02 18:50:29 +03:00
Matthias Lindinger
fe2c8634d3 Add link to imprint
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
2019-08-26 14:57:44 +02:00
Sheogorath
c178947402
Disable PDF export due to security issue
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.

I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:54 +02:00
Sheogorath
c07ae7eda1
Fix variable names for docker secrets
It seems like since we switched to camelcase we missed to update some
variable names in the config section. This patch fixes those.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:53 +02:00
chandi
6280e92d10 fix: migration should return promise
Signed-off-by: chandi <git@chandi.it>
2019-08-12 14:13:34 +02:00
Sheogorath
1bfed17f8c
Merge pull request #104 from SISheogorath/feature/dnt
Respect DNT header
2019-07-20 12:50:13 +02:00
Sheogorath
2f6e81e4db
Merge pull request #128 from dargmuesli/docker-secrets
DB URL: Secret File Support
2019-07-20 12:49:19 +02:00
Jonas Thelemann
cc78dd0428
Docker Secrets: Add DB URL Support
As the connection string may include a password it should be supported by Docker Secrets.

Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2019-07-01 19:43:42 +02:00
Sheogorath
118314d8dd
Merge pull request #119 from lhw/patch-1
Add SVG image detection based on file extension
2019-07-01 19:03:18 +02:00