public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,323 Commits
190 Branches
71 Tags
55 MiB
Commit Graph

197 Commits (71fdca9f685cd2163d1da5067fc38a14c218e1ab)

Author SHA1 Message Date
SamTV12345 4f550e17de Added changelog. 2023-10-28 16:34:25 +02:00
SamTV12345 392e5b10b0 Added changelog for 1.9.3 2023-09-23 11:58:05 +02:00
SamTV12345 1b01f01ca3
Fix/rate limit in test (#5931) 
* build(deps): bump express-rate-limit from 6.11.1 to 7.0.0 in /src

Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 6.11.1 to 7.0.0.
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Changelog](https://github.com/express-rate-limit/express-rate-limit/blob/main/changelog.md)
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v6.11.1...v7.0.0)

---
updated-dependencies:
- dependency-name: express-rate-limit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Increase exportratelimit to high number for tests.

* Fixed rate limiting in frontend tests.

* Also do this for the run without plugins.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-14 16:37:52 +02:00
SamTV12345 f881e2ad0b Updated JQuery section. 2023-08-17 14:41:41 +02:00
Richard Hansen 2bb431e7e5
express-session: Implement and enable key rotation (#5362) by @rhansen 
* SecretRotator: New class to coordinate key rotation

* express-session: Enable key rotation

* Added new entry in docker.adoc

* Move to own package.Removed fallback as Node 16 is now lowest node version.

* Updated package-lock.json

---------

Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
 2023-07-03 22:58:49 +02:00
SamTV12345 cfa9ea68f5 Added changelog. 2023-06-26 20:35:58 +02:00
John McLear 1e98033632
Security: Fix revision parsing (#5772) 
A carefully crated URL can cause Etherpad to hang.
 2023-06-26 18:17:06 +01:00
SamTV12345 1d0d109821
Updated changelog 2023-06-20 16:26:02 +02:00
webzwo0i 22a9b81cf0 add changelog entry for node v14 requirement 2022-09-24 22:58:32 +02:00
Richard Hansen 7e4931cf25 Windows build: Switch to 64-bit Node.js executable 2022-05-14 18:25:29 -04:00
Richard Hansen 2d56838792 Windows build: Upgrade bundled Node.js to v16 2022-05-14 18:25:29 -04:00
Richard Hansen 2facf3a0c5 ExportEtherpad: New `importEtherpad`, `exportEtherpad` hooks 2022-05-06 02:54:34 -04:00
Richard Hansen 44fd70491d ImportEtherpad: Batch database writes 2022-05-05 20:49:52 -04:00
Richard Hansen 6a183db850 ExportEtherpad: Parallelize record reads 2022-05-05 19:33:21 -04:00
Richard Hansen 88c0ab8255 ExportEtherpad: Support custom subkeys 2022-05-05 19:33:21 -04:00
Richard Hansen b82ccb76df Merge branch 'master' into develop 2022-05-05 18:53:03 -04:00
Richard Hansen f22fb13d89 deps: Bump ueberdb2 to 2.2.4 2022-05-05 05:18:53 -04:00
Richard Hansen 096379e6f9 Pad: Limit DB concurrency when copying a pad 2022-04-16 00:03:00 -04:00
Richard Hansen ff494563d9 Pad: Call `padCreate`, `padUpdate` hooks asynchronously 2022-04-15 23:52:16 -04:00
Richard Hansen 07146591dd Pad: Run `padLoad` hook asynchronously 2022-04-08 22:04:00 -04:00
Richard Hansen b38d66b30b Pad: Move `padLoad` hook to `Pad.init()` 2022-04-08 22:04:00 -04:00
Richard Hansen f9610452cf Pad: New `padCheck` hook 2022-04-08 21:52:11 -04:00
Richard Hansen a2460a9848 Pad: New `padRemove` hook `pad` context property 2022-04-08 21:52:11 -04:00
Richard Hansen 8fe779b58c Pad: New `padCopy` hook `dstPad` context property 2022-04-08 21:52:11 -04:00
Richard Hansen 9cdb69c159 Pad: Rename `originalPad` context property to `srcPad` 2022-04-08 21:52:11 -04:00
Richard Hansen 59d60480c0 Pad: Expose pad-specific database object 
This will make it possible for plugins to add/change/delete custom
pad-specific records.
 2022-04-08 21:52:11 -04:00
Richard Hansen ae092edf0c AuthorManager: New `getAuthorId` hook 2022-03-16 06:10:28 -04:00
Richard Hansen 32c82917e3 Merge branch 'master' into develop 2022-02-23 17:25:38 -05:00
Richard Hansen d97537d18b Release v1.8.17 2022-02-23 17:03:34 -05:00
Richard Hansen ba370b0e05 PadMessageHandler: Don't trust user-provided `padId` 2022-02-23 16:11:21 -05:00
Richard Hansen bdbde88fed PadMessageHandler: Fix `USER_CHANGES` queue identifier 
`message.padId` is normally undefined for `USER_CHANGES` messages.
 2022-02-23 16:11:16 -05:00
Richard Hansen c59cbb537a Bump version 2022-02-23 16:10:47 -05:00
Richard Hansen 1513932ca1 plugins: Give each plugin a plugin-specific logger object 
This makes it possible for plugins to stop assuming that log4js is
available at `ep_etherpad-lite/node_modules/log4js`.
 2022-02-21 15:13:57 -05:00
Richard Hansen 2e0e872ae3 Pad: New `padDefaultContent` hook 2022-02-19 14:55:43 -05:00
Richard Hansen aa286b7dbd API: Add optional `authorId` param to mutation functions 2022-02-19 14:55:42 -05:00
Richard Hansen aec512d1fa Pad: Rename `author` context properties to `authorId` 2022-02-19 14:55:42 -05:00
Richard Hansen 2512593d4b docs: Group HTTP API changes 2022-02-19 14:25:51 -05:00
Richard Hansen 1e604add99 deps: Require Node.js 12.17.0 or later 
This makes it possible to use dynamic `import()`.
 2022-01-27 01:27:10 -05:00
Richard Hansen 692749d1cf express-session: Extend session lifetime if user is active 2022-01-17 21:45:56 -05:00
Richard Hansen 023e58cfe6 express-session: Set a finite cookie lifetime 2022-01-17 21:45:56 -05:00
Richard Hansen ec10700dff express-session: Don't save uninitialized sessions 
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
 2022-01-17 21:45:56 -05:00
Richard Hansen 945e6848e2 SessionStore: Delete DB record when session expires 
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
 2022-01-17 21:45:56 -05:00
Richard Hansen 02a56dc58c PadMessageHandler: Allow `handleMessageSecurity` to grant one-time write access 2021-12-21 17:23:56 -05:00
Richard Hansen 31b025bd9d PadMessageHandler: Pass session info to `handleMessageSecurity` hook 2021-12-21 17:23:56 -05:00
Richard Hansen 1b52c9f0c4 PadMessageHandler: Deprecate `client` context property 2021-12-21 17:23:56 -05:00
Richard Hansen f1856cf95a Docker: Use new `/health` endpoint for HEALTHCHECK 2021-12-21 17:19:56 -05:00
Richard Hansen 696f9c3367 specialpages: New `/health` endpoint for health checking 
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
 2021-12-21 17:19:56 -05:00
Richard Hansen 649fbdccf5 express: Move static handlers to `expressPreSession` 
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
 2021-12-20 20:08:19 -05:00
Richard Hansen 72f4ae444d express: New `expressPreSession` server-side hook 2021-12-20 20:08:19 -05:00
webzwo0i 8b73f2ee70 padurlsanitize: Don't crash if `sanitizePadId()` throws 
Let Express send a 500 status code to the user instead.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-18 18:47:01 -05:00