Commit graph

198 commits

Author SHA1 Message Date
Shane Kilkelly
a06f4b6b28 Remove remaining traces of UserStub 2017-09-19 16:16:39 +01:00
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
2e6c578dd7 add ol-style.css to fingerprint list 2017-09-05 10:54:26 +01:00
James Allen
d5839437fd Add in UserStub model and support in collaborators view 2017-08-24 17:48:47 +02:00
Paulo Reis
4849c705de Optionally ask the translate local method to HTML encode; use it in the problematic tooltip. 2017-07-28 17:31:28 +01:00
Brian Gough
0ae93db08b use ApiErrorHandler on public api 2017-07-05 15:06:23 +01:00
Brian Gough
bd83d94f64 rename apiRouter -> privateApiRouter in Modules 2017-07-05 14:41:14 +01:00
Brian Gough
29b40ad824 add public api router 2017-07-05 14:32:55 +01:00
Brian Gough
3e8ad69f3c make loading of module routes more robust 2017-07-05 11:46:29 +01:00
Brian Gough
b2f676af5a avoid duplicate routes for /status 2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886 use settings instead of ENV for web/api split 2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120 support separate processes for web and api
via an environment variable WEB_TYPE
2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6 use a separate error handler for api router errors 2017-05-19 16:36:29 +01:00
Shane Kilkelly
60d3e4a97b If external auth system is in use, skip sudo-mode checks 2017-05-15 15:46:24 +01:00
James Allen
3bfd92dd9c Rename lock to avoid potential conflict with doc updater 2017-05-11 15:27:01 +01:00
James Allen
8449b0417c Move all redis end points to be cluster compatible 2017-05-04 15:22:54 +01:00
Shane Kilkelly
a9b8b864df Move content-disposition setting into a method on res 2017-04-12 16:00:02 +01:00
Shane Kilkelly
bb65da88fe Merge branch 'master' into node-6.9 2017-04-05 10:15:51 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776 wip: use new metrics.timeAsyncMethod 2017-03-16 10:59:18 +00:00
Brian Gough
6f392f2270 upgrade pdfjs to 1.7.225 2017-03-02 09:31:23 +00:00
Shane Kilkelly
621a07aff2 Merge branch 'master' into node-6.9 2017-02-14 11:01:14 +00:00
Shane Kilkelly
4e9426e6bf Merge branch 'master' into sk-pug 2017-01-30 14:36:10 +00:00
Shane Kilkelly
239164fe26 Merge branch 'master' into sk-rate-limit-cluster 2017-01-25 09:56:08 +00:00
Henry Oswald
13d21b881f use new annoncments feature for case study info 2017-01-24 16:03:05 +00:00
Henry Oswald
2341a8481a Merge branch 'master' into ho-promote-case-study 2017-01-24 14:49:35 +00:00
Shane Kilkelly
57cd54bf55 WIP: migrate from jade to pug 2017-01-20 12:03:02 +00:00
Shane Kilkelly
635b935acc Add an acceptance test for login rate limits, cleanup 2017-01-16 11:46:59 +00:00
Shane Kilkelly
25956d4c62 Fix up tests 2017-01-13 16:04:26 +00:00
Shane Kilkelly
525e871d55 Merge branch 'master' into sk-rate-limit-cluster 2017-01-13 14:17:18 +00:00
Shane Kilkelly
5c25d15a18 WIP: try switch to rolling rate limiter 2017-01-12 09:25:18 +00:00
Shane Kilkelly
731f280e2e Move auth parts of top menu out of config and into web templates.
Move the remaining configuration into a new config var: `nav.header_extras`.
Add a `nav.showSubscriptionLink` var to control visibility of subscription link
in the Account menu.

This will allow admins to more easily configure extra links in the top
navigation bar, without the danger of overwriting the important auth menus.
2017-01-11 10:27:38 +00:00
Shane Kilkelly
7bbbfe20b9 If external auth is used, remove /register items from header nav.
(logic moved from docker-image settings file)
2016-12-21 13:50:13 +00:00
Shane Kilkelly
64f69069b2 Experimental: upgrade to node 6.9.2 (latest LTS release) 2016-12-21 10:23:42 +00:00
Shane Kilkelly
822f76a883 Add unit tests for RedisWrapper 2016-12-19 15:12:22 +00:00
Shane Kilkelly
03b541fb64 Fix small mistakes 2016-12-19 14:10:27 +00:00
Shane Kilkelly
9f787943b6 Remove stray redis imports. 2016-12-19 12:17:23 +00:00
Shane Kilkelly
ef0a5801d5 Create a RedisWrapper, and use it for rate limiting. 2016-12-19 12:17:02 +00:00
Shane Kilkelly
d38890e9f4 Add the rolling option to session 2016-11-30 09:41:58 +00:00
Henry Oswald
6e9458e9e1 wip 2016-11-29 14:38:25 +00:00
Brian Gough
277894631a try out new pdfjs font fix
https://github.com/mozilla/pdf.js/pull/7705
2016-11-16 14:50:09 +00:00
Shane Kilkelly
6c381b127c Count saml as an external authentication system. 2016-11-14 13:33:48 +00:00
Shane Kilkelly
2cf2199964 WIP: enable non-csrf routes from modules 2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Brian Gough
baf09e4f3a avoid exception in LoggerSerializers 2016-10-25 15:50:05 +01:00
Brian Gough
3519fbe337 add worker-latex.js to fingerprints 2016-10-25 14:18:37 +01:00
Brian Gough
27a8dc1dfd upgrade pdfjs to 1.6.210p1 2016-10-13 16:10:01 +01:00
Brian Gough
8c7d712738 update live version of ace to 1.2.5 2016-10-06 14:20:23 +01:00