Commit graph

297 commits

Author SHA1 Message Date
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Brian Gough
2e6c578dd7 add ol-style.css to fingerprint list 2017-09-05 10:54:26 +01:00
James Allen
d5839437fd Add in UserStub model and support in collaborators view 2017-08-24 17:48:47 +02:00
Paulo Reis
4849c705de Optionally ask the translate local method to HTML encode; use it in the problematic tooltip. 2017-07-28 17:31:28 +01:00
Brian Gough
0ae93db08b use ApiErrorHandler on public api 2017-07-05 15:06:23 +01:00
Brian Gough
bd83d94f64 rename apiRouter -> privateApiRouter in Modules 2017-07-05 14:41:14 +01:00
Brian Gough
29b40ad824 add public api router 2017-07-05 14:32:55 +01:00
Brian Gough
3e8ad69f3c make loading of module routes more robust 2017-07-05 11:46:29 +01:00
Brian Gough
b2f676af5a avoid duplicate routes for /status 2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886 use settings instead of ENV for web/api split 2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120 support separate processes for web and api
via an environment variable WEB_TYPE
2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6 use a separate error handler for api router errors 2017-05-19 16:36:29 +01:00
Shane Kilkelly
60d3e4a97b If external auth system is in use, skip sudo-mode checks 2017-05-15 15:46:24 +01:00
James Allen
3bfd92dd9c Rename lock to avoid potential conflict with doc updater 2017-05-11 15:27:01 +01:00
James Allen
8449b0417c Move all redis end points to be cluster compatible 2017-05-04 15:22:54 +01:00
Shane Kilkelly
a9b8b864df Move content-disposition setting into a method on res 2017-04-12 16:00:02 +01:00
Shane Kilkelly
bb65da88fe Merge branch 'master' into node-6.9 2017-04-05 10:15:51 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776 wip: use new metrics.timeAsyncMethod 2017-03-16 10:59:18 +00:00
Brian Gough
6f392f2270 upgrade pdfjs to 1.7.225 2017-03-02 09:31:23 +00:00
Shane Kilkelly
621a07aff2 Merge branch 'master' into node-6.9 2017-02-14 11:01:14 +00:00
Shane Kilkelly
4e9426e6bf Merge branch 'master' into sk-pug 2017-01-30 14:36:10 +00:00
Shane Kilkelly
239164fe26 Merge branch 'master' into sk-rate-limit-cluster 2017-01-25 09:56:08 +00:00
Henry Oswald
13d21b881f use new annoncments feature for case study info 2017-01-24 16:03:05 +00:00
Henry Oswald
2341a8481a Merge branch 'master' into ho-promote-case-study 2017-01-24 14:49:35 +00:00
Shane Kilkelly
57cd54bf55 WIP: migrate from jade to pug 2017-01-20 12:03:02 +00:00
Shane Kilkelly
635b935acc Add an acceptance test for login rate limits, cleanup 2017-01-16 11:46:59 +00:00
Shane Kilkelly
25956d4c62 Fix up tests 2017-01-13 16:04:26 +00:00
Shane Kilkelly
525e871d55 Merge branch 'master' into sk-rate-limit-cluster 2017-01-13 14:17:18 +00:00
Shane Kilkelly
5c25d15a18 WIP: try switch to rolling rate limiter 2017-01-12 09:25:18 +00:00
Shane Kilkelly
731f280e2e Move auth parts of top menu out of config and into web templates.
Move the remaining configuration into a new config var: `nav.header_extras`.
Add a `nav.showSubscriptionLink` var to control visibility of subscription link
in the Account menu.

This will allow admins to more easily configure extra links in the top
navigation bar, without the danger of overwriting the important auth menus.
2017-01-11 10:27:38 +00:00
Shane Kilkelly
7bbbfe20b9 If external auth is used, remove /register items from header nav.
(logic moved from docker-image settings file)
2016-12-21 13:50:13 +00:00
Shane Kilkelly
64f69069b2 Experimental: upgrade to node 6.9.2 (latest LTS release) 2016-12-21 10:23:42 +00:00
Shane Kilkelly
822f76a883 Add unit tests for RedisWrapper 2016-12-19 15:12:22 +00:00
Shane Kilkelly
03b541fb64 Fix small mistakes 2016-12-19 14:10:27 +00:00
Shane Kilkelly
9f787943b6 Remove stray redis imports. 2016-12-19 12:17:23 +00:00
Shane Kilkelly
ef0a5801d5 Create a RedisWrapper, and use it for rate limiting. 2016-12-19 12:17:02 +00:00
Shane Kilkelly
d38890e9f4 Add the rolling option to session 2016-11-30 09:41:58 +00:00
Henry Oswald
6e9458e9e1 wip 2016-11-29 14:38:25 +00:00
Brian Gough
277894631a try out new pdfjs font fix
https://github.com/mozilla/pdf.js/pull/7705
2016-11-16 14:50:09 +00:00
Shane Kilkelly
6c381b127c Count saml as an external authentication system. 2016-11-14 13:33:48 +00:00
Shane Kilkelly
2cf2199964 WIP: enable non-csrf routes from modules 2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Brian Gough
baf09e4f3a avoid exception in LoggerSerializers 2016-10-25 15:50:05 +01:00
Brian Gough
3519fbe337 add worker-latex.js to fingerprints 2016-10-25 14:18:37 +01:00
Brian Gough
27a8dc1dfd upgrade pdfjs to 1.6.210p1 2016-10-13 16:10:01 +01:00
Brian Gough
8c7d712738 update live version of ace to 1.2.5 2016-10-06 14:20:23 +01:00
Brian Gough
837151a395 include moment in package versions 2016-10-05 14:54:42 +01:00
Brian Gough
8b6425317f introduce PackageVersions module
put all package versions in one central place
2016-10-05 14:54:42 +01:00
Henry Oswald
4f3b57ceeb cleaned up comments 2016-09-27 16:23:40 +01:00
Henry Oswald
a00cb707cc fingerprints are grouped into lists with this change
fingerprints are shared when require.js pulls in other resources.
this change means changes to either ace.js or mode-latex.js will
result in different fingerprints for those files.
2016-09-27 16:21:04 +01:00
Shane Kilkelly
a0f156e1a9 wipe out more session access 2016-09-22 15:33:50 +01:00
Shane Kilkelly
ff1c72ee14 Fix up more session access 2016-09-22 14:30:34 +01:00
Shane Kilkelly
6df569253a Fix session touch 2016-09-22 13:48:09 +01:00
Shane Kilkelly
eca1dfa482 Remove dead code 2016-09-21 09:27:35 +01:00
Shane Kilkelly
4eada48638 Merge branch 'master' into sk-passport 2016-09-19 15:40:25 +01:00
Brian Gough
ebe3ba4fb8 Merge pull request #316 from sharelatex/pdfjs-font-patch
Pdfjs font patch
2016-09-19 11:24:50 +01:00
Brian Gough
64dc1784d3 switch to patched version of pdfjs 2016-09-19 11:15:27 +01:00
Shane Kilkelly
97a6ac0f00 Merge branch 'master' into sk-passport
# Conflicts:
#	app/coffee/Features/Authorization/AuthorizationMiddlewear.coffee
2016-09-15 14:48:51 +01:00
James Allen
c9a17982cf Add canonical url tag and don't include query string 2016-09-14 17:08:26 +01:00
Shane Kilkelly
9758dd77b3 kill whitespace 2016-09-07 08:58:57 +01:00
Shane Kilkelly
b0a10c948c wip refactor 2016-09-06 15:22:13 +01:00
Shane Kilkelly
eca4c46f7f WIP: refactor 2016-09-05 16:23:37 +01:00
Shane Kilkelly
ab2c1e82fb WIP: refactor 2016-09-05 15:58:31 +01:00
Shane Kilkelly
e6c7aa25ec barely functional login and logout 2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150 Basic passport integration 2016-09-02 16:17:37 +01:00
Henry Oswald
8c18153d5c Merge pull request #304 from sharelatex/ho-jade-speedup
Ho jade speedup
2016-08-30 12:47:08 +01:00
Henry Oswald
3f4e888af5 Merge pull request #305 from sharelatex/cdnfallback
don't use cdn if it can not be accessed
2016-08-24 09:45:14 +01:00
Henry Oswald
934e908697 just use plain req.ip for logging 2016-08-23 17:00:13 +01:00
Henry Oswald
d3ebdb64b2 precompile the jade partial views 2016-08-23 15:31:09 +01:00
Henry Oswald
50b3403983 use url.resolve to build url for freegeoip lookups 2016-08-19 15:39:58 +01:00
Henry Oswald
d8e7bacec4 added logging in 2016-08-19 11:53:40 +01:00
Henry Oswald
3d36dc7d6c mvp for not using cdn when blocked 2016-08-19 11:05:35 +01:00
Henry Oswald
f7a0860f0b Merge pull request #286 from sharelatex/ha-editor-close
fix close editor button
2016-07-22 13:49:26 +01:00
Henry Oswald
3029fb6335 add dark host option and don’t load pdfjs worker via cdn 2016-07-21 19:06:53 +01:00
Henry Oswald
6aca798a45 don’t use cdn on dark 2016-07-21 15:34:23 +01:00
Henry Oswald
ad60268707 clean up vars for buildjs path and change default to cdn.sharelatex.dev:3000 2016-07-21 09:38:24 +01:00
Henry Oswald
e27d5ce969 use Url for lib name 2016-07-20 16:10:33 +01:00
Henry Oswald
596fc2525b simplified buildJSPath 2016-07-20 14:48:58 +01:00
Henry Oswald
6c78ab4ace got requirejs working nicely with cdn 2016-07-20 12:58:32 +01:00
Henry Oswald
b589ab388f fix close editor button
- only evaulate close on web router, not api/static assets
- allow /admin pages to still be available
2016-07-19 17:15:20 +01:00
Henry Oswald
f8c38f30a8 got build js path working with mathjax 2016-07-19 15:41:33 +01:00
Henry Oswald
0cbd9d0ff9 use url.resolve to adding https:// part 2016-07-19 11:41:36 +01:00
Henry Oswald
a2a8b7123b created buildCssPath img and js path funcs 2016-07-18 17:18:51 +01:00
Henry Oswald
715ffcfbf2 changed ordering on static assets path, just tidying. 2016-07-18 16:24:48 +01:00
Henry Oswald
c21549220c mvp for cdn 2016-07-18 14:05:07 +01:00
Shane Kilkelly
9e35bdcaea Refactor: add ? suffix to truth tests. 2016-07-07 09:35:44 +01:00
Shane Kilkelly
d8ffa5b4b1 set expiry on the user sessions set. 2016-07-01 11:24:46 +01:00
Henry Oswald
b37595acf9 persist cookie in redis for compiles. 2016-04-19 16:48:51 +01:00
Henry Oswald
c777f498ad Merge branch 'groove2' 2016-03-22 11:58:04 +00:00
Henry Oswald
4e78e34cdf finished contact us with groove
for settings file:

<a ng-controller="ContactModal", ng-click="contactUsModal()", href>Contact</a>
2016-03-21 11:41:05 +00:00
James Allen
e7d67668e9 Improve error reporting and show 404 when project ids are malformed 2016-03-18 15:59:12 +00:00
James Allen
8a095a5144 Upgrade to PDF 1.3.91 2016-02-04 14:27:00 +00:00
Henry Oswald
69734c20c0 added heapdump endpoint 2015-11-30 16:16:16 +00:00
Henry Oswald
5a9174b1de use user_id for client side six pack. also change name of editor free trial test 2015-11-17 15:54:59 +00:00
Henry Oswald
56635d2221 set timeout for sixpack server dynamically, needs to be longer for local dev 2015-11-12 12:43:55 +00:00
Henry Oswald
377cc11c3b added sixpack to server side 2015-11-12 09:29:44 +00:00
James Allen
a153c6682a Put in client side check for document getting too long 2015-11-06 12:51:43 +00:00
James Allen
9dcc251017 Copy header values so they can be modified by modules each request 2015-11-05 16:52:50 +00:00
James Allen
d996ed6e47 Refactor addUserToProject for better access by groups 2015-10-14 17:29:58 +01:00
James Allen
c4e4f2c77a Add modules hook for contacts and support groups in auto complete 2015-10-08 18:17:53 +01:00
Henry Oswald
9028bcf830 set body parser limit to 2mb 2015-07-08 14:35:03 +01:00
Brian Gough
e6a670533d added default mongoose connection 2015-07-01 15:36:50 +01:00
Henry Oswald
3ab57f6830 put express locals on webRouter, this prevents problem with accessing sessions in locals, they should also only be used on web routes not api routes 2015-07-01 15:28:30 +01:00
Henry Oswald
941d407231 added saveUninitialized option to session which is now required 2015-07-01 15:26:17 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Brian Gough
3de841dd71 added event loop monitor 2015-06-23 13:50:42 +01:00
Henry Oswald
33aa5c732f if a domain licence link has expired render a nice message explaining they need to retry 2015-06-01 12:43:42 +01:00
Henry Oswald
9764ab258b added complex password validation to password resets 2015-04-30 12:05:46 +01:00
James Allen
33f56b71a2 Remove redundant body parser line 2015-04-14 13:04:49 +01:00
James Allen
8b4ccae60a Read cookie session length from settings file 2015-04-14 13:04:29 +01:00
Brian Gough
0684fa36fd upgrade pdfjs to version 1.0.1040 2015-03-31 14:53:27 +01:00
Brian Gough
b0a32b1ef8 make new pdf viewer the default for all users
remove old pdf viewer
2015-03-20 11:28:28 +00:00
James Allen
d376acdaa9 Allow an __appName__ parameter in translations 2015-03-09 12:14:30 +00:00
Henry Oswald
387a8b8ae3 hide some forms in user settings if authentication is managed by external system 2015-02-24 13:41:46 +00:00
James Allen
6c387edbe2 Remove Dropbox front end logic from main sharelatex repo 2015-02-05 18:20:34 +00:00
James Allen
d7afb4e513 Clean up unused real-time code in web 2015-02-05 16:37:37 +00:00
James Allen
366a0403a6 Clear rate limit in smoke tests 2015-02-05 10:18:18 +00:00
James Allen
2aa229d145 Add in profiling end point 2015-02-03 11:05:23 +00:00
Henry Oswald
f9843b3709 tax auto updates on change of address now. Is also preset based on users ip address 2015-01-07 13:16:19 +00:00
Brian Gough
419d84564c add support for client-side error logging using sentry 2014-12-12 13:58:07 +00:00
Brian Gough
ce8b5dd11c generate fingerprints for the new pdf.js files 2014-12-01 16:48:40 +00:00
Henry Oswald
bd841b4795 coppied the lock manager over from doc updater 2014-11-25 16:52:27 +00:00
Henry Oswald
3bae278c92 Revert "increased timeout for geoip to 3 seconds"
This reverts commit e4c892b59734a0b6b67ad37a1d09c1618ec389d4.
2014-11-25 13:10:00 +00:00
Henry Oswald
d91064a369 increased timeout for geoip to 3 seconds 2014-11-25 11:51:03 +00:00
Henry Oswald
dbecadcaea Merge branch 'master' into multicurrency 2014-11-25 11:35:59 +00:00
James Allen
b8fdbdb406 Handle errors in request pipes 2014-11-24 13:58:41 +00:00
Henry Oswald
6d22bda88f added new currencies removed ab test as well 2014-11-21 13:13:53 +00:00
James Allen
941f550d6c Remove all traces of soa-req-id 2014-10-15 14:11:02 +01:00
Henry Oswald
19a08f82a6 default to USD if there is no match 2014-10-14 12:14:03 +01:00
Henry Oswald
36264706f6 hooked the plans page up to the geo ip lookup 2014-10-13 14:10:15 +01:00
Henry Oswald
3ca04e25fd add 1 second timeout to geoiplookup
response times generally seem to be around 0.05s from our servers
2014-10-13 13:15:48 +01:00
Henry Oswald
2e6c2c1926 default to USD in geo ip lookup.
Decided to put default logic in the GeoIpLookup.getCurrencyCode as
we are going to want this default everywhere we use it.
2014-10-13 13:08:11 +01:00
Henry Oswald
e78e4d46b0 use first ip passed though in string for ip lookup 2014-10-13 13:04:20 +01:00
Henry Oswald
259871cbdd added geoip lookup feature 2014-10-13 00:45:45 +01:00
James Allen
82dc3cf654 Don't reload module views each request by default 2014-10-08 12:39:36 +01:00
James Allen
128c672edd Merge branch 'github-sync'
Conflicts:
	package.json
2014-10-08 12:13:37 +01:00
James Allen
10732d112d Hook module system into project list page 2014-10-03 11:32:59 +01:00
Henry Oswald
81307324fc v2, seems to work... 2014-09-26 17:04:33 +01:00
Henry Oswald
f73629f8d9 v1 of sentinal support 2014-09-26 14:52:00 +01:00
Henry Oswald
c08a568664 removed session logging 2014-09-10 10:09:25 +01:00
Henry Oswald
d961b48857 imporved logging for session debug 2014-09-10 08:20:36 +01:00
Henry Oswald
ca402a3061 added some logging in for sessions 2014-09-08 17:45:37 +01:00
James Allen
db9632f8f2 Allow modules to inject parts of views 2014-09-08 15:40:46 +01:00
James Allen
374c0f3d65 Add existence check for modules dir 2014-09-08 14:23:47 +01:00
Henry Oswald
8762297158 touch the session rather than setting the expires, same result 2014-09-04 18:07:31 +01:00
James Allen
c8ab1bd394 Merge branch 'master' of github.com:sharelatex/web-sharelatex 2014-08-22 12:52:31 +01:00