sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,351 Commits 1 Branch 0 Tags
876ebad1f3925f10710aa43842e3e9e8a76b2afe
Commit Graph

157 Commits

Author SHA1 Message Date
Erik Michelson
876ebad1f3 feat: rate-limiting 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-02-01 21:12:08 +01:00
Erik Michelson
858d7bf5d1 feat: option to disable note creation 
The abuse of the demo instance required us to disallow note creation

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-07-21 11:03:35 +02:00
Dennis Gaida
e371d6dcfa Update dockerSecret.js 
Adding OAUTH2 secrets so they can be set using docker secrets.

Signed-off-by: Dennis Gaida <2392217+DennisGaida@users.noreply.github.com>
 2023-06-09 17:03:17 +02:00
Erik Michelson
143864b8d9 enhancement(metrics): allow disabling via config option 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2023-06-04 21:03:46 +02:00
Jordi Mallach
9bda8f2180 Allow setting documentMaxLength via CMD_DOCUMENT_MAX_LENGTH 
Signed-off-by: Jordi Mallach <jordi@igalia.com>
 2023-03-09 10:20:42 +01:00
Tilman Vatteroth
e2b84e134a fix: extend parsing of boolean environment vars 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-03-02 21:12:27 +01:00
Stéphane Maniaci
488e5f8a0a Revert "config: Add a flag to control the /metrics and /status endpoints" 
This reverts commit d10ead4c6c.

Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
 2023-02-05 20:39:13 +01:00
Stéphane Maniaci
d10ead4c6c config: Add a flag to control the /metrics and /status endpoints 
It can be a security concern in some environments to expose system
capabilities even though they don't expose any PII. Add some
flags (defaulted `true` to maintain existing behaviour) to control
whether the /metrics and /status (and anything in the StatusRouter)
are exposed.

Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
 2023-01-31 10:26:41 +01:00
Lautaro Alvarez
3585dc9ee6 Upload file to s3: make public a file on upload and allow to configure destination folder 
New configurations:
- s3folder: (string) folder to save the files inside bucket
- s3publicFiles: (boolean) indicate if should send ACL parameters

Signed-off-by: Lautaro Alvarez <lautarolalvarez@gmail.com>
 2022-07-10 17:44:17 +02:00
David Mehren
d26dcd04a1 Adapt code for eslint-config-standard 17 
Signed-off-by: David Mehren <git@herrmehren.de>
 2022-05-01 21:19:44 +02:00
David Mehren
f544b15eea Ignore stderr when calling git executable 
This hopefully prevents confusing error messages in the docker image.

Signed-off-by: David Mehren <git@herrmehren.de>
 2022-04-10 21:49:25 +02:00
Moritz Schlarb
e6fc9f01a3 Allow SAML authentication provider to be named 
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.

Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>
 2022-03-20 19:59:53 +01:00
Tilman Vatteroth
d7986b1920 Refactor existing code to add the configured domain to connect-src 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2021-09-16 19:43:20 +02:00
David Mehren
957d7d553e Merge pull request #1394 from hedgedoc/remove-cdn 2021-08-15 20:11:26 +02:00
David Mehren
6c722f0ad6 Add config option to disallow embedding PDFs 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-08-15 00:22:31 +02:00
David Mehren
bd44cbc16c Add config option to disallow framing via CSP 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-08-15 00:22:30 +02:00
David Mehren
8b69ac1bcf Fix unescaped line break in git output 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-08-15 00:16:46 +02:00
Tilman Vatteroth
9498ee6bfe Remove cdn support 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2021-08-15 00:09:53 +02:00
David Mehren
cc76201cfb Merge pull request #1533 from hedgedoc/feature/database-env 
feat(config): Improve configurability of database by env
 2021-08-14 23:41:58 +02:00
David Mehren
b719ce79db Fix crash while getting current git commit 
HedgeDoc crashed with
`uncaughtException: ENOENT: no such file or directory`
on startup, when `.git/ref/heads` did not contain
a file for the current branch. This seems to happen
regularly with current Git versions.

This fixes the crash by first trying to use the `git` executable for
getting the current commit SHA (before running our own parsing code)
and introducing a separate check to prevent accessing a nonexistent
file in `.git/ref/heads`.

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-08-14 16:08:55 +02:00
Sheogorath
1428a8e006 feat(config): Improve configurability of database by env 
This patch implements 6 additional environment variables that are used
for configuration of the database in order to allow easier configuration
in containerised environments, such as Kubernetes.

An example is the upcoming deployment of the demo instance that will use
an operator-backed postgresql database. This operator exposes username
and password as separate variables and while it's obviously possible to
generate a dbURL from that, this won't be possible without additional
code. Aiming for a solution in Hedgedoc itself, will help us to enable
other people in using Hedgedoc on Kubernetes without resulting in overly
customised setups for simple tasks like this.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2021-08-13 01:58:53 +02:00
David Mehren
7283ccd5e8 Allow configuring Disqus & GA CSP with env vars 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-06-07 22:57:12 +02:00
David Mehren
52231f688d Disable GA and Disqus in default CSP 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-06-07 22:57:12 +02:00
David Mehren
aece96f539 Automatically enable protocolUseSSL when useSSL is set 
This makes the behavior consistent with the docs and
 saves the user from having to both set
 `useSSL` and `protocolUseSSL`.

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-05-06 21:19:14 +02:00
Philip Molares
be3eee1603 Config: Remove image/jpg 
This was done because both .jpg and .jpeg get the mime type 'image/jpeg' by FileType

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-03-28 22:28:35 +02:00
Philip Molares
136d895d15 Linter: Fix all lint errors 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-02-15 12:15:14 +01:00
Nicolas Dietrich
ad056d7dbb Don't add new config option in hackmd compatibility layer 
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
 2021-01-23 16:20:03 +01:00
Nicolas Dietrich
5e269e4af9 Keep JS and env varibale name in sync (requireFreeURLAuthentication) 
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
 2021-01-23 14:14:47 +01:00
Nicolas Dietrich
497569fee4 Add config option which requires authentication in FreeURL mode 
This mitigates unintended note creation by bots or humans through a
simple GET call.

See discussion in #754.

Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
 2021-01-22 16:52:49 +01:00
David Mehren
a5d835cb74 Merge pull request #597 from hedgedoc/fix/install-docs 2020-11-29 15:51:43 +01:00
David Mehren
0b44a40d1a Replace mentions of config.js with config.json 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-11-27 22:41:54 +01:00
David Mehren
61f54db63e Merge pull request #596 from hedgedoc/remove-pdf-export-code 
Remove pdf export code
 2020-11-27 18:31:19 +01:00
Tilman Vatteroth
97312b5ed3 Remove pdf export code 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-26 21:09:23 +01:00
Joachim Mathes
729b387536 Add oauth2 authorization 
Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
 2020-11-25 19:23:55 +01:00
Tilman Vatteroth
cdc5a89cd7 apply review suggestions 2020-11-15 20:12:39 +01:00
Tilman Vatteroth
978538c0de Correct repo name 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-14 22:24:44 +01:00
Erik Michelson
b28839484d Replace CodiMD with HedgeDoc 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in public/views

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in README

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in SECURITY.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in LICENSE

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/configuration.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in bin/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/dev

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides/auth

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update various links in code to the new GitHub org.

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup/yunohost

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rebrand to HedgeDoc: Add banner and logo

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Remove note in docs/guides/auth/github

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace links in public/docs/features

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add todo placeholder in docs/history

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in public/views/index/body

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add logo to README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add note about the renaming to the front page

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Removed Travis from README.md and change CodiMD to HedgeDoc in some places

Signed-off-by: Yannick Bungers <git@innay.de>

Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc

Signed-off-by: Yannick Bungers <git@innay.de>

Changed Repo name to hedgedoc

Signed-off-by: Yannick Bungers <git@innay.de>
 2020-11-14 21:18:36 +01:00
Erik Michelson
4ece86f0ef Update documentation and messages to new default value 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-09-08 09:58:15 +02:00
Erik Michelson
387e668275 Changed default policy from 'strict' to 'lax' due to the reasons mentioned in 3d1fab05 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-08-27 09:05:17 +02:00
Erik Michelson
824f910bfe Add config option for cookie SameSite policy 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-08-27 02:04:49 +02:00
Simeon Keske
17f0067ab2 allow to set a saml client certificate 
Signed-off-by: Simeon Keske <git@n0emis.eu>
 2020-07-11 21:19:49 +02:00
Victor Berger
5f3a1b6266 Backport of #278 for 1.6.1 
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.

Signed-off-by: Victor Berger <victor.berger@m4x.org>
 2020-06-20 16:48:25 +02:00
Sheogorath
651db60985 Update CDN defaults 
As we noticed in our poll about CDN usage, that most people
intentionally turn it off, but very little intetionally turn it on or
leave it on. [1]

There is also strong indicators that CDNs don't really provide any
benefits in loading time and due to the small deployments of CodiMD,
there is no big savings due to CDNs either. [2]

Therefore this patch changes the CDN default settings to off in order to
reduce the exposed user data.

[1]: https://community.codimd.org/t/poll-on-cdn-usage/28
[2]: https://csswizardry.com/2019/05/self-host-your-static-assets/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-09 21:59:17 +01:00
ike
197223dc81 Add Google oauth variable: hostedDomain 
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3

Signed-off-by: ike <developer@ikewat.com>
 2020-02-08 15:57:22 +08:00
hoijui
e1ff73877b allow to define header link generation style via environment var 
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
 2019-10-30 17:46:38 +01:00
hoijui
cfa2ec38c5 document linkifyHeaderStyle in default.js 
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
 2019-10-30 17:46:17 +01:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config 
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
 2019-10-22 09:05:37 +02:00
Erik Michelson
9e1cc2159f Updated forbiddenNoteIDs 
Signed-off-by: Erik Michelson <erik@liltv.de>
 2019-09-18 22:54:08 +02:00
Sheogorath
529075fd67 Merge pull request #168 from dargmuesli/fix/docker-secret-buffer 
Config: Return String Instead Of Buffer For Docker Secrets
 2019-09-03 18:11:47 +02:00
Jonas Thelemann
0be784351d Docker Secrets: Use Encoding Parameter Directly 
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
 2019-09-03 17:58:58 +02:00