John McLear
50bbcb87bb
Merge pull request #4 from nashe/jsonp_fix
...
Added a jsonp var checker
2018-04-03 10:29:52 +01:00
John McLear
8767410a36
be more strict on password check
2018-03-23 19:21:52 +00:00
Peter 'Pita' Martischka
dd7894d3c9
Added a jsonp var checker
2018-03-23 11:17:39 +00:00
Man Yue Mo
a2992b3624
fix jsonp checking.
2018-02-07 08:43:07 +00:00
Stefan
b292e137ed
Added missing require for is-var-name
2018-02-03 12:33:33 +01:00
Robert Helmer
f56936c936
better sanitize jsonp
2018-01-30 12:52:19 -08:00
Avery Pennarun
e0582797f2
Call authentication hooks before default basic authentication.
...
This allows authenticators to do any extra session setup for a given user,
even if their username/password happens to match settings.json.
2017-12-31 12:32:50 +00:00
Rainer Rillke
f12debd5c7
Catch SIGTERM for graceful shutdown ( #3266 )
...
Shut down database connection and exit the node process
when SIGTERM is encountered. This is especially important
when nodejs is run as PID1, e.g. in a docker container.
Shutting down connections to clients (browsers) is beyond
this patche's scope.
Resolves #3265
2017-11-04 19:59:19 -02:00
Luiza Pagliari
cf686282ef
Do not use cookie for pad shortcuts
...
Users still cannot choose which shortcuts they want to enable/disable,
so it does not make sense (yet) to have a cookie with that preference.
This can be reverted once we create an UI to change shortcuts, but
PLEASE PLEASE PLEASE do not read the cookie every time handleKeyEvent is
called!!!
This is an adjustment to #2891 .
2017-05-11 12:26:14 -03:00
Luiza Pagliari
1ebcf0dc47
Merge pull request #2891 from bhldev/padShortcutDisable
...
Added pad shortcut disabling feature to settings.json
2017-05-11 11:29:25 -03:00
Sjoerd Langkemper
21a6e66e25
Remove deprecated comment
...
The session key is currently stored in SESSIONKEY.txt, so it is no longer reset
every time the server starts.
2017-01-26 09:59:09 +01:00
noerw
cc69e76200
redirect /admin properly ( fix #3114 )
2017-01-06 18:19:38 +01:00
Stefan
aefa617797
Merge branch 'develop' into improve_cookies
2016-12-20 21:31:11 +01:00
Nobody Really
97fd1ab2fe
Added LibreJS support
2016-09-20 09:30:35 +02:00
Dan Bornstein
879ae7c67d
Remove the noDocType
argument, which was only ever passed as false
.
2016-09-08 09:41:23 -07:00
Stefan
009b61b338
Make express-session cookie scheme dependent
2016-07-10 12:44:45 +02:00
Stefan
4ea9c4f98d
Add secure flag to express-session cookies
2016-06-08 21:15:26 +02:00
LokeshN
a8d5dc0693
Issue #2960 - deactivate settings.json
...
Deactivate settings.json in Admin dashboard
2016-05-22 21:12:21 +05:30
Brian Lim
26aeb7b705
Added pad shortcut disabling feature
2016-01-21 07:38:41 -05:00
Brian Lim
295672f598
Set language cookie on initial load
2016-01-17 21:44:03 -05:00
Chris Birk
d6033de0da
Use new exportAvailable() check to include check for SOffice along with Abiword in importexport hook
2015-12-18 00:14:13 -06:00
Stefan
f6cebdad98
Fix decode error if pad name contains special characters and is sanitized
2015-10-08 20:46:15 +02:00
John McLear
818408cf49
other bits required for read only
2015-05-19 16:57:53 +01:00
Simon Gaeremynck
5a7750781b
Use the cookie parser middleware
2015-05-07 18:35:21 +01:00
Tom Hunkapiller
133188320a
fix: only match /javascript/* for caching middleware
2015-04-11 09:54:40 -05:00
Tom Hunkapiller
2e4374c08d
clearer comments about the path handling behavior
2015-04-10 20:19:26 -05:00
Tom Hunkapiller
3ebb19d8a2
fix an issue in the path handling that allowed directory traversal
2015-04-10 20:03:00 -05:00
John McLear
402e53d88e
Merge pull request #2584 from devoidfury/express4
...
Express 4 support
2015-04-11 00:13:45 +01:00
Stefan
db5bdc8719
Log version number and git-sha on server start
2015-04-11 00:13:04 +02:00
Stefan
8e4c961207
Add version number to plugins-info page
2015-04-10 23:52:17 +02:00
Tom Hunkapiller
fd1d285a77
fix the rest of the deprecation warnings
2015-04-10 14:18:30 -05:00
Tom Hunkapiller
de67714cf8
fix minify route path; update deprecated calls
2015-04-10 05:52:58 -05:00
Tom Hunkapiller
d0b39c01fb
update for express 4.x
2015-04-08 23:12:11 -05:00
John McLear
c705a058fb
Merge branch 'feature/append-chat-api' of github.com:derosm2/etherpad-lite into append-chat-api
2015-04-01 13:32:07 +01:00
John McLear
ec6a2b5ba9
allow for load testing connections to hit by a setting
2015-02-16 23:02:19 +00:00
John McLear
ddc69831b2
working, need to test though
2015-02-11 17:59:05 +00:00
Mike DeRosa
4c6bd37286
Adding api call for appending a chat message.
2015-02-09 00:18:12 -05:00
John McLear
aca745ddf6
tell installer if old etherpad needs updating during plugin install
2015-01-25 02:44:10 +00:00
John McLear
689ced8443
and this one..
2015-01-18 20:15:17 +00:00
John McLear
036b7d2890
Merge pull request #2418 from ether/etherpad-export-and-import
...
Full Pad portability (Export/Import)
2014-12-31 13:32:09 +00:00
webzwo0i
b0da214ad5
hack to avoid warnings in swagger usage
2014-12-30 18:06:41 +01:00
John McLear
3773b6346b
semi working requires browser refresh
2014-12-29 20:57:58 +01:00
John McLear
c4959b089f
resolve merge conflict
2014-12-29 01:54:44 +01:00
John McLear
ae22332f71
removing dokuwiki
2014-12-27 14:08:45 +01:00
webzwo0i
b204aa2085
remove more dead requires.
2014-12-16 19:10:01 +01:00
luto
5c3874c0a1
really recreate socketio-client in expressCreateServer, fixes #2342
...
When using plugins, the express server gets restarted. When we do that,
the socketio-server should also get restarted. It doesn't. That means
that all the events in SocketIORouter.js are bound twice, which causes
chaos all over etherpad.
This changes our socketio.js so it fully recreates the io-instance when
we restart the server.
introduced in 95e7b0f156
, but catching
that would have been hard.
2014-11-25 22:38:22 +01:00
John McLear
73bcbbcb89
final commit
2014-11-23 14:15:03 +00:00
John McLear
ae7da122d7
fix session management
2014-11-23 14:14:01 +00:00
John McLear
3e8f3cd938
hrm I dont trust this security
2014-11-18 14:56:40 +00:00
John McLear
ff603d7b58
stability restored now to handle the auth issues
2014-11-18 14:12:02 +00:00
John McLear
020b636b1f
template of a semi-fix
2014-11-18 14:08:44 +00:00
John McLear
9fa77cdea2
working handling of setting client ip and anonymizing etc
2014-11-04 23:25:18 +00:00
John McLear
95e7b0f156
transports
2014-11-04 19:11:06 +00:00
John McLear
5d0ccb5f8f
auth fix
2014-11-04 18:17:39 +00:00
John McLear
2c801cc558
no errors but no connections
2014-11-01 22:36:19 +00:00
John McLear
a67e805da0
basics, still not working
2014-11-01 21:25:49 +00:00
Marcel Klehr
6054cda473
Create a customizable timeslider toolbar
2014-03-30 13:02:41 +02:00
John McLear
e1fa43e640
quick formatting clean up
2014-03-17 19:20:32 +00:00
Marcel Klehr
a369347d86
Merge branch 'pr/1579' into toolbar-test
...
Conflicts:
settings.json.template
src/static/js/pad_editbar.js
2014-03-16 13:30:22 +01:00
Luc Didry
3d8452b143
Replace tabs indentation with spaces indentation
...
Some files are obviously external libraries, I didn't touch them
2013-12-05 08:41:29 +01:00
Marcel Klehr
3ad4b1b837
stats: Add http500, memoryUsage, pendingEdits gauges
...
and turn edits metric into a timer instead of a simple meter
2013-10-27 21:43:32 +01:00
Marcel Klehr
387091c5c9
Expose current stats at /stats
2013-10-27 18:11:50 +01:00
Marcel Klehr
940f114a84
Record metrics with 'measured'
2013-10-27 17:42:55 +01:00
Marcel Klehr
b7c7685dc7
Polish logging of client-side errors on the server
2013-10-10 18:45:22 +02:00
Eric Schrijver
b34224559d
‘Etherpad Lite’ -> ‘Etherpad’
2013-09-29 13:57:37 +02:00
vileda
43e1af93c1
allow users to have colons in password
2013-09-10 16:00:36 +02:00
cohitre
90837437c5
Moving the toolbar plugin calls.
2013-04-13 12:06:51 -07:00
John McLear
c6041bf0c2
Merge pull request #1675 from ether/fix/process-uncaughtException-event-handler-leak
...
Don't leak event listeners for process:uncaughtException
2013-03-27 12:06:30 -07:00
Marcel Klehr
c4d9a71156
/admin/plugins: Fix update check
2013-03-27 12:02:19 +01:00
Marcel Klehr
ac0018cdfa
Don't leak event listeners for process:uncaughtException
2013-03-26 21:19:09 +01:00
Marcel Klehr
638cea5fd6
Install and uninstall plugins with style
...
- Don't block the whole page when installing a plugin
- allow people to search and install other plugins meanwhile
Why? http://i.imgur.com/XoX6uYS.jpg
2013-03-26 15:11:30 +01:00
Marcel Klehr
aca5d150e4
/admin/plugins: Don't list installed plugins as available
2013-03-26 11:58:31 +01:00
Marcel Klehr
e8bae61cf5
/admin/plugins: Add progress indicators and report errors
2013-03-26 11:19:36 +01:00
Marcel Klehr
773293991b
admin/plugins: Allow people to sort search results
2013-03-25 23:09:03 +01:00
Marcel Klehr
079fdf0f38
Revamp /admin/plugins
...
- dry up the client-side code
- use the new saner API of pluginfw/installer.js on the server
- Improve UX: allow user to infinitely scroll to display their results
2013-03-25 17:20:10 +01:00
Marcel Klehr
0070eab416
Fix caching of npm search results and only make one registry request on /admin/plugins
...
fixes #1488
2013-03-25 12:45:23 +01:00
Marcel Klehr
a628317b55
Log http on debug log level
...
... and additionally log the response time
2013-03-19 18:34:21 +01:00
Marcel Klehr
2bc45de106
Fix #1639 by removing bodyParser middleware introduced with swagger REST API
2013-03-18 22:09:47 +01:00
Marcel Klehr
5fe60e7221
redirect /admin to /admin/ so that the relative links work
2013-03-14 15:59:39 +01:00
nelson.silva
a5987285e0
Multiple REST endpoints (one per version)
2013-03-06 10:10:21 +00:00
Nelson Silva
8f279a6710
Added some fixes to make it work with the codegen
2013-03-06 10:10:21 +00:00
Nelson Silva
1cfc8eda19
Initial work on swagger
2013-03-06 10:10:21 +00:00
John McLear
6d7e709ecb
Merge branch 'develop' of github.com:ether/etherpad-lite into store-sessions-in-db
2013-02-17 23:44:26 +00:00
John McLear
efce99c3a1
session key in settings file OR generate temp key for instance
2013-02-13 21:51:09 +00:00
John McLear
5c9d081391
Begin supporting the database but still have a problem where it generates new key on restart...
2013-02-13 01:33:22 +00:00
Manuel Knitza
e855bafdf9
Update src/node/hooks/express/apicalls.js
2013-02-12 21:47:40 +01:00
John McLear
da0b331502
Make async and cleaner
2013-02-04 00:00:39 +00:00
John McLear
8b8cf01785
put tests in static folder, still have a race condition no biggy
2013-02-03 13:53:44 +00:00
John McLear
0ff9f53297
correct path
2013-02-03 00:18:24 +00:00
John McLear
594d272334
allow plugins to specify frontend test specs
2013-02-03 00:14:17 +00:00
Marcel Klehr
0549a4fec7
Add checkUpdates endpoinnt for /admin/plugins
2013-01-26 22:13:28 +01:00
Wikinaut
5bf79971b8
merged upstream develop
2012-12-07 08:59:13 +01:00
Marcel Klehr
377ff1eade
Fix #1219 : Make api work if requireAuth is enabled
2012-12-05 14:04:48 +01:00
Iván Eixarch
657322db91
fixed git merge confict
2012-12-03 01:39:59 +01:00
Wikinaut
8b044254cc
add socketTransportProtocols parameter
2012-12-02 18:28:28 +01:00
Marcel Klehr
719fb7e045
Let socket.io decide which transport is best for the browser
2012-11-29 13:42:37 +01:00
Iván Eixarch
cc60b82a6e
Import html by default and allow basic import/export features without abiword
2012-11-23 22:55:25 +01:00
Marcel Klehr
364e6928b5
Make tests work on windows
2012-11-17 16:28:54 +01:00
Peter 'Pita' Martischka
4c095202bd
Merged branch feature/frontend-tests
2012-11-13 07:29:57 -08:00
Marcel Klehr
d26f5d64f7
Fix #1130 Reload settings on /admin/settings server restart
2012-11-06 17:35:52 +01:00
John McLear
28bcdcec25
Merge pull request #1124 from Wikinaut/fix-issue-377-add-favicon-url-settings-parameter
...
fix #377 : add favicon url as optional settings.json parameter
2012-11-06 03:08:25 -08:00
John McLear
b9541f938b
Merge pull request #1127 from Pita/admin-page
...
add express endpoint for admin index.html
2012-11-05 04:59:01 -08:00
John McLear
3766858dd2
add express endpoint for admin index.html
2012-11-05 12:58:02 +00:00
John McLear
b6a331b9ec
Merge pull request #1120 from Pita/feature/settings-admin
...
Modify Server Settings in /admin/settings
2012-11-05 04:48:59 -08:00
Wikinaut
a575de7884
allow favicon.ico as pad name
2012-11-04 13:02:55 +01:00
Wikinaut
c92b5283fd
fix #377 : add favicon url as optional settings.json parameter
2012-11-04 11:26:17 +01:00
Peter 'Pita' Martischka
6408581adb
merged develop back in
2012-11-03 18:16:36 +00:00
johnyma22
2f123970e6
Make express restart - I think this reloads settings
2012-11-02 15:21:12 +00:00
johnyma22
3ca450fefc
make the server save settings
2012-11-02 15:10:01 +00:00
johnyma22
89e38ed4c2
Start putting file system together for admin settings, no where near complete
2012-11-02 13:16:15 +00:00
Marcel Klehr
2d6e577683
Put up some '/admin doesn't exist' notice.
2012-11-01 19:45:26 +01:00
John McLear
5629063b9c
Allow robots.txt to be custom
2012-11-01 13:32:04 +00:00
Marcel Klehr
ed2faa68c9
Pass on the req object to eejs hooks
2012-11-01 13:44:59 +01:00
Peter 'Pita' Martischka
9537892c61
wrap spec files with a describe
2012-10-27 17:29:17 +01:00
Peter 'Pita' Martischka
cac27c864a
load list of spec files from the server
2012-10-27 17:05:26 +01:00
Peter 'Pita' Martischka
cc7ddddd2f
redirect from frontend to frontend/
2012-10-27 16:41:17 +01:00
Peter 'Pita' Martischka
ca6ebd6151
major restructering of the front end test framework
2012-10-08 00:34:29 +02:00
johnyma22
c74aed986e
Merge branch 'develop' of github.com:Pita/etherpad-lite into feature/frontend-tests
2012-10-04 18:55:57 +01:00
Marcel Klehr
2684a1d295
Merge branch 'develop' into express-v3
...
Conflicts:
src/node/hooks/express/errorhandling.js
2012-10-03 10:09:00 +02:00
Marcel Klehr
7656001cb5
Don't shut down the whole server, if error handling middleware is called.
...
The errors passed to error handling middleware aren't that severe, so it's fine to just stay alive...
2012-10-02 20:11:18 +02:00
Peter 'Pita' Martischka
ba4ebbba3b
Setted up an enviroment for frontend tests, first steps
2012-10-02 00:35:43 +01:00
Marcel Klehr
0c9c1f514f
Fix socket.io auth: Use connect to parse signed cookies (migrate to express v3)
2012-09-22 16:03:40 +02:00
Marcel Klehr
0f436d5916
Migrate error handling middleware to express v3
2012-09-22 15:22:15 +02:00
Marcel Klehr
794c3d1afe
Set secret on cookieParser (migrate to express v3)
2012-09-22 14:05:41 +02:00
Marcel Klehr
71579d1478
Fix res.send (migrate to express v3)
2012-09-22 13:51:39 +02:00
Marcel Klehr
ff7cf991c9
Upgrade log4js to v0.5
2012-09-21 21:39:08 +02:00
Marcel Klehr
4416210471
Differentiate between http server and express app
2012-09-21 17:12:22 +02:00
johnyma22
603f251824
error handling and close is removed in express 3
2012-09-12 19:34:33 +01:00
Marcel Klehr
ea0f7cb2e9
Add support for multiple api versions
2012-09-09 18:20:16 +02:00
John McLear
c5be2eb418
Merge pull request #977 from cweider/loopback-avoidance
...
Loopback avoidance
2012-09-03 14:56:55 -07:00
Chad Weider
024a26f272
Minify publishes its own mock request thing.
2012-09-03 14:37:26 -07:00
Wikinaut
e82588c332
use socket.io with jsonp-polling. several browsers tested. fixes IE8 issues
2012-08-18 00:47:13 +02:00
Wikinaut
85f5eb38e4
fix for all IE8 issues when IE8 setting NATIVE XMLHHTP SUPPORT is disabled
2012-08-16 01:00:36 +02:00
Chad Weider
cd11717b99
Eliminate the loopback that has been causing so much trouble.
...
`localhost`, `0.0.0.0`, `127.0.0.1` each works only in some places some of the time, this works around the problem by overriding Yajsml's built-in request mechanism in favor of a hacked together one. TODO: Serve files from another service, or directly from the file system in order to make this unnecessary.
Fixes #747
2012-07-22 23:55:07 -07:00
Egil Moeller
a0548af021
Merge branch 'develop' of git://github.com/Pita/etherpad-lite into restartserver
2012-07-03 23:32:37 +02:00
Egil Moeller
b438a278a1
Make the server restart on plugin install
2012-07-03 23:31:44 +02:00
Mark Holmquist
91ed1f57c5
Don't rewrite in a stupid way
...
Since we're already in the proper path for the pad, why worry
about it? Replacing the entire path of the URL with /p/padname may
have seemed like a good idea at the time, but really, for a 302 we
only need a relative pathname. This patch provides the proper way.
2012-07-02 16:46:31 -07:00
John McLear
e4ff4021ab
Merge pull request #810 from redhog/aceEditEvent
...
Plugin/hook features&bugfixes
2012-06-22 03:53:50 -07:00
Jordan Hollinger
6f37c0aaa6
The pad name sanitizer shouldn't drop query params. issue #779
2012-06-13 15:20:29 -04:00
Egil Moeller
cf2f0b72a3
More plugin information
2012-06-04 14:33:38 +02:00
Egil Moeller
914d79ad20
Unified timeslider and pad editing protocol / component
2012-04-23 12:52:30 +02:00
Egil Moeller
ecac40d062
Changed the authentication mechanism to support hooks
2012-04-19 16:04:03 +02:00
Egil Moeller
ac36a99a72
More general basic auth
2012-04-19 14:25:12 +02:00
Egil Moeller
4c1d94343f
Better plugin admin interface
2012-04-18 13:43:34 +02:00
Jordan Hollinger
362ef454b8
Don't block static paths with http auth
2012-04-13 05:17:48 -04:00
Patrick Rauscher
867cc94806
bugfix for some crashes through stack overflows
2012-04-08 17:48:30 +00:00
Patrick Rauscher
6da38fd8bc
bugfix to use the API again
2012-04-07 13:40:02 +00:00
Matthias Bartelmeß
137e06d52b
Merge branch 'develop' into fix/max-age
2012-04-04 17:42:08 +02:00
Matthias Bartelmeß
5c4551b098
remove maxAge: undefined header, send maxAge even if set to 0
2012-04-04 17:41:03 +02:00
Matthias Bartelmeß
f34e13f761
on plugin definitions, only expose plugins with client_hooks registered. dont expose 'package' property
2012-04-04 15:10:27 +02:00