Commit graph

255 commits

Author SHA1 Message Date
Shane Kilkelly
035e0c1213 Add autoIndex: false option to mongoose connections.
This prevents mongoose from auto-creating missing indexes on boot.
2017-11-22 13:37:57 +00:00
James Allen
5bb06915cc Rename setting and use Features.hasFeatures 2017-11-22 10:45:31 +00:00
James Allen
7440d8da58 Change to an 'enableGithubSync' setting 2017-11-22 10:44:57 +00:00
James Allen
4f905af078 Add feature flag for github sync 2017-11-20 11:48:06 +00:00
James Allen
a97c3ba580 Add missed Features.coffee 2017-11-20 11:43:02 +00:00
James Allen
745ae8d081 Add in Features module to handle feature flags, and use it to cleanly turn off registration 2017-11-20 10:47:32 +00:00
Shane Kilkelly
9a7c8c5842 Revert "Remove remaining traces of UserStub"
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Shane Kilkelly
a06f4b6b28 Remove remaining traces of UserStub 2017-09-19 16:16:39 +01:00
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
2e6c578dd7 add ol-style.css to fingerprint list 2017-09-05 10:54:26 +01:00
James Allen
d5839437fd Add in UserStub model and support in collaborators view 2017-08-24 17:48:47 +02:00
Paulo Reis
4849c705de Optionally ask the translate local method to HTML encode; use it in the problematic tooltip. 2017-07-28 17:31:28 +01:00
Brian Gough
0ae93db08b use ApiErrorHandler on public api 2017-07-05 15:06:23 +01:00
Brian Gough
bd83d94f64 rename apiRouter -> privateApiRouter in Modules 2017-07-05 14:41:14 +01:00
Brian Gough
29b40ad824 add public api router 2017-07-05 14:32:55 +01:00
Brian Gough
3e8ad69f3c make loading of module routes more robust 2017-07-05 11:46:29 +01:00
Brian Gough
b2f676af5a avoid duplicate routes for /status 2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886 use settings instead of ENV for web/api split 2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120 support separate processes for web and api
via an environment variable WEB_TYPE
2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6 use a separate error handler for api router errors 2017-05-19 16:36:29 +01:00
Shane Kilkelly
60d3e4a97b If external auth system is in use, skip sudo-mode checks 2017-05-15 15:46:24 +01:00
James Allen
3bfd92dd9c Rename lock to avoid potential conflict with doc updater 2017-05-11 15:27:01 +01:00
James Allen
8449b0417c Move all redis end points to be cluster compatible 2017-05-04 15:22:54 +01:00
Shane Kilkelly
a9b8b864df Move content-disposition setting into a method on res 2017-04-12 16:00:02 +01:00
Shane Kilkelly
bb65da88fe Merge branch 'master' into node-6.9 2017-04-05 10:15:51 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776 wip: use new metrics.timeAsyncMethod 2017-03-16 10:59:18 +00:00
Brian Gough
6f392f2270 upgrade pdfjs to 1.7.225 2017-03-02 09:31:23 +00:00
Shane Kilkelly
621a07aff2 Merge branch 'master' into node-6.9 2017-02-14 11:01:14 +00:00
Shane Kilkelly
4e9426e6bf Merge branch 'master' into sk-pug 2017-01-30 14:36:10 +00:00
Shane Kilkelly
239164fe26 Merge branch 'master' into sk-rate-limit-cluster 2017-01-25 09:56:08 +00:00
Henry Oswald
13d21b881f use new annoncments feature for case study info 2017-01-24 16:03:05 +00:00
Henry Oswald
2341a8481a Merge branch 'master' into ho-promote-case-study 2017-01-24 14:49:35 +00:00
Shane Kilkelly
57cd54bf55 WIP: migrate from jade to pug 2017-01-20 12:03:02 +00:00
Shane Kilkelly
635b935acc Add an acceptance test for login rate limits, cleanup 2017-01-16 11:46:59 +00:00
Shane Kilkelly
25956d4c62 Fix up tests 2017-01-13 16:04:26 +00:00
Shane Kilkelly
525e871d55 Merge branch 'master' into sk-rate-limit-cluster 2017-01-13 14:17:18 +00:00
Shane Kilkelly
5c25d15a18 WIP: try switch to rolling rate limiter 2017-01-12 09:25:18 +00:00
Shane Kilkelly
731f280e2e Move auth parts of top menu out of config and into web templates.
Move the remaining configuration into a new config var: `nav.header_extras`.
Add a `nav.showSubscriptionLink` var to control visibility of subscription link
in the Account menu.

This will allow admins to more easily configure extra links in the top
navigation bar, without the danger of overwriting the important auth menus.
2017-01-11 10:27:38 +00:00
Shane Kilkelly
7bbbfe20b9 If external auth is used, remove /register items from header nav.
(logic moved from docker-image settings file)
2016-12-21 13:50:13 +00:00
Shane Kilkelly
64f69069b2 Experimental: upgrade to node 6.9.2 (latest LTS release) 2016-12-21 10:23:42 +00:00
Shane Kilkelly
822f76a883 Add unit tests for RedisWrapper 2016-12-19 15:12:22 +00:00
Shane Kilkelly
03b541fb64 Fix small mistakes 2016-12-19 14:10:27 +00:00
Shane Kilkelly
9f787943b6 Remove stray redis imports. 2016-12-19 12:17:23 +00:00
Shane Kilkelly
ef0a5801d5 Create a RedisWrapper, and use it for rate limiting. 2016-12-19 12:17:02 +00:00
Shane Kilkelly
d38890e9f4 Add the rolling option to session 2016-11-30 09:41:58 +00:00
Henry Oswald
6e9458e9e1 wip 2016-11-29 14:38:25 +00:00
Brian Gough
277894631a try out new pdfjs font fix
https://github.com/mozilla/pdf.js/pull/7705
2016-11-16 14:50:09 +00:00
Shane Kilkelly
6c381b127c Count saml as an external authentication system. 2016-11-14 13:33:48 +00:00
Shane Kilkelly
2cf2199964 WIP: enable non-csrf routes from modules 2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Brian Gough
baf09e4f3a avoid exception in LoggerSerializers 2016-10-25 15:50:05 +01:00
Brian Gough
3519fbe337 add worker-latex.js to fingerprints 2016-10-25 14:18:37 +01:00
Brian Gough
27a8dc1dfd upgrade pdfjs to 1.6.210p1 2016-10-13 16:10:01 +01:00
Brian Gough
8c7d712738 update live version of ace to 1.2.5 2016-10-06 14:20:23 +01:00
Brian Gough
837151a395 include moment in package versions 2016-10-05 14:54:42 +01:00
Brian Gough
8b6425317f introduce PackageVersions module
put all package versions in one central place
2016-10-05 14:54:42 +01:00
Henry Oswald
4f3b57ceeb cleaned up comments 2016-09-27 16:23:40 +01:00
Henry Oswald
a00cb707cc fingerprints are grouped into lists with this change
fingerprints are shared when require.js pulls in other resources.
this change means changes to either ace.js or mode-latex.js will
result in different fingerprints for those files.
2016-09-27 16:21:04 +01:00
Shane Kilkelly
a0f156e1a9 wipe out more session access 2016-09-22 15:33:50 +01:00
Shane Kilkelly
ff1c72ee14 Fix up more session access 2016-09-22 14:30:34 +01:00
Shane Kilkelly
6df569253a Fix session touch 2016-09-22 13:48:09 +01:00
Shane Kilkelly
eca1dfa482 Remove dead code 2016-09-21 09:27:35 +01:00
Shane Kilkelly
4eada48638 Merge branch 'master' into sk-passport 2016-09-19 15:40:25 +01:00
Brian Gough
ebe3ba4fb8 Merge pull request #316 from sharelatex/pdfjs-font-patch
Pdfjs font patch
2016-09-19 11:24:50 +01:00
Brian Gough
64dc1784d3 switch to patched version of pdfjs 2016-09-19 11:15:27 +01:00
Shane Kilkelly
97a6ac0f00 Merge branch 'master' into sk-passport
# Conflicts:
#	app/coffee/Features/Authorization/AuthorizationMiddlewear.coffee
2016-09-15 14:48:51 +01:00
James Allen
c9a17982cf Add canonical url tag and don't include query string 2016-09-14 17:08:26 +01:00
Shane Kilkelly
9758dd77b3 kill whitespace 2016-09-07 08:58:57 +01:00
Shane Kilkelly
b0a10c948c wip refactor 2016-09-06 15:22:13 +01:00
Shane Kilkelly
eca4c46f7f WIP: refactor 2016-09-05 16:23:37 +01:00
Shane Kilkelly
ab2c1e82fb WIP: refactor 2016-09-05 15:58:31 +01:00
Shane Kilkelly
e6c7aa25ec barely functional login and logout 2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150 Basic passport integration 2016-09-02 16:17:37 +01:00
Henry Oswald
8c18153d5c Merge pull request #304 from sharelatex/ho-jade-speedup
Ho jade speedup
2016-08-30 12:47:08 +01:00
Henry Oswald
3f4e888af5 Merge pull request #305 from sharelatex/cdnfallback
don't use cdn if it can not be accessed
2016-08-24 09:45:14 +01:00
Henry Oswald
934e908697 just use plain req.ip for logging 2016-08-23 17:00:13 +01:00
Henry Oswald
d3ebdb64b2 precompile the jade partial views 2016-08-23 15:31:09 +01:00
Henry Oswald
50b3403983 use url.resolve to build url for freegeoip lookups 2016-08-19 15:39:58 +01:00
Henry Oswald
d8e7bacec4 added logging in 2016-08-19 11:53:40 +01:00
Henry Oswald
3d36dc7d6c mvp for not using cdn when blocked 2016-08-19 11:05:35 +01:00
Henry Oswald
f7a0860f0b Merge pull request #286 from sharelatex/ha-editor-close
fix close editor button
2016-07-22 13:49:26 +01:00
Henry Oswald
3029fb6335 add dark host option and don’t load pdfjs worker via cdn 2016-07-21 19:06:53 +01:00
Henry Oswald
6aca798a45 don’t use cdn on dark 2016-07-21 15:34:23 +01:00
Henry Oswald
ad60268707 clean up vars for buildjs path and change default to cdn.sharelatex.dev:3000 2016-07-21 09:38:24 +01:00
Henry Oswald
e27d5ce969 use Url for lib name 2016-07-20 16:10:33 +01:00
Henry Oswald
596fc2525b simplified buildJSPath 2016-07-20 14:48:58 +01:00
Henry Oswald
6c78ab4ace got requirejs working nicely with cdn 2016-07-20 12:58:32 +01:00
Henry Oswald
b589ab388f fix close editor button
- only evaulate close on web router, not api/static assets
- allow /admin pages to still be available
2016-07-19 17:15:20 +01:00
Henry Oswald
f8c38f30a8 got build js path working with mathjax 2016-07-19 15:41:33 +01:00
Henry Oswald
0cbd9d0ff9 use url.resolve to adding https:// part 2016-07-19 11:41:36 +01:00
Henry Oswald
a2a8b7123b created buildCssPath img and js path funcs 2016-07-18 17:18:51 +01:00
Henry Oswald
715ffcfbf2 changed ordering on static assets path, just tidying. 2016-07-18 16:24:48 +01:00
Henry Oswald
c21549220c mvp for cdn 2016-07-18 14:05:07 +01:00
Shane Kilkelly
9e35bdcaea Refactor: add ? suffix to truth tests. 2016-07-07 09:35:44 +01:00
Shane Kilkelly
d8ffa5b4b1 set expiry on the user sessions set. 2016-07-01 11:24:46 +01:00
Henry Oswald
b37595acf9 persist cookie in redis for compiles. 2016-04-19 16:48:51 +01:00
Henry Oswald
c777f498ad Merge branch 'groove2' 2016-03-22 11:58:04 +00:00