hedgedoc/docs/content/how-to/develop/frontend.md

# Frontend

## Environment Variables

The following environment variables are recognized by the frontend process.

| Name                     | Possible Values                                                                                                                  | Description                                                                                                                                                                                                       |
|--------------------------|----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| HD_BASE_URL              | Any URL with protocol, domain and optionally directory and port. Must end with a trailing slash. (e.g. `http://localhost:3001/`) | The URL under which the frontend is expected. Setting this is mandatory so the server side rendering can generate assets URLs. You only need to set this yourself if you use the production mode.                 |
| HD_RENDERER_BASE_URL     | Same as `HD_BASE_URL`                                                                                                            | You can provide this variable if the renderer should use another domain than the editor. This is recommended for security reasons but not mandatory. This variable is optional and will fallback to `HD_BASE_URL` |
| NEXT_PUBLIC_USE_MOCK_API | `true`, `false`                                                                                                                  | Will activate the mocked backend                                                                                                                                                                                  |
| NEXT_PUBLIC_TEST_MODE    | `true`, `false`                                                                                                                  | Will activate additional HTML attributes that are used to identify elements for test suits.                                                                                                                       |

Variables that start with `NEXT_PUBLIC_` will be compiled into the build. You can't change them
after compilation. You shouldn't need to set them yourself. Use the designated npm tasks instead.

## UI Test

Curious about the new look and feel? We provide a demo of the new UI on
[HedgeDoc.dev][hedgedoc-dev]. This version is reset every day, so data is not persisted.

Please see also our [privacy policy][privacy].

## Running Tests

### Unit

Unit testing is done via jest.

1. Run `yarn test`

### End2End

We use [cypress][cypress] for e2e tests.

1. Start the frontend with `yarn start:dev:test` (or use a test build using `yarn build:test`
   which you can start using `yarn start`). The usage of `:test` is mandatory!
2. Run `yarn test:e2e:open` to open the cypress test loader
3. Choose your browser and start a test suite

To run all tests in a headless browser use `yarn test:e2e`

### Bundle analysis

You can inspect the generated production-bundle files to look for optimization issues.

1. run `yarn analyze`. This will overwrite any existing builds!
2. Open the generated `.next/server/analyze/server.html` in your favourite browser

## Enable Debug Logging in Production

The debug logger can be enabled in production by setting `debugLogging` in the browser's
local storage to `true`. This can be done e.g. by executing this JavaScript command
in the browser's console.

```javascript
window.localStorage.setItem("debugLogging", "true");
```

[hedgedoc-dev]: https://hedgedoc.dev
[privacy]: https://hedgedoc.org/privacy-policy
[cypress]: https://cypress.io
docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			`# Frontend`
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
			`## Environment Variables`

			`The following environment variables are recognized by the frontend process.`

docs: Add frontend docs to navbar Signed-off-by: David Mehren <git@herrmehren.de> 2023-03-12 16:36:40 -04:00			`\| Name \| Possible Values \| Description \|`
enhancement(caddy): expose :8080 by default, trust private proxies This commit changes the caddyfile to not directly rely on the HD_BASE_URL environment variable, but instead default to port 8080 as used in our package.json scripts and docs. The caddy domain can optionally be overridden using the CADDY_HOST env variable. Furthermore, this change adds a section to trust reverse-proxies in front of Caddy if they are in a private range IP address network. Both these changes are required to be able to expose a local development setup with another domain than localhost to a co-developer. With this change it works without having Caddy trying to generate TLS certificates for that domain nor HedgeDoc erroring about a origin mismatch, that occurs as Caddy doesn't forward specific headers otherwise. Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2024-09-13 09:36:09 -04:00			`\|--------------------------\|----------------------------------------------------------------------------------------------------------------------------------\|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|`
docs: Add frontend docs to navbar Signed-off-by: David Mehren <git@herrmehren.de> 2023-03-12 16:36:40 -04:00			\| HD_BASE_URL \| Any URL with protocol, domain and optionally directory and port. Must end with a trailing slash. (e.g. `http://localhost:3001/`) \| The URL under which the frontend is expected. Setting this is mandatory so the server side rendering can generate assets URLs. You only need to set this yourself if you use the production mode. \|
docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			\| HD_RENDERER_BASE_URL \| Same as `HD_BASE_URL` \| You can provide this variable if the renderer should use another domain than the editor. This is recommended for security reasons but not mandatory. This variable is optional and will fallback to `HD_BASE_URL` \|
docs: Add frontend docs to navbar Signed-off-by: David Mehren <git@herrmehren.de> 2023-03-12 16:36:40 -04:00			\| NEXT_PUBLIC_USE_MOCK_API \| `true`, `false` \| Will activate the mocked backend \|
			\| NEXT_PUBLIC_TEST_MODE \| `true`, `false` \| Will activate additional HTML attributes that are used to identify elements for test suits. \|
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
docs: restructure documentation This rewrite follows the principles of https://diataxis.fr/ Co-authored-by: Erik Michelson <github@erik.michelson.eu> Signed-off-by: Philip Molares <philip.molares@udo.edu> Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2023-07-02 16:31:04 -04:00			Variables that start with `NEXT_PUBLIC_` will be compiled into the build. You can't change them
docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			`after compilation. You shouldn't need to set them yourself. Use the designated npm tasks instead.`
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
			`## UI Test`

docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			`Curious about the new look and feel? We provide a demo of the new UI on`
ci: remove netlify deployment workflow This workflow was used in an early stage of development of HedgeDoc 2. It allowed the core developers to quickly check fixes, improvements or new features to the HedgeDoc UI without the requirement to check-out the branch locally. As not every pull request required a deployment, this workflow was only triggered when the "ci: force deployment" label was added. Since some time already, the frontend and backend are so tightly coupled that the netfliy deployment doesn't make any sense anymore and therefore hasn't been used anymore. This commit therefore removes this leftover workflow. @RedYetiDev contacted us privately and reported that this deployment workflow could have been abused to invoke arbitrary commands, including extraction of environment variables which include our tokens for the turborepo build cache or the netlify deployment token. For this it would have been required that somebody created a "safe" pull request, which would have been labelled with the deployment label and then changed afterwards since the workflow checks out the pull request source repository, not the target. We assured that the label was only added to pull requests from trusted members of the HedgeDoc core team. There was never any malicious use of the workflow. Furthermore, no released versions of HedgeDoc (1.x) could have been affected by this, even in the worst-case scenario. We're thankful for putting this risk at our attention! If you too encounter something unusual regarding security in HedgeDoc itself or our toolchain around it, don't hesitate to contact us. Details on this are wriiten in our SECURITY.md in the root of the repository. Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2024-07-29 18:44:22 -04:00			`[HedgeDoc.dev][hedgedoc-dev]. This version is reset every day, so data is not persisted.`
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
ci: remove netlify deployment workflow This workflow was used in an early stage of development of HedgeDoc 2. It allowed the core developers to quickly check fixes, improvements or new features to the HedgeDoc UI without the requirement to check-out the branch locally. As not every pull request required a deployment, this workflow was only triggered when the "ci: force deployment" label was added. Since some time already, the frontend and backend are so tightly coupled that the netfliy deployment doesn't make any sense anymore and therefore hasn't been used anymore. This commit therefore removes this leftover workflow. @RedYetiDev contacted us privately and reported that this deployment workflow could have been abused to invoke arbitrary commands, including extraction of environment variables which include our tokens for the turborepo build cache or the netlify deployment token. For this it would have been required that somebody created a "safe" pull request, which would have been labelled with the deployment label and then changed afterwards since the workflow checks out the pull request source repository, not the target. We assured that the label was only added to pull requests from trusted members of the HedgeDoc core team. There was never any malicious use of the workflow. Furthermore, no released versions of HedgeDoc (1.x) could have been affected by this, even in the worst-case scenario. We're thankful for putting this risk at our attention! If you too encounter something unusual regarding security in HedgeDoc itself or our toolchain around it, don't hesitate to contact us. Details on this are wriiten in our SECURITY.md in the root of the repository. Signed-off-by: Erik Michelson <github@erik.michelson.eu> 2024-07-29 18:44:22 -04:00			`Please see also our [privacy policy][privacy].`
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
			`## Running Tests`

			`### Unit`

			`Unit testing is done via jest.`

			1. Run `yarn test`

			`### End2End`

docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			`We use [cypress][cypress] for e2e tests.`
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			1. Start the frontend with `yarn start:dev:test` (or use a test build using `yarn build:test`
			which you can start using `yarn start`). The usage of `:test` is mandatory!
doc: update e2e test script name Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com> 2024-01-17 05:13:51 -05:00			2. Run `yarn test:e2e:open` to open the cypress test loader
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00			`3. Choose your browser and start a test suite`

doc: update e2e test script name Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com> 2024-01-17 05:13:51 -05:00			To run all tests in a headless browser use `yarn test:e2e`
fix(docs): adjust frontend and reverse proxy docs Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> 2022-11-11 05:27:05 -05:00
			`### Bundle analysis`

			`You can inspect the generated production-bundle files to look for optimization issues.`

			1. run `yarn analyze`. This will overwrite any existing builds!
			2. Open the generated `.next/server/analyze/server.html` in your favourite browser
doc: Added documentation to enable debug logging in prod Signed-off-by: Juned Khan <junedkhanc101@gmail.com> 2023-07-02 06:52:37 -04:00
			`## Enable Debug Logging in Production`

docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			The debug logger can be enabled in production by setting `debugLogging` in the browser's
			local storage to `true`. This can be done e.g. by executing this JavaScript command
			`in the browser's console.`
doc: Added documentation to enable debug logging in prod Signed-off-by: Juned Khan <junedkhanc101@gmail.com> 2023-07-02 06:52:37 -04:00
			```javascript
docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00			`window.localStorage.setItem("debugLogging", "true");`
doc: Added documentation to enable debug logging in prod Signed-off-by: Juned Khan <junedkhanc101@gmail.com> 2023-07-02 06:52:37 -04:00			```
docs: run lint:fix Signed-off-by: Philip Molares <philip.molares@udo.edu> 2023-07-05 20:45:32 -04:00
			`[hedgedoc-dev]: https://hedgedoc.dev`
			`[privacy]: https://hedgedoc.org/privacy-policy`
			`[cypress]: https://cypress.io`