libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
7819 commits 2 branches 0 tags 24 MiB
Commit graph

7819 commits

This branch
This branch
All branches
Author SHA1 Message Date
Felix
578ae17aa8
Add docker & npm ecosystem to dependabot 2022-01-26 19:34:27 -05:00
translatewiki.net
315bcccc14 Localisation updates from https://translatewiki.net. 2022-01-24 13:03:53 +01:00
Richard Hansen
e4a336e875 plugins: Add npm packages to etherpad org 2022-01-20 20:33:24 -05:00
Richard Hansen
c7195b1133 docker: Add variables for cookie settings 2022-01-19 23:08:32 -05:00
Richard Hansen
861a929a43 docker: Sync settings.json.docker with .template 2022-01-19 23:06:56 -05:00
Richard Hansen
692749d1cf express-session: Extend session lifetime if user is active 2022-01-17 21:45:56 -05:00
Richard Hansen
9c1f52f1b0 express-session: Install package from @etherpad scope 
This allows us to use some in-progress features.
 2022-01-17 21:45:56 -05:00
Richard Hansen
023e58cfe6 express-session: Set a finite cookie lifetime 2022-01-17 21:45:56 -05:00
Richard Hansen
ec10700dff express-session: Don't save uninitialized sessions 
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
 2022-01-17 21:45:56 -05:00
Richard Hansen
7255dd7ef0 express-session: Inherit proxy trust from Express 2022-01-17 21:45:56 -05:00
Richard Hansen
945e6848e2 SessionStore: Delete DB record when session expires 
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
 2022-01-17 21:45:56 -05:00
Richard Hansen
72cd983f0f SessionStore: Option to update DB record on touch() 2022-01-17 21:45:52 -05:00
Richard Hansen
b991948e21 SessionStore: Don't write DB record if already expired 2022-01-17 21:33:58 -05:00
Richard Hansen
4d498725c7 SessionStore: Improve cookie expiration check 
* Don't mutate `sess.cookie.expires`.
  * Allow `sess.cookie` to be nullish.
  * Always compare `Date` objects.
 2022-01-17 18:17:40 -05:00
Richard Hansen
928c598ecf tests: Add SessionStore backend tests 2022-01-17 17:51:08 -05:00
Richard Hansen
efab3aed0c deps: Update ueberdb2 to 2.0.1 to get proper JSON support 2022-01-14 00:45:47 -05:00
Richard Hansen
d3984aa621 express: Move preAuthorize hook after express-session 
The `ep_openid_connect` plugin needs access to session state before
authorization checks are made (to securely redirect the user back to
the start page when authentication completes). Now that the
`expressPreSession` hook exists, the rationale for moving
`preAuthorize` before the `express-session` middleware is gone.

This change undoes the following commits:
  * bf35dcfc50
  * 0b1ec20c5c
  * 30544b564e
 2022-01-14 00:44:54 -05:00
Richard Hansen
75637708c0 express: Move up cookie-parser middleware 
This makes it possible for the `preAuthorize` and `preExpressSession`
hooks to easily read or set cookies.
 2022-01-14 00:44:54 -05:00
Richard Hansen
ab85db4426 webaccess: Silence prototype pollution warning 2022-01-14 00:44:54 -05:00
Richard Hansen
dcd43e9849 webaccess: Use .startsWith() instead of .search() 2022-01-14 00:44:54 -05:00
translatewiki.net
b9118c22ba Localisation updates from https://translatewiki.net. 2022-01-13 13:02:54 +01:00
Richard Hansen
fd9b770579 PadManager: Refactor padList to avoid duplicate loads 2022-01-02 20:44:42 -05:00
Richard Hansen
66ce2b50a9 openapi: Convert Promise.catch() to catch block 2022-01-02 19:17:20 -05:00
Richard Hansen
fa8bdb0348 promises: Add a comment explaining a subtlety in Gate 2022-01-02 18:57:44 -05:00
Richard Hansen
a115c475ad promises: Expose reject in Gate 2022-01-02 18:57:44 -05:00
Richard Hansen
b72db7ebd6 promises: Return a Promise from Gate.then() 
It doesn't make sense to return a `Gate` from `Gate.then()`, and this
eliminates the semantically confusing constructor parameter.
 2022-01-02 18:57:44 -05:00
Richard Hansen
78a67801f3 promises: Move Gate from server.js (to enable reuse) 2022-01-02 18:57:44 -05:00
Richard Hansen
c8d45586c1 server: Fix stop Gate creation and check 2022-01-02 18:57:44 -05:00
Richard Hansen
10c55a2328 Changeset: Explain why number of removals doesn't matter 2021-12-31 22:53:59 -05:00
Richard Hansen
6495b1e6f4 tests: Disable deprecation warnings when testing deprecated functions 2021-12-31 22:15:03 -05:00
Richard Hansen
c0471dd238 tests: Avoid deprecated Changeset.opIterator 2021-12-31 22:14:07 -05:00
webzwo0i
0af728ffee textLinesMutator: coverage for changed attributes in multiline keeps 2021-12-30 18:44:29 -05:00
webzwo0i
93447b7493 easysync tests: cover more string operation scenarios 2021-12-30 18:44:29 -05:00
webzwo0i
395cbc01bb Changeset.js: refine comments 2021-12-30 18:44:29 -05:00
webzwo0i
55c47efd4c easysync tests: add some more smartOpAssembler tests 2021-12-30 18:44:29 -05:00
webzwo0i
12ebca897d easysync: add clear method to stringAssembler 2021-12-30 18:44:29 -05:00
Chocobozzz
0cc15df9b9 Prevent pad translation and crash 
Prevent "TypeError: Cannot read properties of null (reading 'sheet')"
exception because google chrome can translate `<style type="text/css" title="dynamicsyntax"></style>` title attribute
 2021-12-22 17:46:32 +01:00
Richard Hansen
cb257de8f9 Bump version to v1.9.0 for plugin peerDependencies 
This allows plugins to depend on the not-yet-released API by bumping
their `peerDependencies` to `>=1.9.0`.

IMPORTANT: v1.9.0 IS NOT RELEASED YET. I tried to bump the version to
1.9.0-alpha.0 instead, but unfortunately that doesn't satisfy
`>=1.8.6` which would break just about every plugin.
 2021-12-21 17:23:56 -05:00
Richard Hansen
02a56dc58c PadMessageHandler: Allow handleMessageSecurity to grant one-time write access 2021-12-21 17:23:56 -05:00
Richard Hansen
31b025bd9d PadMessageHandler: Pass session info to handleMessageSecurity hook 2021-12-21 17:23:56 -05:00
Richard Hansen
1b52c9f0c4 PadMessageHandler: Deprecate client context property 2021-12-21 17:23:56 -05:00
Richard Hansen
8539a66439 docs: Improve handleMessageSecurity documentation 2021-12-21 17:23:56 -05:00
Richard Hansen
f1856cf95a Docker: Use new /health endpoint for HEALTHCHECK 2021-12-21 17:19:56 -05:00
Richard Hansen
11de525508 Docker: Install and use link for etherpad binary 2021-12-21 17:19:56 -05:00
Richard Hansen
83f2898723 package.json: Define etherpad binary 2021-12-21 17:19:56 -05:00
Richard Hansen
696f9c3367 specialpages: New /health endpoint for health checking 
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
 2021-12-21 17:19:56 -05:00
Dirk Jagdmann
2e4c546c7f Pad: Add new .spliceText() method 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-21 17:00:18 -05:00
Richard Hansen
30544b564e express: Skip express-session middleware if pre-authorized 2021-12-20 20:08:19 -05:00
Richard Hansen
649fbdccf5 express: Move static handlers to expressPreSession 
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
 2021-12-20 20:08:19 -05:00
Richard Hansen
72f4ae444d express: New expressPreSession server-side hook 2021-12-20 20:08:19 -05:00