Commit graph

315 commits

Author SHA1 Message Date
Henry Oswald
716b309208 remove todo statments 2017-12-13 16:50:18 +00:00
Henry Oswald
88334959d7 added remove extension 2017-12-13 14:13:45 +00:00
Henry Oswald
65efbbce53 seems to work now. 2017-12-13 13:06:38 +00:00
Henry Oswald
80e6a660be wip, this does not work minified yet
for some reason lib.js is not being requested no, console errors or network errors
2017-12-12 17:21:01 +00:00
Paulo Reis
0652fc62a0 Configure resizer cursors for v2. 2017-12-11 15:33:00 +00:00
James Allen
158b0d56cf Merge branch 'master' into pr-style-v2-resizers 2017-12-04 10:01:45 +00:00
Shane Kilkelly
2ea3caf08b Properly version the fineuploader library 2017-12-01 11:22:41 +00:00
Paulo Reis
024741ac51 Correct chat resizer values. 2017-11-30 15:24:10 +00:00
Paulo Reis
71604ebd5c Create uiConfig Pug local; render it in the HTML. 2017-11-30 15:12:36 +00:00
Shane Kilkelly
10fc89c8cf Merge pull request #142 from sharelatex/sk-fix-token-indexes
use correct partial indexes on project token fields
2017-11-23 10:30:31 +00:00
Shane Kilkelly
035e0c1213 Add autoIndex: false option to mongoose connections.
This prevents mongoose from auto-creating missing indexes on boot.
2017-11-22 13:37:57 +00:00
James Allen
5bb06915cc Rename setting and use Features.hasFeatures 2017-11-22 10:45:31 +00:00
James Allen
7440d8da58 Change to an 'enableGithubSync' setting 2017-11-22 10:44:57 +00:00
James Allen
4f905af078 Add feature flag for github sync 2017-11-20 11:48:06 +00:00
James Allen
a97c3ba580 Add missed Features.coffee 2017-11-20 11:43:02 +00:00
James Allen
745ae8d081 Add in Features module to handle feature flags, and use it to cleanly turn off registration 2017-11-20 10:47:32 +00:00
Shane Kilkelly
9a7c8c5842 Revert "Remove remaining traces of UserStub"
This reverts commit ab6b4c32254a20b940c489b8b5b56237433cc0f6.
2017-10-12 15:08:48 +01:00
Shane Kilkelly
a06f4b6b28 Remove remaining traces of UserStub 2017-09-19 16:16:39 +01:00
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
2e6c578dd7 add ol-style.css to fingerprint list 2017-09-05 10:54:26 +01:00
James Allen
d5839437fd Add in UserStub model and support in collaborators view 2017-08-24 17:48:47 +02:00
Paulo Reis
4849c705de Optionally ask the translate local method to HTML encode; use it in the problematic tooltip. 2017-07-28 17:31:28 +01:00
Brian Gough
0ae93db08b use ApiErrorHandler on public api 2017-07-05 15:06:23 +01:00
Brian Gough
bd83d94f64 rename apiRouter -> privateApiRouter in Modules 2017-07-05 14:41:14 +01:00
Brian Gough
29b40ad824 add public api router 2017-07-05 14:32:55 +01:00
Brian Gough
3e8ad69f3c make loading of module routes more robust 2017-07-05 11:46:29 +01:00
Brian Gough
b2f676af5a avoid duplicate routes for /status 2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886 use settings instead of ENV for web/api split 2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120 support separate processes for web and api
via an environment variable WEB_TYPE
2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6 use a separate error handler for api router errors 2017-05-19 16:36:29 +01:00
Shane Kilkelly
60d3e4a97b If external auth system is in use, skip sudo-mode checks 2017-05-15 15:46:24 +01:00
James Allen
3bfd92dd9c Rename lock to avoid potential conflict with doc updater 2017-05-11 15:27:01 +01:00
James Allen
8449b0417c Move all redis end points to be cluster compatible 2017-05-04 15:22:54 +01:00
Shane Kilkelly
a9b8b864df Move content-disposition setting into a method on res 2017-04-12 16:00:02 +01:00
Shane Kilkelly
bb65da88fe Merge branch 'master' into node-6.9 2017-04-05 10:15:51 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776 wip: use new metrics.timeAsyncMethod 2017-03-16 10:59:18 +00:00
Brian Gough
6f392f2270 upgrade pdfjs to 1.7.225 2017-03-02 09:31:23 +00:00
Shane Kilkelly
621a07aff2 Merge branch 'master' into node-6.9 2017-02-14 11:01:14 +00:00
Shane Kilkelly
4e9426e6bf Merge branch 'master' into sk-pug 2017-01-30 14:36:10 +00:00
Shane Kilkelly
239164fe26 Merge branch 'master' into sk-rate-limit-cluster 2017-01-25 09:56:08 +00:00
Henry Oswald
13d21b881f use new annoncments feature for case study info 2017-01-24 16:03:05 +00:00
Henry Oswald
2341a8481a Merge branch 'master' into ho-promote-case-study 2017-01-24 14:49:35 +00:00
Shane Kilkelly
57cd54bf55 WIP: migrate from jade to pug 2017-01-20 12:03:02 +00:00
Shane Kilkelly
635b935acc Add an acceptance test for login rate limits, cleanup 2017-01-16 11:46:59 +00:00
Shane Kilkelly
25956d4c62 Fix up tests 2017-01-13 16:04:26 +00:00
Shane Kilkelly
525e871d55 Merge branch 'master' into sk-rate-limit-cluster 2017-01-13 14:17:18 +00:00
Shane Kilkelly
5c25d15a18 WIP: try switch to rolling rate limiter 2017-01-12 09:25:18 +00:00
Shane Kilkelly
731f280e2e Move auth parts of top menu out of config and into web templates.
Move the remaining configuration into a new config var: `nav.header_extras`.
Add a `nav.showSubscriptionLink` var to control visibility of subscription link
in the Account menu.

This will allow admins to more easily configure extra links in the top
navigation bar, without the danger of overwriting the important auth menus.
2017-01-11 10:27:38 +00:00
Shane Kilkelly
7bbbfe20b9 If external auth is used, remove /register items from header nav.
(logic moved from docker-image settings file)
2016-12-21 13:50:13 +00:00
Shane Kilkelly
64f69069b2 Experimental: upgrade to node 6.9.2 (latest LTS release) 2016-12-21 10:23:42 +00:00
Shane Kilkelly
822f76a883 Add unit tests for RedisWrapper 2016-12-19 15:12:22 +00:00
Shane Kilkelly
03b541fb64 Fix small mistakes 2016-12-19 14:10:27 +00:00
Shane Kilkelly
9f787943b6 Remove stray redis imports. 2016-12-19 12:17:23 +00:00
Shane Kilkelly
ef0a5801d5 Create a RedisWrapper, and use it for rate limiting. 2016-12-19 12:17:02 +00:00
Shane Kilkelly
d38890e9f4 Add the rolling option to session 2016-11-30 09:41:58 +00:00
Henry Oswald
6e9458e9e1 wip 2016-11-29 14:38:25 +00:00
Brian Gough
277894631a try out new pdfjs font fix
https://github.com/mozilla/pdf.js/pull/7705
2016-11-16 14:50:09 +00:00
Shane Kilkelly
6c381b127c Count saml as an external authentication system. 2016-11-14 13:33:48 +00:00
Shane Kilkelly
2cf2199964 WIP: enable non-csrf routes from modules 2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Brian Gough
baf09e4f3a avoid exception in LoggerSerializers 2016-10-25 15:50:05 +01:00
Brian Gough
3519fbe337 add worker-latex.js to fingerprints 2016-10-25 14:18:37 +01:00
Brian Gough
27a8dc1dfd upgrade pdfjs to 1.6.210p1 2016-10-13 16:10:01 +01:00
Brian Gough
8c7d712738 update live version of ace to 1.2.5 2016-10-06 14:20:23 +01:00
Brian Gough
837151a395 include moment in package versions 2016-10-05 14:54:42 +01:00
Brian Gough
8b6425317f introduce PackageVersions module
put all package versions in one central place
2016-10-05 14:54:42 +01:00
Henry Oswald
4f3b57ceeb cleaned up comments 2016-09-27 16:23:40 +01:00
Henry Oswald
a00cb707cc fingerprints are grouped into lists with this change
fingerprints are shared when require.js pulls in other resources.
this change means changes to either ace.js or mode-latex.js will
result in different fingerprints for those files.
2016-09-27 16:21:04 +01:00
Shane Kilkelly
a0f156e1a9 wipe out more session access 2016-09-22 15:33:50 +01:00
Shane Kilkelly
ff1c72ee14 Fix up more session access 2016-09-22 14:30:34 +01:00
Shane Kilkelly
6df569253a Fix session touch 2016-09-22 13:48:09 +01:00
Shane Kilkelly
eca1dfa482 Remove dead code 2016-09-21 09:27:35 +01:00
Shane Kilkelly
4eada48638 Merge branch 'master' into sk-passport 2016-09-19 15:40:25 +01:00
Brian Gough
ebe3ba4fb8 Merge pull request #316 from sharelatex/pdfjs-font-patch
Pdfjs font patch
2016-09-19 11:24:50 +01:00
Brian Gough
64dc1784d3 switch to patched version of pdfjs 2016-09-19 11:15:27 +01:00
Shane Kilkelly
97a6ac0f00 Merge branch 'master' into sk-passport
# Conflicts:
#	app/coffee/Features/Authorization/AuthorizationMiddlewear.coffee
2016-09-15 14:48:51 +01:00
James Allen
c9a17982cf Add canonical url tag and don't include query string 2016-09-14 17:08:26 +01:00
Shane Kilkelly
9758dd77b3 kill whitespace 2016-09-07 08:58:57 +01:00
Shane Kilkelly
b0a10c948c wip refactor 2016-09-06 15:22:13 +01:00
Shane Kilkelly
eca4c46f7f WIP: refactor 2016-09-05 16:23:37 +01:00
Shane Kilkelly
ab2c1e82fb WIP: refactor 2016-09-05 15:58:31 +01:00
Shane Kilkelly
e6c7aa25ec barely functional login and logout 2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150 Basic passport integration 2016-09-02 16:17:37 +01:00
Henry Oswald
8c18153d5c Merge pull request #304 from sharelatex/ho-jade-speedup
Ho jade speedup
2016-08-30 12:47:08 +01:00
Henry Oswald
3f4e888af5 Merge pull request #305 from sharelatex/cdnfallback
don't use cdn if it can not be accessed
2016-08-24 09:45:14 +01:00
Henry Oswald
934e908697 just use plain req.ip for logging 2016-08-23 17:00:13 +01:00
Henry Oswald
d3ebdb64b2 precompile the jade partial views 2016-08-23 15:31:09 +01:00
Henry Oswald
50b3403983 use url.resolve to build url for freegeoip lookups 2016-08-19 15:39:58 +01:00
Henry Oswald
d8e7bacec4 added logging in 2016-08-19 11:53:40 +01:00
Henry Oswald
3d36dc7d6c mvp for not using cdn when blocked 2016-08-19 11:05:35 +01:00
Henry Oswald
f7a0860f0b Merge pull request #286 from sharelatex/ha-editor-close
fix close editor button
2016-07-22 13:49:26 +01:00
Henry Oswald
3029fb6335 add dark host option and don’t load pdfjs worker via cdn 2016-07-21 19:06:53 +01:00
Henry Oswald
6aca798a45 don’t use cdn on dark 2016-07-21 15:34:23 +01:00
Henry Oswald
ad60268707 clean up vars for buildjs path and change default to cdn.sharelatex.dev:3000 2016-07-21 09:38:24 +01:00
Henry Oswald
e27d5ce969 use Url for lib name 2016-07-20 16:10:33 +01:00
Henry Oswald
596fc2525b simplified buildJSPath 2016-07-20 14:48:58 +01:00
Henry Oswald
6c78ab4ace got requirejs working nicely with cdn 2016-07-20 12:58:32 +01:00
Henry Oswald
b589ab388f fix close editor button
- only evaulate close on web router, not api/static assets
- allow /admin pages to still be available
2016-07-19 17:15:20 +01:00
Henry Oswald
f8c38f30a8 got build js path working with mathjax 2016-07-19 15:41:33 +01:00
Henry Oswald
0cbd9d0ff9 use url.resolve to adding https:// part 2016-07-19 11:41:36 +01:00
Henry Oswald
a2a8b7123b created buildCssPath img and js path funcs 2016-07-18 17:18:51 +01:00
Henry Oswald
715ffcfbf2 changed ordering on static assets path, just tidying. 2016-07-18 16:24:48 +01:00
Henry Oswald
c21549220c mvp for cdn 2016-07-18 14:05:07 +01:00
Shane Kilkelly
9e35bdcaea Refactor: add ? suffix to truth tests. 2016-07-07 09:35:44 +01:00
Shane Kilkelly
d8ffa5b4b1 set expiry on the user sessions set. 2016-07-01 11:24:46 +01:00
Henry Oswald
b37595acf9 persist cookie in redis for compiles. 2016-04-19 16:48:51 +01:00
Henry Oswald
c777f498ad Merge branch 'groove2' 2016-03-22 11:58:04 +00:00
Henry Oswald
4e78e34cdf finished contact us with groove
for settings file:

<a ng-controller="ContactModal", ng-click="contactUsModal()", href>Contact</a>
2016-03-21 11:41:05 +00:00
James Allen
e7d67668e9 Improve error reporting and show 404 when project ids are malformed 2016-03-18 15:59:12 +00:00
James Allen
8a095a5144 Upgrade to PDF 1.3.91 2016-02-04 14:27:00 +00:00
Henry Oswald
69734c20c0 added heapdump endpoint 2015-11-30 16:16:16 +00:00
Henry Oswald
5a9174b1de use user_id for client side six pack. also change name of editor free trial test 2015-11-17 15:54:59 +00:00
Henry Oswald
56635d2221 set timeout for sixpack server dynamically, needs to be longer for local dev 2015-11-12 12:43:55 +00:00
Henry Oswald
377cc11c3b added sixpack to server side 2015-11-12 09:29:44 +00:00
James Allen
a153c6682a Put in client side check for document getting too long 2015-11-06 12:51:43 +00:00
James Allen
9dcc251017 Copy header values so they can be modified by modules each request 2015-11-05 16:52:50 +00:00
James Allen
d996ed6e47 Refactor addUserToProject for better access by groups 2015-10-14 17:29:58 +01:00
James Allen
c4e4f2c77a Add modules hook for contacts and support groups in auto complete 2015-10-08 18:17:53 +01:00
Henry Oswald
9028bcf830 set body parser limit to 2mb 2015-07-08 14:35:03 +01:00
Brian Gough
e6a670533d added default mongoose connection 2015-07-01 15:36:50 +01:00
Henry Oswald
3ab57f6830 put express locals on webRouter, this prevents problem with accessing sessions in locals, they should also only be used on web routes not api routes 2015-07-01 15:28:30 +01:00
Henry Oswald
941d407231 added saveUninitialized option to session which is now required 2015-07-01 15:26:17 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Brian Gough
3de841dd71 added event loop monitor 2015-06-23 13:50:42 +01:00
Henry Oswald
33aa5c732f if a domain licence link has expired render a nice message explaining they need to retry 2015-06-01 12:43:42 +01:00
Henry Oswald
9764ab258b added complex password validation to password resets 2015-04-30 12:05:46 +01:00
James Allen
33f56b71a2 Remove redundant body parser line 2015-04-14 13:04:49 +01:00
James Allen
8b4ccae60a Read cookie session length from settings file 2015-04-14 13:04:29 +01:00
Brian Gough
0684fa36fd upgrade pdfjs to version 1.0.1040 2015-03-31 14:53:27 +01:00
Brian Gough
b0a32b1ef8 make new pdf viewer the default for all users
remove old pdf viewer
2015-03-20 11:28:28 +00:00
James Allen
d376acdaa9 Allow an __appName__ parameter in translations 2015-03-09 12:14:30 +00:00
Henry Oswald
387a8b8ae3 hide some forms in user settings if authentication is managed by external system 2015-02-24 13:41:46 +00:00
James Allen
6c387edbe2 Remove Dropbox front end logic from main sharelatex repo 2015-02-05 18:20:34 +00:00
James Allen
d7afb4e513 Clean up unused real-time code in web 2015-02-05 16:37:37 +00:00
James Allen
366a0403a6 Clear rate limit in smoke tests 2015-02-05 10:18:18 +00:00
James Allen
2aa229d145 Add in profiling end point 2015-02-03 11:05:23 +00:00
Henry Oswald
f9843b3709 tax auto updates on change of address now. Is also preset based on users ip address 2015-01-07 13:16:19 +00:00
Brian Gough
419d84564c add support for client-side error logging using sentry 2014-12-12 13:58:07 +00:00
Brian Gough
ce8b5dd11c generate fingerprints for the new pdf.js files 2014-12-01 16:48:40 +00:00
Henry Oswald
bd841b4795 coppied the lock manager over from doc updater 2014-11-25 16:52:27 +00:00
Henry Oswald
3bae278c92 Revert "increased timeout for geoip to 3 seconds"
This reverts commit e4c892b59734a0b6b67ad37a1d09c1618ec389d4.
2014-11-25 13:10:00 +00:00
Henry Oswald
d91064a369 increased timeout for geoip to 3 seconds 2014-11-25 11:51:03 +00:00
Henry Oswald
dbecadcaea Merge branch 'master' into multicurrency 2014-11-25 11:35:59 +00:00
James Allen
b8fdbdb406 Handle errors in request pipes 2014-11-24 13:58:41 +00:00
Henry Oswald
6d22bda88f added new currencies removed ab test as well 2014-11-21 13:13:53 +00:00
James Allen
941f550d6c Remove all traces of soa-req-id 2014-10-15 14:11:02 +01:00