Merge branch 'master' into feature/addSecrets

Author: a60814billy

.babelrc

@@ -0,0 +1,8 @@
+{
+  "presets": [
+    "es2015"
+  ],
+  "plugins": [
+    "transform-runtime"
+  ]
+}

.eslintignore

@@ -0,0 +1 @@
+*.min.js

.eslintrc

@@ -16,7 +16,6 @@
         ],
         "array-callback-return": "error",
         "arrow-body-style": "error",
-        "arrow-parens": "error",
         "arrow-spacing": "error",
         "block-scoped-var": "off",
         "block-spacing": "error",
@@ -123,7 +122,7 @@
         "no-extend-native": "error",
         "no-extra-bind": "error",
         "no-extra-label": "error",
-        "no-extra-parens": "error",
+        "no-extra-parens": "warn",
         "no-floating-decimal": "error",
         "no-global-assign": "error",
         "no-implicit-coercion": "error",
@@ -195,7 +194,7 @@
         "no-unneeded-ternary": "error",
         "no-unsafe-negation": "error",
         "no-unused-expressions": "error",
-        "no-use-before-define": "error",
+        "no-use-before-define": "warn",
         "no-useless-call": "error",
         "no-useless-computed-key": "error",
         "no-useless-concat": "error",

.gitignore

@@ -18,7 +18,6 @@ backups/
 
 # ignore config files
 config.json
-public/js/config.js
 .sequelizerc
 
 # ignore webpack build

.travis.yml

@@ -0,0 +1,13 @@
+language: node_js
+node_js:
+  - 6
+  - 7
+  - stable
+env:
+  - CXX=g++-4.8
+addons:
+  apt:
+    sources:
+      - ubuntu-toolchain-r-test
+    packages:
+      - g++-4.8

README.md

@@ -1,7 +1,9 @@
 HackMD
 ===
 
-[![Join the chat at https://gitter.im/hackmdio/hackmd](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/hackmdio/hackmd?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Join the chat at https://gitter.im/hackmdio/hackmd][gitter-image]][gitter-url]
+[![build status][travis-image]][travis-url]
+
 
 HackMD lets you create realtime collaborative markdown notes on all platforms.  
 Inspired by Hackpad, with more focus on speed and flexibility.  
@@ -48,9 +50,9 @@ Browsers Requirement
 Prerequisite
 ---
 
-- Node.js 4.x or up (test up to 6.7.0)
+- Node.js 6.x or up (test up to 7.5.0)
 - Database (PostgreSQL, MySQL, MariaDB, SQLite, MSSQL) use charset `utf8`
-- npm
+- npm (and its dependencies, especially [uWebSockets](https://github.com/uWebSockets/uWebSockets#nodejs-developers), [node-gyp](https://github.com/nodejs/node-gyp#installation))
 
 Get started
 ---
@@ -59,7 +61,7 @@ Get started
 2. Enter the directory and type `bin/setup`, which will install npm dependencies and create configs. The setup script is written in Bash, you would need bash as a prerequisite.
 3. Setup the configs, see more below
 4. Setup environment variables which will overwrite the configs
-5. Build front-end bundle by `npm run build:prod` (use `npm run build:dev` if you are in development)
+5. Build front-end bundle by `npm run build` (use `npm run dev` if you are in development)
 6. Run the server as you like (node, forever, pm2)
 
 Upgrade guide
@@ -70,7 +72,7 @@ If you are upgrading HackMD from an older version, follow these steps:
 1. Fully stop your old server first (important)
 2. `git pull` or do whatever that updates the files
 3. `npm install` to update dependencies
-4. Build front-end bundle by `npm run build:prod` (use `npm run build:dev` if you are in development)
+4. Build front-end bundle by `npm run build` (use `npm run dev` if you are in development)
 5. Modify the file named `.sequelizerc`, change the value of the variable `url` with your db connection string
    For example: `postgres://username:password@localhost:5432/hackmd`
 6. Run `node_modules/.bin/sequelize db:migrate`, this step will migrate your db to the latest schema
@@ -97,19 +99,9 @@ Configuration files
 There are some configs you need to change in the files below
 
 ```
-./config.json			--- for server settings
-./public/js/config.js	--- for client settings
+./config.json      ----application settings
 ```
 
-Client settings `config.js`
----
-
-| variables | example values | description |
-| --------- | ------ | ----------- |
-| debug | `true` or `false` | set debug mode, show more logs |
-| domain | `localhost` | domain name |
-| urlpath | `hackmd` | sub url path, like: `www.example.com/<urlpath>` |
-
 Environment variables (will overwrite other server configs)
 ---
 
@@ -126,6 +118,7 @@ Environment variables (will overwrite other server configs)
 | HMD_USECDN | `true` or `false` | set to use CDN resources or not (default is `true`) |
 | HMD_ALLOW_ANONYMOUS | `true` or `false` | set to allow anonymous usage (default is `true`) |
 | HMD_ALLOW_FREEURL | `true` or `false` | set to allow new note by accessing not exist note url |
+| HMD_DEFAULT_PERMISSION | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) |
 | HMD_DB_URL | `mysql://localhost:3306/database` | set the db url |
 | HMD_FACEBOOK_CLIENTID | no example | Facebook API client id |
 | HMD_FACEBOOK_CLIENTSECRET | no example | Facebook API client secret |
@@ -140,15 +133,15 @@ Environment variables (will overwrite other server configs)
 | HMD_DROPBOX_CLIENTSECRET | no example | Dropbox API client secret |
 | HMD_GOOGLE_CLIENTID | no example | Google API client id |
 | HMD_GOOGLE_CLIENTSECRET | no example | Google API client secret |
-| HMD_LDAP_URL | ldap://example.com | url of LDAP server |
+| HMD_LDAP_URL | `ldap://example.com` | url of LDAP server |
 | HMD_LDAP_BINDDN | no example | bindDn for LDAP access |
 | HMD_LDAP_BINDCREDENTIALS | no example | bindCredentials for LDAP access |
-| HMD_LDAP_TOKENSECRET | supersecretkey | secret used for generating access/refresh tokens |
-| HMD_LDAP_SEARCHBASE | o=users,dc=example,dc=com | LDAP directory to begin search from |
-| HMD_LDAP_SEARCHFILTER | (uid={{username}}) | LDAP filter to search with |
+| HMD_LDAP_TOKENSECRET | `supersecretkey` | secret used for generating access/refresh tokens |
+| HMD_LDAP_SEARCHBASE | `o=users,dc=example,dc=com` | LDAP directory to begin search from |
+| HMD_LDAP_SEARCHFILTER | `(uid={{username}})` | LDAP filter to search with |
 | HMD_LDAP_SEARCHATTRIBUTES | no example | LDAP attributes to search with |
-| HMD_LDAP_TLS_CA | no example | Root CA for LDAP TLS in PEM format |
-| HMD_LDAP_PROVIDERNAME | My institution | Optional name to be displayed at login form indicating the LDAP provider | 
+| HMD_LDAP_TLS_CA | `server-cert.pem, root.pem` | Root CA for LDAP TLS in PEM format (use comma to separate) |
+| HMD_LDAP_PROVIDERNAME | `My institution` | Optional name to be displayed at login form indicating the LDAP provider | 
 | HMD_IMGUR_CLIENTID | no example | Imgur API client id |
 | HMD_EMAIL | `true` or `false` | set to allow email signin |
 | HMD_ALLOW_EMAIL_REGISTER | `true` or `false` | set to allow email register (only applied when email is set, default is `true`) |
@@ -158,7 +151,7 @@ Environment variables (will overwrite other server configs)
 | HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
 | HMD_S3_BUCKET | no example | AWS S3 bucket name |
 
-Server settings `config.json`
+Application settings `config.json`
 ---
 
 | variables | example values | description |
@@ -174,6 +167,7 @@ Server settings `config.json`
 | usecdn | `true` or `false` | set to use CDN resources or not (default is `true`) |
 | allowanonymous | `true` or `false` | set to allow anonymous usage (default is `true`) |
 | allowfreeurl | `true` or `false` | set to allow new note by accessing not exist note url |
+| defaultpermission | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) |
 | dburl | `mysql://localhost:3306/database` | set the db url, if set this variable then below db config won't be applied |
 | db | `{ "dialect": "sqlite", "storage": "./db.hackmd.sqlite" }` | set the db configs, [see more here](http://sequelize.readthedocs.org/en/latest/api/sequelize/) |
 | sslkeypath | `./cert/client.key` | ssl key path (only need when you set usessl) |
@@ -207,7 +201,7 @@ Third-party integration api key settings
 | ------- | --------- | ----------- |
 | facebook, twitter, github, gitlab, dropbox, google, ldap | environment variables or `config.json` | for signin |
 | imgur | environment variables or `config.json` | for image upload |
-| google drive, dropbox | `public/js/config.js` | for export and import |
+| google drive(`google/apiKey`, `google/clientID`), dropbox(`dropbox/appKey`) | `config.json` | for export and import |
 
 Third-party integration oauth callback urls
 ---
@@ -230,3 +224,7 @@ Additionally, now can show other clients' selections.
 See more at [http://operational-transformation.github.io/](http://operational-transformation.github.io/)
 
 **License under MIT.**
+[gitter-image]: https://badges.gitter.im/Join%20Chat.svg
+[gitter-url]: https://gitter.im/hackmdio/hackmd?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
+[travis-image]: https://travis-ci.org/hackmdio/hackmd.svg?branch=master
+[travis-url]: https://travis-ci.org/hackmdio/hackmd

app.js

@@ -26,7 +26,6 @@ var validator = require('validator');
 var config = require("./lib/config.js");
 var logger = require("./lib/logger.js");
 var auth = require("./lib/auth.js");
-var history = require("./lib/history.js");
 var response = require("./lib/response.js");
 var models = require("./lib/models");
 
@@ -443,6 +442,7 @@ app.get('/logout', function (req, res) {
     req.logout();
     res.redirect(config.serverurl + '/');
 });
+var history = require("./lib/history.js");
 //get history
 app.get('/history', history.historyGet);
 //post history
@@ -502,7 +502,7 @@ app.post('/uploadimage', function (req, res) {
                 switch (config.imageUploadType) {
                 case 'filesystem':
                     res.send({
-                        link: url.resolve(config.serverurl, files.image.path.match(/^public(.+$)/)[1])
+                        link: url.resolve(config.serverurl + '/', files.image.path.match(/^public\/(.+$)/)[1])
                     });
 
                     break;
@@ -608,7 +608,7 @@ function startListen() {
 // sync db then start listen
 models.sequelize.sync().then(function () {
     // check if realtime is ready
-    if (history.isReady() && realtime.isReady()) {
+    if (realtime.isReady()) {
         models.Revision.checkAllNotesRevision(function (err, notes) {
             if (err) throw new Error(err);
             if (!notes || notes.length <= 0) return startListen();
@@ -639,7 +639,7 @@ function handleTermSignals() {
         }, 0);
     });
     var checkCleanTimer = setInterval(function () {
-        if (history.isReady() && realtime.isReady()) {
+        if (realtime.isReady()) {
             models.Revision.checkAllNotesRevision(function (err, notes) {
                 if (err) return logger.error(err);
                 if (!notes || notes.length <= 0) {

bin/heroku

@@ -28,8 +28,6 @@ EOF
 
 EOF
 
-  cp public/js/config.js.example public/js/config.js
-
   # build app
-  npm run build:prod
+  npm run build
 fi

bin/setup

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 # run command at repo root
 CURRENT_PATH=$PWD
 if [ -d .git ]; then
@@ -21,10 +23,6 @@ if [ ! -f config.json ]; then
   cp config.json.example config.json
 fi
 
-if [ ! -f publis/js/config.js ]; then
-  cp public/js/config.js.example public/js/config.js
-fi
-
 if [ ! -f .sequelizerc ]; then
   cp .sequelizerc.example .sequelizerc
 fi

config.json.example

@@ -2,18 +2,13 @@
     "test": {
         "db": {
             "dialect": "sqlite",
-            "storage": "./db.hackmd.sqlite"
+            "storage": ":memory:"
         }
     },
     "development": {
-        "domain": "localhost",
         "db": {
-            "username": "",
-            "password": "",
-            "database": "hackmd",
-            "host": "localhost",
-            "port": "3306",
-            "dialect": "mysql"
+            "dialect": "sqlite",
+            "storage": "./db.hackmd.sqlite"
         }
     },
     "production": {
@@ -45,11 +40,13 @@
         },
         "dropbox": {
             "clientID": "change this",
-            "clientSecret": "change this"
+            "clientSecret": "change this",
+            "appKey": "change this"
         },
         "google": {
             "clientID": "change this",
-            "clientSecret": "change this"
+            "clientSecret": "change this",
+            "apiKey": "change this"
         },
         "ldap": {
             "url": "ldap://change_this",