2bb431e7e5
express-session: Implement and enable key rotation ( #5362 ) by @rhansen
...
* SecretRotator: New class to coordinate key rotation
* express-session: Enable key rotation
* Added new entry in docker.adoc
* Move to own package.Removed fallback as Node 16 is now lowest node version.
* Updated package-lock.json
---------
Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
2023-07-03 22:58:49 +02:00
cfa9ea68f5
Added changelog.
2023-06-26 20:35:58 +02:00
1e98033632
Security: Fix revision parsing ( #5772 )
...
A carefully crated URL can cause Etherpad to hang.
2023-06-26 18:17:06 +01:00
1d0d109821
Updated changelog
2023-06-20 16:26:02 +02:00
22a9b81cf0
add changelog entry for node v14 requirement
2022-09-24 22:58:32 +02:00
7e4931cf25
Windows build: Switch to 64-bit Node.js executable
2022-05-14 18:25:29 -04:00
2d56838792
Windows build: Upgrade bundled Node.js to v16
2022-05-14 18:25:29 -04:00
2facf3a0c5
ExportEtherpad: New `importEtherpad`, `exportEtherpad` hooks
2022-05-06 02:54:34 -04:00
44fd70491d
ImportEtherpad: Batch database writes
2022-05-05 20:49:52 -04:00
6a183db850
ExportEtherpad: Parallelize record reads
2022-05-05 19:33:21 -04:00
88c0ab8255
ExportEtherpad: Support custom subkeys
2022-05-05 19:33:21 -04:00
b82ccb76df
Merge branch 'master' into develop
2022-05-05 18:53:03 -04:00
f22fb13d89
deps: Bump ueberdb2 to 2.2.4
2022-05-05 05:18:53 -04:00
096379e6f9
Pad: Limit DB concurrency when copying a pad
2022-04-16 00:03:00 -04:00
ff494563d9
Pad: Call `padCreate`, `padUpdate` hooks asynchronously
2022-04-15 23:52:16 -04:00
07146591dd
Pad: Run `padLoad` hook asynchronously
2022-04-08 22:04:00 -04:00
b38d66b30b
Pad: Move `padLoad` hook to `Pad.init()`
2022-04-08 22:04:00 -04:00
f9610452cf
Pad: New `padCheck` hook
2022-04-08 21:52:11 -04:00
a2460a9848
Pad: New `padRemove` hook `pad` context property
2022-04-08 21:52:11 -04:00
8fe779b58c
Pad: New `padCopy` hook `dstPad` context property
2022-04-08 21:52:11 -04:00
9cdb69c159
Pad: Rename `originalPad` context property to `srcPad`
2022-04-08 21:52:11 -04:00
59d60480c0
Pad: Expose pad-specific database object
...
This will make it possible for plugins to add/change/delete custom
pad-specific records.
2022-04-08 21:52:11 -04:00
ae092edf0c
AuthorManager: New `getAuthorId` hook
2022-03-16 06:10:28 -04:00
32c82917e3
Merge branch 'master' into develop
2022-02-23 17:25:38 -05:00
d97537d18b
Release v1.8.17
2022-02-23 17:03:34 -05:00
ba370b0e05
PadMessageHandler: Don't trust user-provided `padId`
2022-02-23 16:11:21 -05:00
bdbde88fed
PadMessageHandler: Fix `USER_CHANGES` queue identifier
...
`message.padId` is normally undefined for `USER_CHANGES` messages.
2022-02-23 16:11:16 -05:00
c59cbb537a
Bump version
2022-02-23 16:10:47 -05:00
1513932ca1
plugins: Give each plugin a plugin-specific logger object
...
This makes it possible for plugins to stop assuming that log4js is
available at `ep_etherpad-lite/node_modules/log4js`.
2022-02-21 15:13:57 -05:00
2e0e872ae3
Pad: New `padDefaultContent` hook
2022-02-19 14:55:43 -05:00
aa286b7dbd
API: Add optional `authorId` param to mutation functions
2022-02-19 14:55:42 -05:00
aec512d1fa
Pad: Rename `author` context properties to `authorId`
2022-02-19 14:55:42 -05:00
2512593d4b
docs: Group HTTP API changes
2022-02-19 14:25:51 -05:00
1e604add99
deps: Require Node.js 12.17.0 or later
...
This makes it possible to use dynamic `import()`.
2022-01-27 01:27:10 -05:00
692749d1cf
express-session: Extend session lifetime if user is active
2022-01-17 21:45:56 -05:00
023e58cfe6
express-session: Set a finite cookie lifetime
2022-01-17 21:45:56 -05:00
ec10700dff
express-session: Don't save uninitialized sessions
...
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
2022-01-17 21:45:56 -05:00
945e6848e2
SessionStore: Delete DB record when session expires
...
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
2022-01-17 21:45:56 -05:00
02a56dc58c
PadMessageHandler: Allow `handleMessageSecurity` to grant one-time write access
2021-12-21 17:23:56 -05:00
31b025bd9d
PadMessageHandler: Pass session info to `handleMessageSecurity` hook
2021-12-21 17:23:56 -05:00
1b52c9f0c4
PadMessageHandler: Deprecate `client` context property
2021-12-21 17:23:56 -05:00
f1856cf95a
Docker: Use new `/health` endpoint for HEALTHCHECK
2021-12-21 17:19:56 -05:00
696f9c3367
specialpages: New `/health` endpoint for health checking
...
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
2021-12-21 17:19:56 -05:00
649fbdccf5
express: Move static handlers to `expressPreSession`
...
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
2021-12-20 20:08:19 -05:00
72f4ae444d
express: New `expressPreSession` server-side hook
2021-12-20 20:08:19 -05:00
8b73f2ee70
padurlsanitize: Don't crash if `sanitizePadId()` throws
...
Let Express send a 500 status code to the user instead.
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:47:01 -05:00
d94f380141
API: Fix race conditions in `setText`, `appendText`, `restoreRevision`
2021-12-14 01:02:00 -05:00
4d457f6296
ImportHandler: Pass `ImportError` to `import` hook
2021-12-10 02:34:13 -05:00
6cca27dea6
API: `getText` with old revision should only return text, not atext
...
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-05 18:50:39 -05:00
99fae2ec6e
pad: Fix application of `padOptions` values from `settings.json`
2021-12-04 23:06:17 -05:00
Richard Hansen
SamTV12345
John McLear
webzwo0i