libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
6186 commits 2 branches 0 tags 24 MiB
Commit graph

269 commits

Author SHA1 Message Date
John McLear
50bbcb87bb
Merge pull request #4 from nashe/jsonp_fix 
Added a jsonp var checker
 2018-04-03 10:29:52 +01:00
John McLear
8767410a36
be more strict on password check 2018-03-23 19:21:52 +00:00
Peter 'Pita' Martischka
dd7894d3c9 Added a jsonp var checker 2018-03-23 11:17:39 +00:00
Man Yue Mo
a2992b3624 fix jsonp checking. 2018-02-07 08:43:07 +00:00
Stefan
b292e137ed Added missing require for is-var-name 2018-02-03 12:33:33 +01:00
Robert Helmer
f56936c936 better sanitize jsonp 2018-01-30 12:52:19 -08:00
Avery Pennarun
e0582797f2 Call authentication hooks before default basic authentication. 
This allows authenticators to do any extra session setup for a given user,
even if their username/password happens to match settings.json.
 2017-12-31 12:32:50 +00:00
Rainer Rillke
f12debd5c7 Catch SIGTERM for graceful shutdown (#3266) 
Shut down database connection and exit the node process
when SIGTERM is encountered. This is especially important
when nodejs is run as PID1, e.g. in a docker container.

Shutting down connections to clients (browsers) is beyond
this patche's scope.

Resolves #3265
 2017-11-04 19:59:19 -02:00
Luiza Pagliari
cf686282ef Do not use cookie for pad shortcuts 
Users still cannot choose which shortcuts they want to enable/disable,
so it does not make sense (yet) to have a cookie with that preference.

This can be reverted once we create an UI to change shortcuts, but
PLEASE PLEASE PLEASE do not read the cookie every time handleKeyEvent is
called!!!

This is an adjustment to #2891.
 2017-05-11 12:26:14 -03:00
Luiza Pagliari
1ebcf0dc47 Merge pull request #2891 from bhldev/padShortcutDisable 
Added pad shortcut disabling feature to settings.json
 2017-05-11 11:29:25 -03:00
Sjoerd Langkemper
21a6e66e25 Remove deprecated comment 
The session key is currently stored in SESSIONKEY.txt, so it is no longer reset
every time the server starts.
 2017-01-26 09:59:09 +01:00
noerw
cc69e76200 redirect /admin properly (fix #3114) 2017-01-06 18:19:38 +01:00
Stefan
aefa617797 Merge branch 'develop' into improve_cookies 2016-12-20 21:31:11 +01:00
Nobody Really
97fd1ab2fe Added LibreJS support 2016-09-20 09:30:35 +02:00
Dan Bornstein
879ae7c67d Remove the noDocType argument, which was only ever passed as false. 2016-09-08 09:41:23 -07:00
Stefan
009b61b338 Make express-session cookie scheme dependent 2016-07-10 12:44:45 +02:00
Stefan
4ea9c4f98d Add secure flag to express-session cookies 2016-06-08 21:15:26 +02:00
LokeshN
a8d5dc0693 Issue #2960 - deactivate settings.json 
Deactivate settings.json in Admin dashboard
 2016-05-22 21:12:21 +05:30
Brian Lim
26aeb7b705 Added pad shortcut disabling feature 2016-01-21 07:38:41 -05:00
Brian Lim
295672f598 Set language cookie on initial load 2016-01-17 21:44:03 -05:00
Chris Birk
d6033de0da Use new exportAvailable() check to include check for SOffice along with Abiword in importexport hook 2015-12-18 00:14:13 -06:00
Stefan
f6cebdad98 Fix decode error if pad name contains special characters and is sanitized 2015-10-08 20:46:15 +02:00
John McLear
818408cf49 other bits required for read only 2015-05-19 16:57:53 +01:00
Simon Gaeremynck
5a7750781b Use the cookie parser middleware 2015-05-07 18:35:21 +01:00
Tom Hunkapiller
133188320a fix: only match /javascript/* for caching middleware 2015-04-11 09:54:40 -05:00
Tom Hunkapiller
2e4374c08d clearer comments about the path handling behavior 2015-04-10 20:19:26 -05:00
Tom Hunkapiller
3ebb19d8a2 fix an issue in the path handling that allowed directory traversal 2015-04-10 20:03:00 -05:00
John McLear
402e53d88e Merge pull request #2584 from devoidfury/express4 
Express 4 support
 2015-04-11 00:13:45 +01:00
Stefan
db5bdc8719 Log version number and git-sha on server start 2015-04-11 00:13:04 +02:00
Stefan
8e4c961207 Add version number to plugins-info page 2015-04-10 23:52:17 +02:00
Tom Hunkapiller
fd1d285a77 fix the rest of the deprecation warnings 2015-04-10 14:18:30 -05:00
Tom Hunkapiller
de67714cf8 fix minify route path; update deprecated calls 2015-04-10 05:52:58 -05:00
Tom Hunkapiller
d0b39c01fb update for express 4.x 2015-04-08 23:12:11 -05:00
John McLear
c705a058fb Merge branch 'feature/append-chat-api' of github.com:derosm2/etherpad-lite into append-chat-api 2015-04-01 13:32:07 +01:00
John McLear
ec6a2b5ba9 allow for load testing connections to hit by a setting 2015-02-16 23:02:19 +00:00
John McLear
ddc69831b2 working, need to test though 2015-02-11 17:59:05 +00:00
Mike DeRosa
4c6bd37286 Adding api call for appending a chat message. 2015-02-09 00:18:12 -05:00
John McLear
aca745ddf6 tell installer if old etherpad needs updating during plugin install 2015-01-25 02:44:10 +00:00
John McLear
689ced8443 and this one.. 2015-01-18 20:15:17 +00:00
John McLear
036b7d2890 Merge pull request #2418 from ether/etherpad-export-and-import 
Full Pad portability (Export/Import)
 2014-12-31 13:32:09 +00:00
webzwo0i
b0da214ad5 hack to avoid warnings in swagger usage 2014-12-30 18:06:41 +01:00
John McLear
3773b6346b semi working requires browser refresh 2014-12-29 20:57:58 +01:00
John McLear
c4959b089f resolve merge conflict 2014-12-29 01:54:44 +01:00
John McLear
ae22332f71 removing dokuwiki 2014-12-27 14:08:45 +01:00
webzwo0i
b204aa2085 remove more dead requires. 2014-12-16 19:10:01 +01:00
luto
5c3874c0a1 really recreate socketio-client in expressCreateServer, fixes #2342 
When using plugins, the express server gets restarted. When we do that,
the socketio-server should also get restarted. It doesn't. That means
that all the events in SocketIORouter.js are bound twice, which causes
chaos all over etherpad.

This changes our socketio.js so it fully recreates the io-instance when
we restart the server.

introduced in 95e7b0f156, but catching
that would have been hard.
 2014-11-25 22:38:22 +01:00
John McLear
73bcbbcb89 final commit 2014-11-23 14:15:03 +00:00
John McLear
ae7da122d7 fix session management 2014-11-23 14:14:01 +00:00
John McLear
3e8f3cd938 hrm I dont trust this security 2014-11-18 14:56:40 +00:00
John McLear
ff603d7b58 stability restored now to handle the auth issues 2014-11-18 14:12:02 +00:00
John McLear
020b636b1f template of a semi-fix 2014-11-18 14:08:44 +00:00
John McLear
9fa77cdea2 working handling of setting client ip and anonymizing etc 2014-11-04 23:25:18 +00:00
John McLear
95e7b0f156 transports 2014-11-04 19:11:06 +00:00
John McLear
5d0ccb5f8f auth fix 2014-11-04 18:17:39 +00:00
John McLear
2c801cc558 no errors but no connections 2014-11-01 22:36:19 +00:00
John McLear
a67e805da0 basics, still not working 2014-11-01 21:25:49 +00:00
Marcel Klehr
6054cda473 Create a customizable timeslider toolbar 2014-03-30 13:02:41 +02:00
John McLear
e1fa43e640 quick formatting clean up 2014-03-17 19:20:32 +00:00
Marcel Klehr
a369347d86 Merge branch 'pr/1579' into toolbar-test 
Conflicts:
	settings.json.template
	src/static/js/pad_editbar.js
 2014-03-16 13:30:22 +01:00
Luc Didry
3d8452b143 Replace tabs indentation with spaces indentation 
Some files are obviously external libraries, I didn't touch them
 2013-12-05 08:41:29 +01:00
Marcel Klehr
3ad4b1b837 stats: Add http500, memoryUsage, pendingEdits gauges 
and turn edits metric into a timer instead of a simple meter
 2013-10-27 21:43:32 +01:00
Marcel Klehr
387091c5c9 Expose current stats at /stats 2013-10-27 18:11:50 +01:00
Marcel Klehr
940f114a84 Record metrics with 'measured' 2013-10-27 17:42:55 +01:00
Marcel Klehr
b7c7685dc7 Polish logging of client-side errors on the server 2013-10-10 18:45:22 +02:00
Eric Schrijver
b34224559d ‘Etherpad Lite’ -> ‘Etherpad’ 2013-09-29 13:57:37 +02:00
vileda
43e1af93c1 allow users to have colons in password 2013-09-10 16:00:36 +02:00
cohitre
90837437c5 Moving the toolbar plugin calls. 2013-04-13 12:06:51 -07:00
John McLear
c6041bf0c2 Merge pull request #1675 from ether/fix/process-uncaughtException-event-handler-leak 
Don't leak event listeners for process:uncaughtException
 2013-03-27 12:06:30 -07:00
Marcel Klehr
c4d9a71156 /admin/plugins: Fix update check 2013-03-27 12:02:19 +01:00
Marcel Klehr
ac0018cdfa Don't leak event listeners for process:uncaughtException 2013-03-26 21:19:09 +01:00
Marcel Klehr
638cea5fd6 Install and uninstall plugins with style 
- Don't block the whole page when installing a plugin
- allow people to search and install other plugins meanwhile

Why? http://i.imgur.com/XoX6uYS.jpg
 2013-03-26 15:11:30 +01:00
Marcel Klehr
aca5d150e4 /admin/plugins: Don't list installed plugins as available 2013-03-26 11:58:31 +01:00
Marcel Klehr
e8bae61cf5 /admin/plugins: Add progress indicators and report errors 2013-03-26 11:19:36 +01:00
Marcel Klehr
773293991b admin/plugins: Allow people to sort search results 2013-03-25 23:09:03 +01:00
Marcel Klehr
079fdf0f38 Revamp /admin/plugins 
- dry up the client-side code
- use the new saner API of pluginfw/installer.js on the server
- Improve UX: allow user to infinitely scroll to display their results
 2013-03-25 17:20:10 +01:00
Marcel Klehr
0070eab416 Fix caching of npm search results and only make one registry request on /admin/plugins 
fixes #1488
 2013-03-25 12:45:23 +01:00
Marcel Klehr
a628317b55 Log http on debug log level 
... and additionally log the response time
 2013-03-19 18:34:21 +01:00
Marcel Klehr
2bc45de106 Fix #1639 by removing bodyParser middleware introduced with swagger REST API 2013-03-18 22:09:47 +01:00
Marcel Klehr
5fe60e7221 redirect /admin to /admin/ so that the relative links work 2013-03-14 15:59:39 +01:00
nelson.silva
a5987285e0 Multiple REST endpoints (one per version) 2013-03-06 10:10:21 +00:00
Nelson Silva
8f279a6710 Added some fixes to make it work with the codegen 2013-03-06 10:10:21 +00:00
Nelson Silva
1cfc8eda19 Initial work on swagger 2013-03-06 10:10:21 +00:00
John McLear
6d7e709ecb Merge branch 'develop' of github.com:ether/etherpad-lite into store-sessions-in-db 2013-02-17 23:44:26 +00:00
John McLear
efce99c3a1 session key in settings file OR generate temp key for instance 2013-02-13 21:51:09 +00:00
John McLear
5c9d081391 Begin supporting the database but still have a problem where it generates new key on restart... 2013-02-13 01:33:22 +00:00
Manuel Knitza
e855bafdf9 Update src/node/hooks/express/apicalls.js 2013-02-12 21:47:40 +01:00
John McLear
da0b331502 Make async and cleaner 2013-02-04 00:00:39 +00:00
John McLear
8b8cf01785 put tests in static folder, still have a race condition no biggy 2013-02-03 13:53:44 +00:00
John McLear
0ff9f53297 correct path 2013-02-03 00:18:24 +00:00
John McLear
594d272334 allow plugins to specify frontend test specs 2013-02-03 00:14:17 +00:00
Marcel Klehr
0549a4fec7 Add checkUpdates endpoinnt for /admin/plugins 2013-01-26 22:13:28 +01:00
Wikinaut
5bf79971b8 merged upstream develop 2012-12-07 08:59:13 +01:00
Marcel Klehr
377ff1eade Fix #1219: Make api work if requireAuth is enabled 2012-12-05 14:04:48 +01:00
Iván Eixarch
657322db91 fixed git merge confict 2012-12-03 01:39:59 +01:00
Wikinaut
8b044254cc add socketTransportProtocols parameter 2012-12-02 18:28:28 +01:00
Marcel Klehr
719fb7e045 Let socket.io decide which transport is best for the browser 2012-11-29 13:42:37 +01:00
Iván Eixarch
cc60b82a6e Import html by default and allow basic import/export features without abiword 2012-11-23 22:55:25 +01:00
Marcel Klehr
364e6928b5 Make tests work on windows 2012-11-17 16:28:54 +01:00
Peter 'Pita' Martischka
4c095202bd Merged branch feature/frontend-tests 2012-11-13 07:29:57 -08:00
Marcel Klehr
d26f5d64f7 Fix #1130 Reload settings on /admin/settings server restart 2012-11-06 17:35:52 +01:00
John McLear
28bcdcec25 Merge pull request #1124 from Wikinaut/fix-issue-377-add-favicon-url-settings-parameter 
fix #377: add favicon url as optional settings.json parameter
 2012-11-06 03:08:25 -08:00
John McLear
b9541f938b Merge pull request #1127 from Pita/admin-page 
add express endpoint for admin index.html
 2012-11-05 04:59:01 -08:00
John McLear
3766858dd2 add express endpoint for admin index.html 2012-11-05 12:58:02 +00:00
John McLear
b6a331b9ec Merge pull request #1120 from Pita/feature/settings-admin 
Modify Server Settings in /admin/settings
 2012-11-05 04:48:59 -08:00
Wikinaut
a575de7884 allow favicon.ico as pad name 2012-11-04 13:02:55 +01:00
Wikinaut
c92b5283fd fix #377: add favicon url as optional settings.json parameter 2012-11-04 11:26:17 +01:00
Peter 'Pita' Martischka
6408581adb merged develop back in 2012-11-03 18:16:36 +00:00
johnyma22
2f123970e6 Make express restart - I think this reloads settings 2012-11-02 15:21:12 +00:00
johnyma22
3ca450fefc make the server save settings 2012-11-02 15:10:01 +00:00
johnyma22
89e38ed4c2 Start putting file system together for admin settings, no where near complete 2012-11-02 13:16:15 +00:00
Marcel Klehr
2d6e577683 Put up some '/admin doesn't exist' notice. 2012-11-01 19:45:26 +01:00
John McLear
5629063b9c Allow robots.txt to be custom 2012-11-01 13:32:04 +00:00
Marcel Klehr
ed2faa68c9 Pass on the req object to eejs hooks 2012-11-01 13:44:59 +01:00
Peter 'Pita' Martischka
9537892c61 wrap spec files with a describe 2012-10-27 17:29:17 +01:00
Peter 'Pita' Martischka
cac27c864a load list of spec files from the server 2012-10-27 17:05:26 +01:00
Peter 'Pita' Martischka
cc7ddddd2f redirect from frontend to frontend/ 2012-10-27 16:41:17 +01:00
Peter 'Pita' Martischka
ca6ebd6151 major restructering of the front end test framework 2012-10-08 00:34:29 +02:00
johnyma22
c74aed986e Merge branch 'develop' of github.com:Pita/etherpad-lite into feature/frontend-tests 2012-10-04 18:55:57 +01:00
Marcel Klehr
2684a1d295 Merge branch 'develop' into express-v3 
Conflicts:
	src/node/hooks/express/errorhandling.js
 2012-10-03 10:09:00 +02:00
Marcel Klehr
7656001cb5 Don't shut down the whole server, if error handling middleware is called. 
The errors passed to error handling middleware aren't that severe, so it's fine to just stay alive...
 2012-10-02 20:11:18 +02:00
Peter 'Pita' Martischka
ba4ebbba3b Setted up an enviroment for frontend tests, first steps 2012-10-02 00:35:43 +01:00
Marcel Klehr
0c9c1f514f Fix socket.io auth: Use connect to parse signed cookies (migrate to express v3) 2012-09-22 16:03:40 +02:00
Marcel Klehr
0f436d5916 Migrate error handling middleware to express v3 2012-09-22 15:22:15 +02:00
Marcel Klehr
794c3d1afe Set secret on cookieParser (migrate to express v3) 2012-09-22 14:05:41 +02:00
Marcel Klehr
71579d1478 Fix res.send (migrate to express v3) 2012-09-22 13:51:39 +02:00
Marcel Klehr
ff7cf991c9 Upgrade log4js to v0.5 2012-09-21 21:39:08 +02:00
Marcel Klehr
4416210471 Differentiate between http server and express app 2012-09-21 17:12:22 +02:00
johnyma22
603f251824 error handling and close is removed in express 3 2012-09-12 19:34:33 +01:00
Marcel Klehr
ea0f7cb2e9 Add support for multiple api versions 2012-09-09 18:20:16 +02:00
John McLear
c5be2eb418 Merge pull request #977 from cweider/loopback-avoidance 
Loopback avoidance
 2012-09-03 14:56:55 -07:00
Chad Weider
024a26f272 Minify publishes its own mock request thing. 2012-09-03 14:37:26 -07:00
Wikinaut
e82588c332 use socket.io with jsonp-polling. several browsers tested. fixes IE8 issues 2012-08-18 00:47:13 +02:00
Wikinaut
85f5eb38e4 fix for all IE8 issues when IE8 setting NATIVE XMLHHTP SUPPORT is disabled 2012-08-16 01:00:36 +02:00
Chad Weider
cd11717b99 Eliminate the loopback that has been causing so much trouble. 
`localhost`, `0.0.0.0`, `127.0.0.1` each works only in some places some of the time, this works around the problem by overriding Yajsml's built-in request mechanism in favor of a hacked together one. TODO: Serve files from another service, or directly from the file system in order to make this unnecessary.

Fixes #747
 2012-07-22 23:55:07 -07:00
Egil Moeller
a0548af021 Merge branch 'develop' of git://github.com/Pita/etherpad-lite into restartserver 2012-07-03 23:32:37 +02:00
Egil Moeller
b438a278a1 Make the server restart on plugin install 2012-07-03 23:31:44 +02:00
Mark Holmquist
91ed1f57c5 Don't rewrite in a stupid way 
Since we're already in the proper path for the pad, why worry
about it? Replacing the entire path of the URL with /p/padname may
have seemed like a good idea at the time, but really, for a 302 we
only need a relative pathname. This patch provides the proper way.
 2012-07-02 16:46:31 -07:00
John McLear
e4ff4021ab Merge pull request #810 from redhog/aceEditEvent 
Plugin/hook features&bugfixes
 2012-06-22 03:53:50 -07:00
Jordan Hollinger
6f37c0aaa6 The pad name sanitizer shouldn't drop query params. issue #779 2012-06-13 15:20:29 -04:00
Egil Moeller
cf2f0b72a3 More plugin information 2012-06-04 14:33:38 +02:00
Egil Moeller
914d79ad20 Unified timeslider and pad editing protocol / component 2012-04-23 12:52:30 +02:00
Egil Moeller
ecac40d062 Changed the authentication mechanism to support hooks 2012-04-19 16:04:03 +02:00
Egil Moeller
ac36a99a72 More general basic auth 2012-04-19 14:25:12 +02:00
Egil Moeller
4c1d94343f Better plugin admin interface 2012-04-18 13:43:34 +02:00
Jordan Hollinger
362ef454b8 Don't block static paths with http auth 2012-04-13 05:17:48 -04:00
Patrick Rauscher
867cc94806 bugfix for some crashes through stack overflows 2012-04-08 17:48:30 +00:00
Patrick Rauscher
6da38fd8bc bugfix to use the API again 2012-04-07 13:40:02 +00:00
Matthias Bartelmeß
137e06d52b Merge branch 'develop' into fix/max-age 2012-04-04 17:42:08 +02:00
Matthias Bartelmeß
5c4551b098 remove maxAge: undefined header, send maxAge even if set to 0 2012-04-04 17:41:03 +02:00
Matthias Bartelmeß
f34e13f761 on plugin definitions, only expose plugins with client_hooks registered. dont expose 'package' property 2012-04-04 15:10:27 +02:00