- Adds `/health` as a public facing healthcheck endpoint.
- `/api/health` is meant for internal healthchecks. This endpoint in
future can serve sensitive information about Listmonk *or* can be
deprecated if there's not enough usecase.
Closes https://github.com/knadh/listmonk/issues/380
I have tried changing them as best as I could.
I found that in english there is about AWS written something about access key and secret key but
AWS tells on their page about `Access keys (access key ID and secret access key) `
https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
Should the access key mean ID and the second secret access key?
This commit disables the automatic upe check thappens immediately
on boot, giving users an opportunity disable it from the settings UI
before any remote requests are initiated. Tupdate checks happen
every 24 houfter boot.
Ref: #326
While file content (MIME) check already existed, the lack of file
extension check allowed arbitrary extensions to be uploaded and
then accessed via the static file server. For instance, a .html file
with JPG content intersperesed with Javascript.
This commit adds a file extension check on top of the MIME type check.
This commit processes log lis and renders them as different fields
removing the use of <pre> and also `v-html` which renders HTML strings
from log lines.
- Vue 2.6 introduces "v-slot" which Buefy 0.9.7 uses.
- Refactor all `<b-table>` and `<b-column>` instances to work with the
new `v-slot` snytax.
- Refactor `<b-column>` <td> and class attributes to work wit hthe new
syntax.
- Fix Buefy scss setup to work with the update.
- Fix sidebar responsive view to work with the update.
Campaign messages are handled by `manager` whereas test messages
were being pushed directly into a messenger skipping some campaign
related routines such as the addition of list unsub headers.
This commit exposes a new function `manager.PushCampaignMessage()`
that accepts arbitrary campaign messages that then pass through
the standard campaign message workers, thus getting the missing unsub
headers. This closes#360.
In addition, this removes the superfluous `CampaignMessage.Render()`
function which had to be mandatorily called always and makes it
implicit in `manager.NewCampaignMessage()`.
When no static assets are found on init, i.e., when a binary without
stuffbin assets are loaded, the app looks for all necessary static
files in the working dir, including the `./static/*` path which renders
the `--static-dir` flag irrelevant.
This patch gives `--static-dir`, if set, precedence over `./static/*`
when loading assets from the working dir when a binary is not stuffed
with static files.
Closes#340.
The buefy toast component does not sanitize HTML leaving it open
to XSS. This patch centralised all toast calls in the app to a util
function which sanitizes HTML strings before passing to toast().
Closes#357.
Previously, converting between formats simply copied over raw content.
This update does actual conversion between different formats. While
lossy, this seems to a good enough approximation for even reasonbly
rich HTML content. Closes#348.
- richtext, html => plain
Strips HTML and converts content to plain text.
- richtext, html => markdown
Uses turndown (JS) lib to convert HTML to Markdown.
- plain => richtext, html
Converts line breaks in plain text to HTML breaks.
- richtext => html
"Beautifies" the HTML generated by the WYSIWYG editor unlike the
earlier behaviour of dumping one long line of HTML.
- markdown => richtext, html
Makes an API call to the backend to use the Goldmark lib to convert
Markdown to HTML.
This is a small safety precaution to make sure the out of the box
configuration is not world routeable. Bringing this up on a public
interface with a connected database could be a security concern. Any
sysadmin worth their salt is going to test offline or by binding to
localhost only first anyway, but this gets them started on the right
foot and makes sure people don't make mistakes.
Also with the high likelihood that a proxy is going to be used for HTTPS
termination anyway, the decision to move to a public IP should be more
deliberate.
Using localhost instead of some random string is much more likely to
actually work out of the box. Also it's a lot easier for a sysamdmin to
'scan' for things that need changing.