Commit Graph

790 Commits

Author SHA1 Message Date
NGPixel
8a74904731 feat: comments delete + refresh on post + formatting 2020-05-31 02:13:41 -04:00
NGPixel
83f7c2867d fix: admin security UI 2020-05-30 16:42:48 -04:00
NGPixel
1f9e5b3fd0 feat: delete user with replace target 2020-05-30 16:34:09 -04:00
daneallen
20e6bc1a70
fix: Open Redirect Vulnerability Mitigation - CWE 601 (#1963)
* Open redirect vulnerabilty mitigation

* Refacted Open Redirect to user configurable and corrected incorrect security variable names.

Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
2020-05-29 18:24:20 -04:00
NGPixel
1222355046 feat: comments - default provider create (wip) + permissions 2020-05-26 22:56:24 -04:00
NGPixel
8205faca53 feat: use asar for twemoji assets 2020-05-24 18:02:05 -04:00
NGPixel
a0618ee4f6 feat: comments UI improvements 2020-05-23 18:49:10 -04:00
Regev Brody
8a1b5b1383
fix: S3 Export all trigger (#1922) 2020-05-22 13:20:47 -04:00
NGPixel
6b561623ee fix: incorrect migration name 2.4.14 2020-05-21 00:20:57 -04:00
NGPixel
df246af3bb fix: remove makefile + update nvmrc version 2020-05-21 00:20:57 -04:00
NGPixel
e1382771cf feat: extensions check + resolver 2020-05-21 00:20:57 -04:00
NGPixel
fb6c01c538 fix: legacy page view 2020-05-21 00:20:57 -04:00
NGPixel
887e8a0f5a feat: comments disqus + commento 2020-05-21 00:20:57 -04:00
NGPixel
f6bad765a2 feat: assets move + comments migration + admin users UI 2020-05-21 00:20:57 -04:00
NGPixel
1def5289af feat: admin comments page 2020-05-21 00:20:57 -04:00
Robert Lanyi
a581d9837a feat: add Kroki renderer (#1900)
* feat: Kroki integration

see https://kroki.io/

* fix: markdown-kroki def updates

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-05-17 18:41:29 -04:00
Simon Lichtinghagen
764d98fa1d
fix: use fullname from keycloak profile info with username as fallback (#1888) 2020-05-15 13:28:55 -04:00
kaziu687
66e725f426
fix: elasticsearch partial match (#1882)
Improved full text search in elastic provider
2020-05-13 19:32:28 -04:00
NGPixel
1a33a43a0d fix: use semver for latest version check 2020-05-11 00:09:10 -04:00
NGPixel
7508d92f92 feat: redirect editor UI (wip) 2020-05-10 18:43:45 -04:00
NGPixel
134f057bb8 feat: uploads config + security admin page 2020-05-10 15:55:28 -04:00
NGPixel
53da387082 feat: plantuml in markdown preview 2020-05-08 22:51:32 -04:00
NGPixel
cc9f022051 fix: nav external blank option 2020-05-08 18:48:07 -04:00
NGPixel
98bf0d9ccb fix: escape mustache template chars in content 2020-05-08 17:00:02 -04:00
NGPixel
2ff0e42c1d fix: add verifySSL option to mail settings 2020-05-08 14:35:57 -04:00
NGPixel
6a4b25bc28 fix: plantuml deflate raw 2020-05-08 14:15:19 -04:00
daneallen
4aa7828a92
fix: add rel option to external links in content (#1853)
* #1853: XSS attack fix by adding rel noferrer or rel noopen to _blank target external links

* fix: relAttributeExternalLink noopener

Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-05-07 16:45:11 -04:00
NGPixel
d2b99a2032 feat: timezone + dateFOrmat + appearance profile settings 2020-05-03 00:38:02 -04:00
NGPixel
c81ba5a503 fix: markdown footnotes id incorrectly stripped 2020-05-02 15:13:58 -04:00
NGPixel
281172a9f4 feat: mathjax markdown module 2020-04-29 22:32:03 -04:00
NGPixel
954262f517 fix: tabs renderer remove switchTab handler 2020-04-26 21:18:51 -04:00
NGPixel
5d43f6ada1 feat: content tabs 2020-04-26 21:04:08 -04:00
NGPixel
bbe64ef6b6 feat: static navigation menu option 2020-04-25 17:45:59 -04:00
NGPixel
b2931471c0 fix: remove ssh port param for git module 2020-04-25 14:04:14 -04:00
NGPixel
89debd57f7 fix: path chars check typo 2020-04-25 02:58:00 -04:00
NGPixel
7306fabdba fix: auto-trim trailing slash from paths + illegal chars check during move 2020-04-24 20:39:07 -04:00
NGPixel
566043ec43 fix: perform git move manually to prevent bad source 2020-04-24 20:30:08 -04:00
NGPixel
bade9430f2 fix: storage internalSchedule typo 2020-04-24 00:37:50 -04:00
NGPixel
d1dd1f195b fix: ldap allow disable cert check + icon 2020-04-24 00:29:49 -04:00
NGPixel
ec2d10c7f2 fix: trim and auto-remove trailing slash for Site URL in Admin General 2020-04-24 00:17:10 -04:00
NGPixel
7c59bfed08 fix: browse tree ancestors not converted in mariadb 2020-04-24 00:07:27 -04:00
GaliTW
ac11cd2cdd
fix: move page with wrong object key (#1757) 2020-04-22 11:08:46 -04:00
NGPixel
4308152a08 fix: uriencode git user/pass for http remote 2020-04-21 23:35:49 -04:00
NGPixel
dae64f00a0 fix: brute-knex refactor 2020-04-21 23:16:13 -04:00
NGPixel
2213ba2c81 fix: git custom ssh port not handled 2020-04-21 19:45:25 -04:00
NGPixel
02816b68d0 fix: db inline CA cert reconstruct 2020-04-20 22:00:59 -04:00
NGPixel
81732da709 fix: db inline CA cert mode 2020-04-20 18:47:06 -04:00
NGPixel
d651412d34 fix: pg db connection problem 2020-04-20 17:51:27 -04:00
NGPixel
cf81ad910d fix: HA reload group guest expiration 2020-04-19 22:47:02 -04:00
NGPixel
405187b8e0 fix: HA event publish 2020-04-19 22:47:02 -04:00
NGPixel
bd4263ecb2 feat: HA event handling + emitting 2020-04-19 22:47:02 -04:00
NGPixel
6a00a5dbce fix: git ssh port incorrect default value 2020-04-19 22:47:02 -04:00
NGPixel
7cd5721ca1 feat: handle event propagation via DB (HA) 2020-04-19 22:47:02 -04:00
NGPixel
8aba5305d8 feat: sidebar item permissions + admin nav edit 2020-04-18 18:33:22 -04:00
NGPixel
9a93ac28f2 feat: admin dashboard last logins 2020-04-18 18:33:22 -04:00
NGPixel
514d31a46d feat: hide sidebar option 2020-04-18 18:33:22 -04:00
NGPixel
a33691d642 fix: bypass users model when updating lastLoginAt 2020-04-18 18:33:22 -04:00
NGPixel
1c80faa94d feat: browse nav + pageTree ancestors 2020-04-18 18:33:22 -04:00
NGPixel
3ca72ccc1e feat: new nav UI (wip) 2020-04-18 18:33:22 -04:00
NGPixel
53ceea74f1 fix: skip telemetry if devmode 2020-04-17 17:14:02 -04:00
NGPixel
17f833509f fix: html sanitizer - whitelist start prop for ol tag 2020-04-17 13:09:08 -04:00
NGPixel
2ff3abe0d8 fix: html sanitizer - whitelist i tag 2020-04-17 13:04:56 -04:00
NGPixel
71be4660bf fix: use new telemetry endpoint 2020-04-16 20:39:14 -04:00
NGPixel
76ade8df53 feat: link autocomplete + insert link modal (markdown) 2020-04-11 00:19:23 -04:00
NGPixel
245104c6ae fix: mssql + older mariadb migration 2.2.17 failure 2020-04-10 16:06:43 -04:00
NGPixel
77548c8778 fix: tags input normalization 2020-04-09 21:56:24 -04:00
NGPixel
d959ef7e5c feat: profile - pages 2020-04-05 23:49:26 -04:00
NGPixel
80ee45ae4f feat: admin edit user - activity panel 2020-04-05 23:49:26 -04:00
NGPixel
1e4d513252 feat: user profile page - save info + change pwd 2020-04-05 23:49:26 -04:00
NGPixel
c7f3c9d908 feat: user profile fetch info + groups 2020-04-05 23:49:26 -04:00
NGPixel
5229390d87 fix: plantuml default markers 2020-03-29 21:14:44 -04:00
NGPixel
5f382f21cf fix: enable mermaid by default 2020-03-29 20:59:35 -04:00
NGPixel
1d16a3fc71 feat: mermaid support for markdown 2020-03-29 20:54:39 -04:00
NGPixel
44a0f69a78 feat: katex chemical equations support 2020-03-29 17:06:32 -04:00
NGPixel
3613c73008 fix: mysql 2.2.50 failed migration 2020-03-29 13:42:55 -04:00
NGPixel
f5fa2ad468 fix: sqlite pageHistory migration update query 2020-03-28 17:26:14 -04:00
NGPixel
58b08e54b4 fix: missing footnote module in markdown editor preview 2020-03-28 14:28:08 -04:00
NGPixel
4b0e3d1c43 feat: save conflict resolution 2020-03-21 19:18:08 -04:00
NGPixel
bacbe4f543 fix: whitelist task list checkboxes 2020-03-21 12:49:25 -04:00
NGPixel
b529ad21c9 fix: code blocks incorrect escaping + deps update 2020-03-20 23:23:13 -04:00
NGPixel
2810f7b5af feat: use local assets for twemoji 2020-03-15 22:34:42 -04:00
NGPixel
fcd37afdb0 fix: drop userKeys on user delete 2020-03-15 12:06:45 -04:00
Lucas
a5297f8c6e
feat: option to restrict Discord auth to a specific server (#1548)
* Optionally restrict discord authentication to members of a specific server

* fix: discord auth module code linting

Co-authored-by: Lucas Neves <lneves@modusgames.com>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-03-07 17:59:10 -05:00
gh0stalker
a6dd93746e
fix: resolve Twitch OAuth API (#1561) 2020-03-07 17:57:09 -05:00
gh0stalker
741208911b
fix: postgres 2.2.17 migration missing quotes (#1562) 2020-03-07 17:56:21 -05:00
Lukas Frischknecht
ee0eb55522
fix: update docker configuration file location (#1570) 2020-03-07 17:55:52 -05:00
NGPixel
830f51664c feat: katex in markdown preview + xss fix for svg 2020-03-06 14:31:05 -05:00
NGPixel
4398573645 feat: save conflict check polling 2020-03-02 00:43:19 -05:00
NGPixel
13a995133b feat: branch off / create from template 2020-03-01 18:25:43 -05:00
NGPixel
e85de92715 feat: restore page version 2020-03-01 18:25:43 -05:00
NGPixel
e50dc89519 feat: view version of page source 2020-03-01 18:25:43 -05:00
NGPixel
2ac9131244 feat: page history - download version 2020-03-01 18:25:43 -05:00
NGPixel
95f01cdeb8 feat: history version diff 2020-03-01 18:25:43 -05:00
Nicolas Giard
fba9e0058f
fix: allow figcaption in xss module 2020-02-27 01:17:24 -05:00
NGPixel
df933f5dc4 fix: reject API tokens if API is disabled 2020-02-23 15:30:40 -05:00
NGPixel
f7c0daec9a feat: content license notice option 2020-02-23 15:20:55 -05:00
NGPixel
c5a22f6d13 fix: editor - show save button as saved when no modif 2020-02-23 12:49:34 -05:00
NGPixel
2d06a1d9df fix: set open external link in new tab as an option 2020-02-22 20:21:26 -05:00
Lukáš Hrdlička
fc79d92423
feat: open external link in new tab (#1453) 2020-02-22 20:15:41 -05:00
Nicolas Giard
f72cf664eb
feat: manage / create API keys (#1516)
* fix: admin api UI update

* feat: admin api - create dialog UI

* feat: admin api - create + list keys

* feat: admin api localization (wip)

* feat: admin api localization

* feat: admin api - toggle state

* feat: process API keys + format gql request errors to json
2020-02-22 17:38:06 -05:00
alancnet
de4d407fdc
fix: apply json size limit to graphql (#1480) 2020-02-15 22:35:53 -05:00
NGPixel
ea5027cb2e fix: admin tags - persist close confirm dialog state 2020-02-14 21:50:17 -05:00
NGPixel
56235c6354 fix: setup incorrectly starting HTTPS server 2020-02-14 15:47:19 -05:00
NGPixel
09554c8528 fix: add missing html tags to whitelist 2020-02-09 22:54:14 -05:00
Nicolas Giard
5c20f585a4
feat: admin tags (#1452) 2020-02-09 00:49:32 -05:00
NGPixel
90fbc62917 fix: kbd xss whitelist 2020-02-08 16:11:35 -05:00
NGPixel
1b4d8142f3 fix: code linting auth.js 2020-02-07 22:02:33 -05:00
NGPixel
ff5acba358 fix: redirect to previous path after login 2020-02-07 14:51:11 -05:00
NGPixel
1fc786e2ed fix: redirect home to login only if guest 2020-02-07 14:32:45 -05:00
BobbyB
7d23344c7a
fix: page rules role check (#1447)
* Check rule.roles against permissions

* Added Role Check to EXACT matching

* Code Review Fixes
2020-02-07 14:26:13 -05:00
NGPixel
e68932aa40 feat: purge local repo action for git module 2020-02-03 23:39:00 -05:00
wallrick
b1c7edac90
feat: add ssh port override option for git module (#1432)
* Adding an override for the ssh port

* fix: git module - ssh custom port

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-02-02 23:21:14 -05:00
NGPixel
f4e3fd0954 feat: tags autocomplete in page properties 2020-02-02 16:24:27 -05:00
NGPixel
9f16d3e3fa fix: code linting 2020-01-31 22:41:14 -05:00
NGPixel
ad3a6e15f9 fix: rtl list bullet symbol 2020-01-31 22:34:38 -05:00
NGPixel
1914d40574 fix: set rtl correctly if default lang is non-rtl 2020-01-31 22:29:40 -05:00
BobbyB
b82c788e5c
feat: add Page Rules For Matching Tags (#1418)
* Added Page Rules For Matching Tags

* fix: use T as Tag Match icon

* fix: reorder page rules in checkAccess

* fix: common controller tags code refactor

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-01-31 16:57:35 -05:00
NGPixel
22fa5c9b23 fix: handle migrations .js naming 2020-01-26 21:04:38 -05:00
NGPixel
4dc7e05373 fix: migration for pageHistory content column type 2020-01-26 20:57:30 -05:00
NGPixel
95e79a7316 fix: auto beautify css injection in admin 2020-01-26 15:31:24 -05:00
NGPixel
da86d8ccf7 fix: objection.js 2.0 compat fixes 2020-01-26 13:11:33 -05:00
NGPixel
8f5265622f fix: objection.js 2.0 compat fixes 2020-01-25 23:29:46 -05:00
NGPixel
3e991fa590 misc: dev mode warning on setup 2020-01-25 23:12:57 -05:00
NGPixel
988ba3f616 fix: objection 2 changes 2020-01-24 19:21:17 -05:00
NGPixel
ae53484abd feat: admin ssl - renew cert + toggle redirection btn 2020-01-19 21:30:25 -05:00
NGPixel
91e897ccd9 fix: admin contribute list + source permission 2020-01-18 15:19:03 -05:00
NGPixel
b18dd29fa0 feat: browse page by ID 2020-01-14 22:21:43 -05:00
NGPixel
1b749e7bf2 fix: letsencrypt maintainerEmail 2020-01-12 13:23:01 -05:00
NGPixel
c6933a2d20 feat: let's encrypt 2020-01-11 22:33:27 -05:00
alancnet
73da73a595 fix: allow highlight color (#1365) 2020-01-10 19:48:16 -05:00
NGPixel
0d6562cca4 feat: admin utilities - rerender all pages 2020-01-05 17:40:28 -05:00
NGPixel
6920a35d80 feat: visualize pages (dendograms) 2020-01-05 15:04:16 -05:00
NGPixel
4698afdaeb fix: truncate pictureUrl if too long (#1311) 2020-01-03 16:35:50 -05:00
NGPixel
0755c538ed fix: html rendering order param + decodeEntities 2020-01-03 01:07:29 -05:00
NGPixel
edd11cd73f feat: make relative links root absolute option 2020-01-02 20:30:48 -05:00
NGPixel
661b6044fa feat: verify + activate + deactivate user from admin 2020-01-02 14:19:27 -05:00
NGPixel
82376c19b9 fix: render system link detection resets on each find 2020-01-02 13:33:27 -05:00
Scott Simontis
bb03aed1c8 fix: exclude tel: links from parsing #1318 (#1344)
Telephone links will no longer be incorrectly parsed as web links.

Signed-off-by: Scott Simontis <yo@scottsimontis.io>
2019-12-31 14:41:05 -05:00
NGPixel
3092615c5e fix: improve db error reporting for pg 2019-12-30 16:45:25 -05:00
NGPixel
f1725159f7 feat: accept db ssl config 2019-12-30 16:18:30 -05:00
NGPixel
0d6676c19b feat: SFTP storage module + sensitive field option 2019-12-25 01:47:19 -05:00
NGPixel
4a2f1d045b feat: azure blob storage provider + s3 rename fix 2019-12-23 00:12:19 -05:00
NGPixel
f09f1f4f1e feat: delete a user 2019-12-22 16:08:18 -05:00
NGPixel
3b347f262c feat: save rendering configuration 2019-12-21 16:41:03 -05:00
alancnet
a257831c6c fix: rebuild-tree exceeds mssql parameter limit (#1328)
* fix: rebuild-tree exceeds mssql's parameter limit

* docs: details per query max parameters limits

Co-authored-by: Nicolas Giard <github@ngpixel.com>
2019-12-19 16:48:05 -05:00
alancnet
a457e82b16 fix: getPagePath would include a trailing (#1323) (#1324)
This excludes the trailing slash from the locale code.
2019-12-19 16:07:06 -05:00
NGPixel
aa5368b2a1 feat: katex + admin SSL UI (wip) + dev warning 2019-12-18 23:45:33 -05:00
Artem S Vybornov
243840c5eb fix: postgres engine to query using configured locale (#1269)
* fix: Postgres Engine to query using right locale
* fix: postgres search dictLanguage parameter binding
2019-12-15 17:52:42 -05:00
NGPixel
278cd7173d feat: rendering security module 2019-12-11 23:36:19 -05:00
NGPixel
5d7509acdf feat: api docs editor (wip) + deps update 2019-12-01 22:45:37 -05:00