mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-23 00:46:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
7914 commits 213 branches 107 tags 72 MiB
Commit graph

1847 commits

Author SHA1 Message Date
Richard Hansen
b38d66b30b Pad: Move padLoad hook to Pad.init() 2022-04-08 22:04:00 -04:00
Richard Hansen
f9610452cf Pad: New padCheck hook 2022-04-08 21:52:11 -04:00
Richard Hansen
a2460a9848 Pad: New padRemove hook pad context property 2022-04-08 21:52:11 -04:00
Richard Hansen
8fe779b58c Pad: New padCopy hook dstPad context property 2022-04-08 21:52:11 -04:00
Richard Hansen
9cdb69c159 Pad: Rename originalPad context property to srcPad 2022-04-08 21:52:11 -04:00
Richard Hansen
59d60480c0 Pad: Expose pad-specific database object 
This will make it possible for plugins to add/change/delete custom
pad-specific records.
 2022-04-08 21:52:11 -04:00
Richard Hansen
ae092edf0c AuthorManager: New getAuthorId hook 2022-03-16 06:10:28 -04:00
Richard Hansen
6d4085f5f0 SecurityManager: Restrict valid author token values 2022-03-16 06:10:28 -04:00
Richard Hansen
b89ae69202 SecurityManager: Don't prefetch values 
Prefetching can cause unhandled Promise rejections, and it makes the
code less readable.
 2022-03-16 06:10:28 -04:00
Richard Hansen
b733ed9ab0 Pad: Convert line endings in text from padDefaultContent hook 2022-02-24 17:40:04 -05:00
Richard Hansen
2d53b9f150 PadMessageHandler: Plumb author ID to more pad creation locations 2022-02-24 17:40:04 -05:00
Richard Hansen
363a48b6d5 ChatMessage: Log deprecation warnings for .userId, .authorId 2022-02-24 17:39:38 -05:00
Richard Hansen
b4d9252bfe PadMessageHandler: Don't get Pad object multiple times 2022-02-24 17:39:38 -05:00
Richard Hansen
b276eb0a23 PadMessageHandler: Improve message sanity checking 
Use exceptions instead of silent drops so that the client can detect
the error and react appropriately.
 2022-02-24 17:39:38 -05:00
Richard Hansen
3b76b2dd67 SocketIORouter: Improve error handling 2022-02-24 17:39:38 -05:00
Richard Hansen
fcfa51bda6 PadMessageHandler: Convert complex if to switch 2022-02-24 17:39:38 -05:00
Richard Hansen
32c82917e3 Merge branch 'master' into develop 2022-02-23 17:25:38 -05:00
Richard Hansen
ba370b0e05 PadMessageHandler: Don't trust user-provided padId 2022-02-23 16:11:21 -05:00
Richard Hansen
bdbde88fed PadMessageHandler: Fix USER_CHANGES queue identifier 
`message.padId` is normally undefined for `USER_CHANGES` messages.
 2022-02-23 16:11:16 -05:00
Richard Hansen
daee90d2af lint: Close function args on same line as final arg 2022-02-21 14:53:48 -05:00
Richard Hansen
37508403d8 lint: Replace Object.assign() with object spread syntax 2022-02-21 14:36:58 -05:00
Richard Hansen
c8211f2898 lint: Run eslint --fix 2022-02-21 14:36:58 -05:00
Richard Hansen
2e0e872ae3 Pad: New padDefaultContent hook 2022-02-19 14:55:43 -05:00
Richard Hansen
aa286b7dbd API: Add optional authorId param to mutation functions 2022-02-19 14:55:42 -05:00
Richard Hansen
3b8549342a Pad: Plumb author ID through mutation operations 2022-02-19 14:55:42 -05:00
Richard Hansen
5f60b3aab2 Pad: Remove unneccessary padManager.getPad() call 2022-02-19 14:55:42 -05:00
Richard Hansen
449b972e6a Pad: Use default parameter value 2022-02-19 14:55:42 -05:00
Richard Hansen
aec512d1fa Pad: Rename author context properties to authorId 2022-02-19 14:55:42 -05:00
Richard Hansen
65bd5ffa6b Pad: Rename author vars to authorId for consistency 2022-02-19 14:55:42 -05:00
Richard Hansen
c2910b98e8 ImportHandler: Skip default pad text when importing to a new pad 2022-02-19 14:25:51 -05:00
Richard Hansen
c8f2409de0 ImportHandler: Drop unnecessary underscores in variable names 
Also delete an unnecessary comment.
 2022-02-19 14:25:51 -05:00
Richard Hansen
5520161088 deps: Upgrade formidable to 2.0.1 2022-01-28 21:34:57 -05:00
Richard Hansen
9db3424403 deps: Bump rehype and rehype-minify-whitespace 2022-01-27 01:27:10 -05:00
Richard Hansen
1e604add99 deps: Require Node.js 12.17.0 or later 
This makes it possible to use dynamic `import()`.
 2022-01-27 01:27:10 -05:00
Richard Hansen
692749d1cf express-session: Extend session lifetime if user is active 2022-01-17 21:45:56 -05:00
Richard Hansen
023e58cfe6 express-session: Set a finite cookie lifetime 2022-01-17 21:45:56 -05:00
Richard Hansen
ec10700dff express-session: Don't save uninitialized sessions 
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
 2022-01-17 21:45:56 -05:00
Richard Hansen
7255dd7ef0 express-session: Inherit proxy trust from Express 2022-01-17 21:45:56 -05:00
Richard Hansen
945e6848e2 SessionStore: Delete DB record when session expires 
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
 2022-01-17 21:45:56 -05:00
Richard Hansen
72cd983f0f SessionStore: Option to update DB record on touch() 2022-01-17 21:45:52 -05:00
Richard Hansen
b991948e21 SessionStore: Don't write DB record if already expired 2022-01-17 21:33:58 -05:00
Richard Hansen
4d498725c7 SessionStore: Improve cookie expiration check 
* Don't mutate `sess.cookie.expires`.
  * Allow `sess.cookie` to be nullish.
  * Always compare `Date` objects.
 2022-01-17 18:17:40 -05:00
Richard Hansen
d3984aa621 express: Move preAuthorize hook after express-session 
The `ep_openid_connect` plugin needs access to session state before
authorization checks are made (to securely redirect the user back to
the start page when authentication completes). Now that the
`expressPreSession` hook exists, the rationale for moving
`preAuthorize` before the `express-session` middleware is gone.

This change undoes the following commits:
  * bf35dcfc50
  * 0b1ec20c5c
  * 30544b564e
 2022-01-14 00:44:54 -05:00
Richard Hansen
75637708c0 express: Move up cookie-parser middleware 
This makes it possible for the `preAuthorize` and `preExpressSession`
hooks to easily read or set cookies.
 2022-01-14 00:44:54 -05:00
Richard Hansen
ab85db4426 webaccess: Silence prototype pollution warning 2022-01-14 00:44:54 -05:00
Richard Hansen
dcd43e9849 webaccess: Use .startsWith() instead of .search() 2022-01-14 00:44:54 -05:00
Richard Hansen
fd9b770579 PadManager: Refactor padList to avoid duplicate loads 2022-01-02 20:44:42 -05:00
Richard Hansen
66ce2b50a9 openapi: Convert Promise.catch() to catch block 2022-01-02 19:17:20 -05:00
Richard Hansen
fa8bdb0348 promises: Add a comment explaining a subtlety in Gate 2022-01-02 18:57:44 -05:00
Richard Hansen
a115c475ad promises: Expose reject in Gate 2022-01-02 18:57:44 -05:00