Merge branch 'master' into feature/disableRequestedAuthnContext-config-option

Author: jackycute

.travis.yml

@@ -8,12 +8,6 @@ env:
 
 jobs:
   include:
-    - env: task=npm-test
-      node_js:
-        - 6
-      before_install:
-        - curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version "$YARN_VERSION"
-        - export PATH="$HOME/.yarn/bin:$PATH"
     - env: task=npm-test
       node_js:
         - 8

README.md

@@ -113,7 +113,7 @@ if (config.csp.enable) {
 }
 
 i18n.configure({
-  locales: ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id'],
+  locales: ['en', 'zh-CN', 'zh-TW', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da', 'ko', 'id', 'sr'],
   cookie: 'locale',
   directory: path.join(__dirname, '/locales'),
   updateFiles: config.updateI18nFiles

app.js

@@ -6,7 +6,7 @@
         "Markdown",
         "Notes"
     ],
-    "website": "https://hackmd.io",
+    "website": "https://github.com/hackmdio/codimd",
     "repository": "https://github.com/hackmdio/codimd",
     "logo": "https://github.com/hackmdio/codimd/raw/master/public/codimd-icon-1024.png",
     "success_url": "/",

app.json

@@ -1,119 +1,117 @@
 #!/usr/bin/env node
 
 // First configure the logger so it does not spam the console
-const logger = require("../lib/logger");
-logger.transports.console.level = "warning";
+const logger = require('../lib/logger')
+logger.transports.forEach((transport) => {
+  transport.level = 'warning'
+})
 
-const models = require("../lib/models/");
-const readline = require("readline-sync");
-const minimist = require("minimist");
+const models = require('../lib/models/')
+const readline = require('readline-sync')
+const minimist = require('minimist')
 
-function showUsage(tips) {
-	console.log(`${tips}
+function showUsage (tips) {
+  console.log(`${tips}
 
 Command-line utility to create users for email-signin.
-
 Usage: bin/manage_users [--pass password] (--add | --del) user-email
-	Options:
-		--add 	Add user with the specified user-email
-		--del 	Delete user with specified user-email
-		--reset Reset user password with specified user-email
-		--pass	Use password from cmdline rather than prompting
-`);
-	process.exit(1);
+  Options:
+    --add\tAdd user with the specified user-email
+    --del\tDelete user with specified user-email
+    --reset\tReset user password with specified user-email
+    --pass\tUse password from cmdline rather than prompting
+`)
+  process.exit(1)
 }
 
-function getPass(argv, action) {
-	// Find whether we use cmdline or prompt password
-	if(typeof argv["pass"] !== 'string') {
-		return readline.question(`Password for ${argv[action]}:`, {hideEchoBack: true});
-	}
-	console.log("Using password from commandline...");
-	return argv["pass"];
+function getPass (argv, action) {
+  // Find whether we use cmdline or prompt password
+  if (typeof argv['pass'] !== 'string') {
+    return readline.question(`Password for ${argv[action]}:`, { hideEchoBack: true })
+  }
+  console.log('Using password from commandline...')
+  return argv['pass']
 }
 
 // Using an async function to be able to use await inside
-async function createUser(argv) {
-	const existing_user = await models.User.findOne({where: {email: argv["add"]}});
-	// Cannot create already-existing users
-	if(existing_user != undefined) {
-		console.log(`User with e-mail ${existing_user.email} already exists! Aborting ...`);
-		process.exit(1);
-	}
-
-	const pass = getPass(argv, "add");
-
-
-	// Lets try to create, and check success
-	const ref = await models.User.create({email: argv["add"], password: pass});
-	if(ref == undefined) {
-		console.log(`Could not create user with email ${argv["add"]}`);
-		process.exit(1);
-	} else
-		console.log(`Created user with email ${argv["add"]}`);
+async function createUser (argv) {
+  const existingUser = await models.User.findOne({ where: { email: argv['add'] } })
+  // Cannot create already-existing users
+  if (existingUser !== undefined) {
+    console.log(`User with e-mail ${existingUser.email} already exists! Aborting ...`)
+    process.exit(1)
+  }
+
+  const pass = getPass(argv, 'add')
+
+  // Lets try to create, and check success
+  const ref = await models.User.create({ email: argv['add'], password: pass })
+  if (ref === undefined) {
+    console.log(`Could not create user with email ${argv['add']}`)
+    process.exit(1)
+  } else { console.log(`Created user with email ${argv['add']}`) }
 }
 
 // Using an async function to be able to use await inside
-async function deleteUser(argv) {
-	// Cannot delete non-existing users
-	const existing_user = await models.User.findOne({where: {email: argv["del"]}});
-	if(existing_user === undefined) {
-		console.log(`User with e-mail ${argv["del"]} does not exist, cannot delete`);
-		process.exit(1);
-	}
-
-	// Sadly .destroy() does not return any success value with all
-	// backends. See sequelize #4124
-	await existing_user.destroy();
-	console.log(`Deleted user ${argv["del"]} ...`);
+async function deleteUser (argv) {
+  // Cannot delete non-existing users
+  const existingUser = await models.User.findOne({ where: { email: argv['del'] } })
+  if (existingUser === undefined) {
+    console.log(`User with e-mail ${argv['del']} does not exist, cannot delete`)
+    process.exit(1)
+  }
+
+  // Sadly .destroy() does not return any success value with all
+  // backends. See sequelize #4124
+  await existingUser.destroy()
+  console.log(`Deleted user ${argv['del']} ...`)
 }
 
-
 // Using an async function to be able to use await inside
-async function resetUser(argv) {
-	const existing_user = await models.User.findOne({where: {email: argv["reset"]}});
-	// Cannot reset non-existing users
-	if(existing_user == undefined) {
-		console.log(`User with e-mail ${argv["reset"]} does not exist, cannot reset`);
-		process.exit(1);
-	}
-
-	const pass = getPass(argv, "reset");
-
-	// set password and save
-	existing_user.password = pass;
-	await existing_user.save();
-	console.log(`User with email ${argv["reset"]} password has been reset`);
+async function resetUser (argv) {
+  const existingUser = await models.User.findOne({ where: { email: argv['reset'] } })
+  // Cannot reset non-existing users
+  if (existingUser === undefined) {
+    console.log(`User with e-mail ${argv['reset']} does not exist, cannot reset`)
+    process.exit(1)
+  }
+
+  const pass = getPass(argv, 'reset')
+
+  // set password and save
+  existingUser.password = pass
+  await existingUser.save()
+  console.log(`User with email ${argv['reset']} password has been reset`)
 }
 
 const options = {
-	add: createUser,
-	del: deleteUser,
-	reset: resetUser,
-};
+  add: createUser,
+  del: deleteUser,
+  reset: resetUser
+}
 
 // Perform commandline-parsing
-const argv = minimist(process.argv.slice(2));
+const argv = minimist(process.argv.slice(2))
 
-const keys = Object.keys(options);
-const opts = keys.filter((key) => argv[key] !== undefined);
-const action = opts[0];
+const keys = Object.keys(options)
+const opts = keys.filter((key) => argv[key] !== undefined)
+const action = opts[0]
 
 // Check for options missing
 if (opts.length === 0) {
-	showUsage(`You did not specify either ${keys.map((key) => `--${key}`).join(' or ')}!`);
+  showUsage(`You did not specify either ${keys.map((key) => `--${key}`).join(' or ')}!`)
 }
 
 // Check if both are specified
 if (opts.length > 1) {
-	showUsage(`You cannot ${action.join(' and ')} at the same time!`);
+  showUsage(`You cannot ${action.join(' and ')} at the same time!`)
 }
 // Check if not string
 if (typeof argv[action] !== 'string') {
-	showUsage(`You must follow an email after --${action}`);
+  showUsage(`You must follow an email after --${action}`)
 }
 
 // Call respective processing functions
-options[action](argv).then(function() {
-  process.exit(0);
-});
+options[action](argv).then(function () {
+  process.exit(0)
+})

bin/manage_users

@@ -20,7 +20,7 @@
         "loglevel": "info",
         "hsts": {
             "enable": true,
-            "maxAgeSeconds": "31536000",
+            "maxAgeSeconds": 31536000,
             "includeSubdomains": true,
             "preload": true
         },

config.json.example

@@ -5,9 +5,9 @@ Authentication guide - SAML
 
 The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below.
 
-* If your IdP accepts metadata XML of the service provider to ease configuraion, use this url to download metadata XML.
+* If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML.
     * {{your-serverurl}}/auth/saml/metadata
-    * _Note: If not accessable from IdP, download to local once and upload to IdP._
+    * _Note: If not accessible from IdP, download to local once and upload to IdP._
 * Change the value of `issuer`, `identifierFormat` to match your IdP.
   * `issuer`: A unique id to identify the application to the IdP, which is the base URL of your HackMD as default
   * `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below.
@@ -59,7 +59,7 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O
     HMD_SAML_ATTRIBUTE_EMAIL=mail
     ````
 
-* If you want to controll permission by group membership, add group attribute name and required group (allowed) or external group (not allowed).
+* If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed).
   * `groupAttribute`: An attribute name of group membership
   * `requiredGroups`: Group names array for allowed access to HackMD. Use vertical bar to separate for environment variables.
   * `externalGroups`: Group names array for not allowed access to HackMD. Use vertical bar to separate for environment variables.

docs/guides/auth/saml.md

@@ -56,6 +56,8 @@ module.exports = {
   // socket.io
   heartbeatInterval: 5000,
   heartbeatTimeout: 10000,
+  // toobusy-js
+  responseMaxLag: 70,
   // document
   documentMaxLength: 100000,
   // image upload setting, available options are imgur/s3/filesystem/azure
@@ -66,7 +68,8 @@ module.exports = {
   s3: {
     accessKeyId: undefined,
     secretAccessKey: undefined,
-    region: undefined
+    region: undefined,
+    endpoint: undefined
   },
   minio: {
     accessKey: undefined,
@@ -152,5 +155,5 @@ module.exports = {
   allowEmailRegister: true,
   allowGravatar: true,
   allowPDFExport: true,
-  openID: true
+  openID: false
 }

lib/config/default.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils')
+const { toBooleanConfig, toArrayConfig, toIntegerConfig } = require('./utils')
 
 module.exports = {
   sourceURL: process.env.CMD_SOURCE_URL,
@@ -14,7 +14,7 @@ module.exports = {
   useSSL: toBooleanConfig(process.env.CMD_USESSL),
   hsts: {
     enable: toBooleanConfig(process.env.CMD_HSTS_ENABLE),
-    maxAgeSeconds: process.env.CMD_HSTS_MAX_AGE,
+    maxAgeSeconds: toIntegerConfig(process.env.CMD_HSTS_MAX_AGE),
     includeSubdomains: toBooleanConfig(process.env.CMD_HSTS_INCLUDE_SUBDOMAINS),
     preload: toBooleanConfig(process.env.CMD_HSTS_PRELOAD)
   },
@@ -33,14 +33,16 @@ module.exports = {
   dbURL: process.env.CMD_DB_URL,
   sessionSecret: process.env.CMD_SESSION_SECRET,
   sessionLife: toIntegerConfig(process.env.CMD_SESSION_LIFE),
+  responseMaxLag: toIntegerConfig(process.env.CMD_RESPONSE_MAX_LAG),
   imageUploadType: process.env.CMD_IMAGE_UPLOAD_TYPE,
   imgur: {
     clientID: process.env.CMD_IMGUR_CLIENTID
   },
   s3: {
     accessKeyId: process.env.CMD_S3_ACCESS_KEY_ID,
     secretAccessKey: process.env.CMD_S3_SECRET_ACCESS_KEY,
-    region: process.env.CMD_S3_REGION
+    region: process.env.CMD_S3_REGION,
+    endpoint: process.env.CMD_S3_ENDPOINT
   },
   minio: {
     accessKey: process.env.CMD_MINIO_ACCESS_KEY,

lib/config/environment.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const {toBooleanConfig, toArrayConfig, toIntegerConfig} = require('./utils')
+const { toBooleanConfig, toArrayConfig, toIntegerConfig } = require('./utils')
 
 module.exports = {
   domain: process.env.HMD_DOMAIN,
@@ -10,7 +10,7 @@ module.exports = {
   useSSL: toBooleanConfig(process.env.HMD_USESSL),
   hsts: {
     enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
-    maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE,
+    maxAgeSeconds: toIntegerConfig(process.env.HMD_HSTS_MAX_AGE),
     includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
     preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
   },
@@ -28,6 +28,7 @@ module.exports = {
   dbURL: process.env.HMD_DB_URL,
   sessionSecret: process.env.HMD_SESSION_SECRET,
   sessionLife: toIntegerConfig(process.env.HMD_SESSION_LIFE),
+  responseMaxLag: toIntegerConfig(process.env.HMD_RESPONSE_MAX_LAG),
   imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE,
   imgur: {
     clientID: process.env.HMD_IMGUR_CLIENTID