diff --git a/.flowconfig b/.flowconfig new file mode 100644 index 000000000..4a58bdcde --- /dev/null +++ b/.flowconfig @@ -0,0 +1,7 @@ +[ignore] + +[include] + +[libs] + +[options] diff --git a/.gitignore b/.gitignore index 996e55b97..139fab33c 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,5 @@ www/scratch data npm-debug.log pins/ +blob/ +privileged.conf diff --git a/.jshintignore b/.jshintignore index ae60d4ba0..919395546 100644 --- a/.jshintignore +++ b/.jshintignore @@ -9,4 +9,7 @@ server.js NetFluxWebsocketSrv.js NetFluxWebsocketServer.js WebRTCSrv.js +www/common/media-tag.js +www/scratch +www/common/toolbar.js diff --git a/.jshintrc b/.jshintrc index c55ec0518..4928c524d 100644 --- a/.jshintrc +++ b/.jshintrc @@ -10,7 +10,7 @@ "notypeof": true, "shadow": false, "undef": true, - "unused": false, + "unused": true, "futurehostile":true, "browser": true, "predef": [ diff --git a/.travis.yml b/.travis.yml index 24288c6f2..4160b8719 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,7 @@ node_js: - "6.6.0" before_script: - npm run-script lint - - cp config.js.dist config.js + - cp config.example.js config.js - npm install bower - ./node_modules/bower/bin/bower install - node ./server.js & diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index b1d2515f1..0d1d94873 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -76,7 +76,7 @@ Chainpad can handle out of order messages, but it performs best when its message By architecting your system such that all clients send to a server which then relays to other clients, you guarantee that a particular chain of patches is consistent between the participants of your session. Cryptpad is capable of using a variety of data stores. -Which data store your instance employs can be [easily configured](https://github.com/xwiki-labs/cryptpad/blob/master/config.js.dist). +Which data store your instance employs can be [easily configured](https://github.com/xwiki-labs/cryptpad/blob/master/config.example.js). You simply need to write an adaptor which conforms to a simple API. The documentation for writing such an adaptor, and the complete list of implemented adaptors, is available [here](https://github.com/xwiki-labs/cryptpad/tree/master/storage). @@ -243,5 +243,3 @@ A session could still have difficulty with very large chains, however, in practi ## Conclusion - - diff --git a/config.js.dist b/config.example.js similarity index 66% rename from config.js.dist rename to config.example.js index 6ef7267c1..fe3f2fb91 100644 --- a/config.js.dist +++ b/config.example.js @@ -1,3 +1,4 @@ +/*@flow*/ /* globals module */ @@ -38,10 +39,10 @@ module.exports = { if you are deploying to production, you'll probably want to remove the ws://* directive, and change '*' to your domain */ - "connect-src 'self' ws://* wss://*", + "connect-src 'self' ws: wss:", // data: is used by codemirror - "img-src 'self' data:", + "img-src 'self' data: blob:", ].join('; '), // CKEditor requires significantly more lax content security policy in order to function. @@ -58,7 +59,7 @@ module.exports = { "child-src 'self' *", // see the comment above in the 'contentSecurity' section - "connect-src 'self' ws://* wss://*", + "connect-src 'self' ws: wss:", // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads "img-src *", @@ -115,6 +116,12 @@ module.exports = { 'contact', ], + /* Domain + * If you want to have enable payments on your CryptPad instance, it has to be able to tell + * our account server what is your domain + */ + // domain: 'https://cryptpad.fr', + /* You have the option of specifying an alternative storage adaptor. These status of these alternatives are specified in their READMEs, @@ -140,6 +147,23 @@ module.exports = { */ filePath: './datastore/', + /* CryptPad allows logged in users to request that particular documents be + * stored by the server indefinitely. This is called 'pinning'. + * Pin requests are stored in a pin-store. The location of this store is + * defined here. + */ + pinPath: './pins', + + /* CryptPad allows logged in users to upload encrypted files. Files/blobs + * are stored in a 'blob-store'. Set its location here. + */ + blobPath: './blob', + + /* CryptPad stores incomplete blobs in a 'staging' area until they are + * fully uploaded. Set its location here. + */ + blobStagingPath: './blobstage', + /* Cryptpad's file storage adaptor closes unused files after a configurale * number of milliseconds (default 30000 (30 seconds)) */ @@ -162,6 +186,52 @@ module.exports = { */ suppressRPCErrors: false, + + /* WARNING: EXPERIMENTAL + * + * CryptPad features experimental support for encrypted file upload. + * Our encryption format is still liable to change. As such, we do not + * guarantee that files uploaded now will be supported in the future + */ + + /* Setting this value to anything other than true will cause file upload + * attempts to be rejected outright. + */ + enableUploads: false, + + /* If you have enabled file upload, you have the option of restricting it + * to a list of users identified by their public keys. If this value is set + * to true, your server will query a file (cryptpad/privileged.conf) when + * users connect via RPC. Only users whose public keys can be found within + * the file will be allowed to upload. + * + * privileged.conf uses '#' for line comments, and splits keys by newline. + * This is a temporary measure until a better quota system is in place. + * registered users' public keys can be found on the settings page. + */ + //restrictUploads: false, + + /* Default user storage limit (bytes) + * if you don't want to limit users, + * you can set this to the size of your hard disk + */ + defaultStorageLimit: 50 * 1024 * 1024, + + /* Max Upload Size (bytes) + * this sets the maximum size of any one file uploaded to the server. + * anything larger than this size will be rejected + */ + maxUploadSize: 20 * 1024 * 1024, + + /* clients can use the /settings/ app to opt out of usage feedback + * which informs the server of things like how much each app is being + * used, and whether certain clientside features are supported by + * the client's browser. The intent is to provide feedback to the admin + * such that the service can be improved. Enable this with `true` + * and ignore feedback with `false` or by commenting the attribute + */ + //logFeedback: true, + /* it is recommended that you serve cryptpad over https * the filepaths below are used to configure your certificates */ diff --git a/container-start.sh b/container-start.sh index 89f3be1f1..2aa4ae10f 100755 --- a/container-start.sh +++ b/container-start.sh @@ -4,12 +4,12 @@ mkdir -p customize [ -z "$(ls -A customize)" ] && echo "Creating customize folder" \ && cp -R customize.dist/* customize/ \ - && cp config.js.dist customize/config.js + && cp config.example.js customize/config.js -# Linking config.js +# Linking config.js [ ! -h config.js ] && echo "Linking config.js" && ln -s customize/config.js config.js -# Configure +# Configure [ -n "$USE_SSL" ] && echo "Using secure websockets: $USE_SSL" \ && sed -i "s/useSecureWebsockets: .*/useSecureWebsockets: ${USE_SSL},/g" customize/config.js diff --git a/customize.dist/about.html b/customize.dist/about.html index f3e87dd25..954a3fb6f 100644 --- a/customize.dist/about.html +++ b/customize.dist/about.html @@ -8,7 +8,6 @@ - @@ -107,7 +106,7 @@
- +