Tim Alby
a04adbf132
remove extra security headers
2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417
add security headers using Helmet
...
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
- a user is logged in, OR
- a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
2e6c578dd7
add ol-style.css to fingerprint list
2017-09-05 10:54:26 +01:00
James Allen
d5839437fd
Add in UserStub model and support in collaborators view
2017-08-24 17:48:47 +02:00
Paulo Reis
4849c705de
Optionally ask the translate local method to HTML encode; use it in the problematic tooltip.
2017-07-28 17:31:28 +01:00
Brian Gough
0ae93db08b
use ApiErrorHandler on public api
2017-07-05 15:06:23 +01:00
Brian Gough
bd83d94f64
rename apiRouter -> privateApiRouter in Modules
2017-07-05 14:41:14 +01:00
Brian Gough
29b40ad824
add public api router
2017-07-05 14:32:55 +01:00
Brian Gough
3e8ad69f3c
make loading of module routes more robust
2017-07-05 11:46:29 +01:00
Brian Gough
b2f676af5a
avoid duplicate routes for /status
2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886
use settings instead of ENV for web/api split
2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120
support separate processes for web and api
...
via an environment variable WEB_TYPE
2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6
use a separate error handler for api router errors
2017-05-19 16:36:29 +01:00
Shane Kilkelly
60d3e4a97b
If external auth system is in use, skip sudo-mode checks
2017-05-15 15:46:24 +01:00
James Allen
3bfd92dd9c
Rename lock to avoid potential conflict with doc updater
2017-05-11 15:27:01 +01:00
James Allen
8449b0417c
Move all redis end points to be cluster compatible
2017-05-04 15:22:54 +01:00
Shane Kilkelly
a9b8b864df
Move content-disposition setting into a method on res
2017-04-12 16:00:02 +01:00
Shane Kilkelly
bb65da88fe
Merge branch 'master' into node-6.9
2017-04-05 10:15:51 +01:00
Shane Kilkelly
043520fc28
Remove the Metrics module, use metrics-sharelatex
2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776
wip: use new metrics.timeAsyncMethod
2017-03-16 10:59:18 +00:00
Brian Gough
6f392f2270
upgrade pdfjs to 1.7.225
2017-03-02 09:31:23 +00:00
Shane Kilkelly
621a07aff2
Merge branch 'master' into node-6.9
2017-02-14 11:01:14 +00:00
Shane Kilkelly
4e9426e6bf
Merge branch 'master' into sk-pug
2017-01-30 14:36:10 +00:00
Shane Kilkelly
239164fe26
Merge branch 'master' into sk-rate-limit-cluster
2017-01-25 09:56:08 +00:00
Henry Oswald
13d21b881f
use new annoncments feature for case study info
2017-01-24 16:03:05 +00:00
Henry Oswald
2341a8481a
Merge branch 'master' into ho-promote-case-study
2017-01-24 14:49:35 +00:00
Shane Kilkelly
57cd54bf55
WIP: migrate from jade to pug
2017-01-20 12:03:02 +00:00
Shane Kilkelly
635b935acc
Add an acceptance test for login rate limits, cleanup
2017-01-16 11:46:59 +00:00
Shane Kilkelly
25956d4c62
Fix up tests
2017-01-13 16:04:26 +00:00
Shane Kilkelly
525e871d55
Merge branch 'master' into sk-rate-limit-cluster
2017-01-13 14:17:18 +00:00
Shane Kilkelly
5c25d15a18
WIP: try switch to rolling rate limiter
2017-01-12 09:25:18 +00:00
Shane Kilkelly
731f280e2e
Move auth parts of top menu out of config and into web templates.
...
Move the remaining configuration into a new config var: `nav.header_extras`.
Add a `nav.showSubscriptionLink` var to control visibility of subscription link
in the Account menu.
This will allow admins to more easily configure extra links in the top
navigation bar, without the danger of overwriting the important auth menus.
2017-01-11 10:27:38 +00:00
Shane Kilkelly
7bbbfe20b9
If external auth is used, remove /register
items from header nav.
...
(logic moved from docker-image settings file)
2016-12-21 13:50:13 +00:00
Shane Kilkelly
64f69069b2
Experimental: upgrade to node 6.9.2 (latest LTS release)
2016-12-21 10:23:42 +00:00
Shane Kilkelly
822f76a883
Add unit tests for RedisWrapper
2016-12-19 15:12:22 +00:00
Shane Kilkelly
03b541fb64
Fix small mistakes
2016-12-19 14:10:27 +00:00
Shane Kilkelly
9f787943b6
Remove stray redis imports.
2016-12-19 12:17:23 +00:00
Shane Kilkelly
ef0a5801d5
Create a RedisWrapper, and use it for rate limiting.
2016-12-19 12:17:02 +00:00
Shane Kilkelly
d38890e9f4
Add the rolling
option to session
2016-11-30 09:41:58 +00:00
Henry Oswald
6e9458e9e1
wip
2016-11-29 14:38:25 +00:00
Brian Gough
277894631a
try out new pdfjs font fix
...
https://github.com/mozilla/pdf.js/pull/7705
2016-11-16 14:50:09 +00:00
Shane Kilkelly
6c381b127c
Count saml as an external authentication system.
2016-11-14 13:33:48 +00:00
Shane Kilkelly
2cf2199964
WIP: enable non-csrf routes from modules
2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89
WIP: start moving web sessions to cluster
2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8
Enable hook from module into passport init.
2016-11-01 14:06:54 +00:00
Brian Gough
baf09e4f3a
avoid exception in LoggerSerializers
2016-10-25 15:50:05 +01:00
Brian Gough
3519fbe337
add worker-latex.js to fingerprints
2016-10-25 14:18:37 +01:00
Brian Gough
27a8dc1dfd
upgrade pdfjs to 1.6.210p1
2016-10-13 16:10:01 +01:00
Brian Gough
8c7d712738
update live version of ace to 1.2.5
2016-10-06 14:20:23 +01:00
Brian Gough
837151a395
include moment in package versions
2016-10-05 14:54:42 +01:00
Brian Gough
8b6425317f
introduce PackageVersions module
...
put all package versions in one central place
2016-10-05 14:54:42 +01:00
Henry Oswald
4f3b57ceeb
cleaned up comments
2016-09-27 16:23:40 +01:00
Henry Oswald
a00cb707cc
fingerprints are grouped into lists with this change
...
fingerprints are shared when require.js pulls in other resources.
this change means changes to either ace.js or mode-latex.js will
result in different fingerprints for those files.
2016-09-27 16:21:04 +01:00
Shane Kilkelly
a0f156e1a9
wipe out more session access
2016-09-22 15:33:50 +01:00
Shane Kilkelly
ff1c72ee14
Fix up more session access
2016-09-22 14:30:34 +01:00
Shane Kilkelly
6df569253a
Fix session touch
2016-09-22 13:48:09 +01:00
Shane Kilkelly
eca1dfa482
Remove dead code
2016-09-21 09:27:35 +01:00
Shane Kilkelly
4eada48638
Merge branch 'master' into sk-passport
2016-09-19 15:40:25 +01:00
Brian Gough
ebe3ba4fb8
Merge pull request #316 from sharelatex/pdfjs-font-patch
...
Pdfjs font patch
2016-09-19 11:24:50 +01:00
Brian Gough
64dc1784d3
switch to patched version of pdfjs
2016-09-19 11:15:27 +01:00
Shane Kilkelly
97a6ac0f00
Merge branch 'master' into sk-passport
...
# Conflicts:
# app/coffee/Features/Authorization/AuthorizationMiddlewear.coffee
2016-09-15 14:48:51 +01:00
James Allen
c9a17982cf
Add canonical url tag and don't include query string
2016-09-14 17:08:26 +01:00
Shane Kilkelly
9758dd77b3
kill whitespace
2016-09-07 08:58:57 +01:00
Shane Kilkelly
b0a10c948c
wip refactor
2016-09-06 15:22:13 +01:00
Shane Kilkelly
eca4c46f7f
WIP: refactor
2016-09-05 16:23:37 +01:00
Shane Kilkelly
ab2c1e82fb
WIP: refactor
2016-09-05 15:58:31 +01:00
Shane Kilkelly
e6c7aa25ec
barely functional login and logout
2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150
Basic passport integration
2016-09-02 16:17:37 +01:00
Henry Oswald
8c18153d5c
Merge pull request #304 from sharelatex/ho-jade-speedup
...
Ho jade speedup
2016-08-30 12:47:08 +01:00
Henry Oswald
3f4e888af5
Merge pull request #305 from sharelatex/cdnfallback
...
don't use cdn if it can not be accessed
2016-08-24 09:45:14 +01:00
Henry Oswald
934e908697
just use plain req.ip for logging
2016-08-23 17:00:13 +01:00
Henry Oswald
d3ebdb64b2
precompile the jade partial views
2016-08-23 15:31:09 +01:00
Henry Oswald
50b3403983
use url.resolve to build url for freegeoip lookups
2016-08-19 15:39:58 +01:00
Henry Oswald
d8e7bacec4
added logging in
2016-08-19 11:53:40 +01:00
Henry Oswald
3d36dc7d6c
mvp for not using cdn when blocked
2016-08-19 11:05:35 +01:00
Henry Oswald
f7a0860f0b
Merge pull request #286 from sharelatex/ha-editor-close
...
fix close editor button
2016-07-22 13:49:26 +01:00
Henry Oswald
3029fb6335
add dark host option and don’t load pdfjs worker via cdn
2016-07-21 19:06:53 +01:00
Henry Oswald
6aca798a45
don’t use cdn on dark
2016-07-21 15:34:23 +01:00
Henry Oswald
ad60268707
clean up vars for buildjs path and change default to cdn.sharelatex.dev:3000
2016-07-21 09:38:24 +01:00
Henry Oswald
e27d5ce969
use Url for lib name
2016-07-20 16:10:33 +01:00
Henry Oswald
596fc2525b
simplified buildJSPath
2016-07-20 14:48:58 +01:00
Henry Oswald
6c78ab4ace
got requirejs working nicely with cdn
2016-07-20 12:58:32 +01:00
Henry Oswald
b589ab388f
fix close editor button
...
- only evaulate close on web router, not api/static assets
- allow /admin pages to still be available
2016-07-19 17:15:20 +01:00
Henry Oswald
f8c38f30a8
got build js path working with mathjax
2016-07-19 15:41:33 +01:00
Henry Oswald
0cbd9d0ff9
use url.resolve to adding https:// part
2016-07-19 11:41:36 +01:00
Henry Oswald
a2a8b7123b
created buildCssPath img and js path funcs
2016-07-18 17:18:51 +01:00
Henry Oswald
715ffcfbf2
changed ordering on static assets path, just tidying.
2016-07-18 16:24:48 +01:00
Henry Oswald
c21549220c
mvp for cdn
2016-07-18 14:05:07 +01:00
Shane Kilkelly
9e35bdcaea
Refactor: add ?
suffix to truth tests.
2016-07-07 09:35:44 +01:00
Shane Kilkelly
d8ffa5b4b1
set expiry on the user sessions set.
2016-07-01 11:24:46 +01:00
Henry Oswald
b37595acf9
persist cookie in redis for compiles.
2016-04-19 16:48:51 +01:00
Henry Oswald
c777f498ad
Merge branch 'groove2'
2016-03-22 11:58:04 +00:00
Henry Oswald
4e78e34cdf
finished contact us with groove
...
for settings file:
<a ng-controller="ContactModal", ng-click="contactUsModal()", href>Contact</a>
2016-03-21 11:41:05 +00:00
James Allen
e7d67668e9
Improve error reporting and show 404 when project ids are malformed
2016-03-18 15:59:12 +00:00
James Allen
8a095a5144
Upgrade to PDF 1.3.91
2016-02-04 14:27:00 +00:00
Henry Oswald
69734c20c0
added heapdump endpoint
2015-11-30 16:16:16 +00:00
Henry Oswald
5a9174b1de
use user_id for client side six pack. also change name of editor free trial test
2015-11-17 15:54:59 +00:00
Henry Oswald
56635d2221
set timeout for sixpack server dynamically, needs to be longer for local dev
2015-11-12 12:43:55 +00:00
Henry Oswald
377cc11c3b
added sixpack to server side
2015-11-12 09:29:44 +00:00
James Allen
a153c6682a
Put in client side check for document getting too long
2015-11-06 12:51:43 +00:00
James Allen
9dcc251017
Copy header values so they can be modified by modules each request
2015-11-05 16:52:50 +00:00
James Allen
d996ed6e47
Refactor addUserToProject for better access by groups
2015-10-14 17:29:58 +01:00
James Allen
c4e4f2c77a
Add modules hook for contacts and support groups in auto complete
2015-10-08 18:17:53 +01:00
Henry Oswald
9028bcf830
set body parser limit to 2mb
2015-07-08 14:35:03 +01:00
Brian Gough
e6a670533d
added default mongoose connection
2015-07-01 15:36:50 +01:00
Henry Oswald
3ab57f6830
put express locals on webRouter, this prevents problem with accessing sessions in locals, they should also only be used on web routes not api routes
2015-07-01 15:28:30 +01:00
Henry Oswald
941d407231
added saveUninitialized option to session which is now required
2015-07-01 15:26:17 +01:00
Henry Oswald
1cc0cbe8fc
split site into 2 routers, webRouter and apiRouter
...
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538
v1 of express4 conversion
2015-07-01 15:17:43 +01:00
Brian Gough
3de841dd71
added event loop monitor
2015-06-23 13:50:42 +01:00
Henry Oswald
33aa5c732f
if a domain licence link has expired render a nice message explaining they need to retry
2015-06-01 12:43:42 +01:00
Henry Oswald
9764ab258b
added complex password validation to password resets
2015-04-30 12:05:46 +01:00
James Allen
33f56b71a2
Remove redundant body parser line
2015-04-14 13:04:49 +01:00
James Allen
8b4ccae60a
Read cookie session length from settings file
2015-04-14 13:04:29 +01:00
Brian Gough
0684fa36fd
upgrade pdfjs to version 1.0.1040
2015-03-31 14:53:27 +01:00
Brian Gough
b0a32b1ef8
make new pdf viewer the default for all users
...
remove old pdf viewer
2015-03-20 11:28:28 +00:00
James Allen
d376acdaa9
Allow an __appName__ parameter in translations
2015-03-09 12:14:30 +00:00
Henry Oswald
387a8b8ae3
hide some forms in user settings if authentication is managed by external system
2015-02-24 13:41:46 +00:00
James Allen
6c387edbe2
Remove Dropbox front end logic from main sharelatex repo
2015-02-05 18:20:34 +00:00
James Allen
d7afb4e513
Clean up unused real-time code in web
2015-02-05 16:37:37 +00:00
James Allen
366a0403a6
Clear rate limit in smoke tests
2015-02-05 10:18:18 +00:00
James Allen
2aa229d145
Add in profiling end point
2015-02-03 11:05:23 +00:00
Henry Oswald
f9843b3709
tax auto updates on change of address now. Is also preset based on users ip address
2015-01-07 13:16:19 +00:00
Brian Gough
419d84564c
add support for client-side error logging using sentry
2014-12-12 13:58:07 +00:00
Brian Gough
ce8b5dd11c
generate fingerprints for the new pdf.js files
2014-12-01 16:48:40 +00:00
Henry Oswald
bd841b4795
coppied the lock manager over from doc updater
2014-11-25 16:52:27 +00:00
Henry Oswald
3bae278c92
Revert "increased timeout for geoip to 3 seconds"
...
This reverts commit e4c892b59734a0b6b67ad37a1d09c1618ec389d4.
2014-11-25 13:10:00 +00:00
Henry Oswald
d91064a369
increased timeout for geoip to 3 seconds
2014-11-25 11:51:03 +00:00
Henry Oswald
dbecadcaea
Merge branch 'master' into multicurrency
2014-11-25 11:35:59 +00:00
James Allen
b8fdbdb406
Handle errors in request pipes
2014-11-24 13:58:41 +00:00
Henry Oswald
6d22bda88f
added new currencies removed ab test as well
2014-11-21 13:13:53 +00:00
James Allen
941f550d6c
Remove all traces of soa-req-id
2014-10-15 14:11:02 +01:00
Henry Oswald
19a08f82a6
default to USD if there is no match
2014-10-14 12:14:03 +01:00
Henry Oswald
36264706f6
hooked the plans page up to the geo ip lookup
2014-10-13 14:10:15 +01:00
Henry Oswald
3ca04e25fd
add 1 second timeout to geoiplookup
...
response times generally seem to be around 0.05s from our servers
2014-10-13 13:15:48 +01:00
Henry Oswald
2e6c2c1926
default to USD in geo ip lookup.
...
Decided to put default logic in the GeoIpLookup.getCurrencyCode as
we are going to want this default everywhere we use it.
2014-10-13 13:08:11 +01:00
Henry Oswald
e78e4d46b0
use first ip passed though in string for ip lookup
2014-10-13 13:04:20 +01:00
Henry Oswald
259871cbdd
added geoip lookup feature
2014-10-13 00:45:45 +01:00
James Allen
82dc3cf654
Don't reload module views each request by default
2014-10-08 12:39:36 +01:00
James Allen
128c672edd
Merge branch 'github-sync'
...
Conflicts:
package.json
2014-10-08 12:13:37 +01:00
James Allen
10732d112d
Hook module system into project list page
2014-10-03 11:32:59 +01:00
Henry Oswald
81307324fc
v2, seems to work...
2014-09-26 17:04:33 +01:00
Henry Oswald
f73629f8d9
v1 of sentinal support
2014-09-26 14:52:00 +01:00
Henry Oswald
c08a568664
removed session logging
2014-09-10 10:09:25 +01:00
Henry Oswald
d961b48857
imporved logging for session debug
2014-09-10 08:20:36 +01:00
Henry Oswald
ca402a3061
added some logging in for sessions
2014-09-08 17:45:37 +01:00
James Allen
db9632f8f2
Allow modules to inject parts of views
2014-09-08 15:40:46 +01:00
James Allen
374c0f3d65
Add existence check for modules dir
2014-09-08 14:23:47 +01:00
Henry Oswald
8762297158
touch the session rather than setting the expires, same result
2014-09-04 18:07:31 +01:00
James Allen
c8ab1bd394
Merge branch 'master' of github.com:sharelatex/web-sharelatex
2014-08-22 12:52:31 +01:00