github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-03-15 08:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

FrontendConfig: Add new service

Browse source 
This service handles the config for the frontend.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-03-01 21:16:01 +01:00
parent c4161cec98
commit e471342497
5 changed files with 833 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/app.module.ts
View file

@ -76,8 +76,9 @@ const routes: Routes = [
LoggerModule, LoggerModule,
MediaModule, MediaModule,
AuthModule, AuthModule,
FrontendConfigModule,
], ],
controllers: [], controllers: [],
providers: [], providers: [FrontendConfigService],
}) })
export class AppModule {} export class AppModule {}

280
src/frontend-config/frontend-config.dto.ts Normal file
View file

@ -0,0 +1,280 @@
/*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import {
IsArray,
IsBoolean,
IsDate,
IsNumber,
IsOptional,
IsString,
IsUrl,
ValidateNested,
} from 'class-validator';
import { ServerVersion } from '../monitoring/server-status.dto';
export class AuthProviders {
/**
* Is Facebook available as a auth provider?
*/
@IsBoolean()
facebook: boolean;
/**
* Is GitHub available as a auth provider?
*/
@IsBoolean()
github: boolean;
/**
* Is Twitter available as a auth provider?
*/
@IsBoolean()
twitter: boolean;
/**
* Is at least one GitLab server available as a auth provider?
*/
@IsBoolean()
gitlab: boolean;
/**
* Is DropBox available as a auth provider?
*/
@IsBoolean()
dropbox: boolean;
/**
* Is at least one LDAP server available as a auth provider?
*/
@IsBoolean()
ldap: boolean;
/**
* Is Google available as a auth provider?
*/
@IsBoolean()
google: boolean;
/**
* Is at least one SAML provider available as a auth provider?
*/
@IsBoolean()
saml: boolean;
/**
* Is at least one OAuth2 provider available as a auth provider?
*/
@IsBoolean()
oauth2: boolean;
/**
* Is internal auth available?
*/
@IsBoolean()
internal: boolean;
}
export class BannerDto {
/**
* The text that is shown in the banner
* @example This is a test banner
*/
@IsString()
text: string;
/**
* When the banner was last changed
* @example "2020-12-01 12:23:34"
*/
@IsDate()
updateTime: Date;
}
export class BrandingDto {
/**
* The name to be displayed next to the HedgeDoc logo
* @example ACME Corp
*/
@IsString()
@IsOptional()
name: string;
/**
* The logo to be displayed next to the HedgeDoc logo
* @example https://md.example.com/logo.png
*/
@IsUrl()
@IsOptional()
logo: URL;
}
export class CustomAuthEntry {
/**
* The identifier with which the auth provider can be called
* @example gitlab
*/
@IsString()
identifier: string;
/**
* The name given to the auth provider
* @example GitLab
*/
@IsString()
providerName: string;
}
export class CustomAuthNamesDto {
/**
* All configured GitLab server
*/
@IsArray()
@ValidateNested({ each: true })
gitlab: CustomAuthEntry[];
/**
* All configured LDAP server
*/
@IsArray()
@ValidateNested({ each: true })
ldap: CustomAuthEntry[];
/**
* All configured OAuth2 provider
*/
@IsArray()
@ValidateNested({ each: true })
oauth2: CustomAuthEntry[];
/**
* All configured SAML provider
*/
@IsArray()
@ValidateNested({ each: true })
saml: CustomAuthEntry[];
}
export class SpecialUrlsDto {
/**
* A link to the privacy notice
* @example https://md.example.com/n/privacy
*/
@IsUrl()
@IsOptional()
privacy: URL;
/**
* A link to the terms of use
* @example https://md.example.com/n/termsOfUse
*/
@IsUrl()
@IsOptional()
termsOfUse: URL;
/**
* A link to the imprint
* @example https://md.example.com/n/imprint
*/
@IsUrl()
@IsOptional()
imprint: URL;
}
export class IframeCommunicationDto {
/**
* The origin under which the editor page will be served
* @example https://md.example.com
*/
@IsUrl()
@IsOptional()
editorOrigin: URL;
/**
* The origin under which the renderer page will be served
* @example https://md-renderer.example.com
*/
@IsUrl()
@IsOptional()
rendererOrigin: URL;
}
export class FrontendConfigDto {
/**
* Is anonymous usage of the instance allowed?
*/
@IsBoolean()
allowAnonymous: boolean;
/**
* Are users allowed to register on this instance?
*/
@IsBoolean()
allowRegister: boolean;
/**
* Which auth providers are available?
*/
@ValidateNested()
authProviders: AuthProviders;
/**
* Individual branding information
*/
@ValidateNested()
branding: BrandingDto;
/**
* An optional banner that will be shown
*/
@ValidateNested()
banner: BannerDto;
/**
* The custom names of auth providers, which can be specified multiple times
*/
@ValidateNested()
customAuthNames: CustomAuthNamesDto;
/**
* Is an image proxy enabled?
*/
@IsBoolean()
useImageProxy: boolean;
/**
* Links to some special pages
*/
@ValidateNested()
specialUrls: SpecialUrlsDto;
/**
* The version of HedgeDoc
*/
@ValidateNested()
version: ServerVersion;
/**
* The plantUML server that should be used to render.
*/
@IsUrl()
@IsOptional()
plantUmlServer: URL;
/**
* The maximal length of each document
*/
@IsNumber()
maxDocumentLength: number;
/**
* The frontend capsules the markdown rendering into a secured iframe, to increase the security. The browser will treat the iframe target as cross-origin even if they are on the same domain.
* You can go even one step further and serve the editor and the renderer on different (sub)domains to eliminate even more attack vectors by making sessions, cookies, etc. not available for the renderer, because they aren't set on the renderer origin.
* However, The editor and the renderer need to know the other's origin to communicate with each other, even if they are the same.
*/
@ValidateNested()
iframeCommunication: IframeCommunicationDto;
}

17
src/frontend-config/frontend-config.module.ts Normal file
View file

@ -0,0 +1,17 @@
/*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Module } from '@nestjs/common';
import { LoggerModule } from '../logger/logger.module';
import { ConfigModule } from '@nestjs/config';
import { FrontendConfigService } from './frontend-config.service';
@Module({
imports: [LoggerModule, ConfigModule],
providers: [FrontendConfigService],
exports: [FrontendConfigService],
})
export class FrontendConfigModule {}

374
src/frontend-config/frontend-config.service.spec.ts Normal file
View file

@ -0,0 +1,374 @@
/*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Test, TestingModule } from '@nestjs/testing';
import { FrontendConfigService } from './frontend-config.service';
import { ConfigModule, registerAs } from '@nestjs/config';
import { LoggerModule } from '../logger/logger.module';
import { AuthConfig } from '../config/auth.config';
import { GitlabScope, GitlabVersion } from '../config/gitlab.enum';
import { getServerVersionFromPackageJson } from '../utils/serverVersion';
import { CustomizationConfig } from '../config/customization.config';
import { AppConfig } from '../config/app.config';
import { ExternalServicesConfig } from '../config/external-services.config';
import { Loglevel } from '../config/loglevel.enum';
describe('FrontendConfigService', () => {
const emptyAuthConfig: AuthConfig = {
email: {
enableLogin: false,
enableRegister: false,
},
facebook: {
clientID: undefined,
clientSecret: undefined,
},
twitter: {
consumerKey: undefined,
consumerSecret: undefined,
},
github: {
clientID: undefined,
clientSecret: undefined,
},
dropbox: {
clientID: undefined,
clientSecret: undefined,
appKey: undefined,
},
google: {
clientID: undefined,
clientSecret: undefined,
apiKey: undefined,
},
gitlab: [],
ldap: [],
saml: [],
oauth2: [],
};
const facebook: AuthConfig['facebook'] = {
clientID: 'facebookTestId',
clientSecret: 'facebookTestSecret',
};
const twitter: AuthConfig['twitter'] = {
consumerKey: 'twitterTestId',
consumerSecret: 'twitterTestSecret',
};
const github: AuthConfig['github'] = {
clientID: 'githubTestId',
clientSecret: 'githubTestSecret',
};
const dropbox: AuthConfig['dropbox'] = {
clientID: 'dropboxTestId',
clientSecret: 'dropboxTestSecret',
appKey: 'dropboxTestKey',
};
const google: AuthConfig['google'] = {
clientID: 'googleTestId',
clientSecret: 'googleTestSecret',
apiKey: 'googleTestKey',
};
const gitlab: AuthConfig['gitlab'] = [
{
identifier: 'gitlabTestIdentifier',
providerName: 'gitlabTestName',
baseURL: 'gitlabTestUrl',
clientID: 'gitlabTestId',
clientSecret: 'gitlabTestSecret',
scope: GitlabScope.API,
version: GitlabVersion.V4,
},
];
const ldap: AuthConfig['ldap'] = [
{
identifier: 'ldapTestIdentifier',
providerName: 'ldapTestName',
url: 'ldapTestUrl',
bindDn: 'ldapTestBindDn',
bindCredentials: 'ldapTestBindCredentials',
searchBase: 'ldapTestSearchBase',
searchFilter: 'ldapTestSearchFilter',
searchAttributes: ['ldapTestSearchAttribute'],
usernameField: 'ldapTestUsername',
useridField: 'ldapTestUserId',
tlsCa: ['ldapTestTlsCa'],
},
];
const saml: AuthConfig['saml'] = [
{
identifier: 'samlTestIdentifier',
providerName: 'samlTestName',
idpSsoUrl: 'samlTestUrl',
idpCert: 'samlTestCert',
clientCert: 'samlTestClientCert',
issuer: 'samlTestIssuer',
identifierFormat: 'samlTestUrl',
disableRequestedAuthnContext: 'samlTestUrl',
groupAttribute: 'samlTestUrl',
requiredGroups: ['samlTestUrl'],
externalGroups: 'samlTestUrl',
attribute: {
id: 'samlTestUrl',
username: 'samlTestUrl',
email: 'samlTestUrl',
},
},
];
const oauth2: AuthConfig['oauth2'] = [
{
identifier: 'oauth2Testidentifier',
providerName: 'oauth2TestName',
baseURL: 'oauth2TestUrl',
userProfileURL: 'oauth2TestProfileUrl',
userProfileIdAttr: 'oauth2TestProfileId',
userProfileUsernameAttr: 'oauth2TestProfileUsername',
userProfileDisplayNameAttr: 'oauth2TestProfileDisplay',
userProfileEmailAttr: 'oauth2TestProfileEmail',
tokenURL: 'oauth2TestTokenUrl',
authorizationURL: 'oauth2TestAuthUrl',
clientID: 'oauth2TestId',
clientSecret: 'oauth2TestSecret',
scope: 'oauth2TestScope',
rolesClaim: 'oauth2TestRoles',
accessRole: 'oauth2TestAccess',
},
];
let index = 1;
for (const renderOrigin of [undefined, 'http://md-renderer.example.com']) {
for (const maxDocumentLength of [100000, 900]) {
for (const enableLogin of [true, false]) {
for (const enableRegister of [true, false]) {
for (const authConfigConfigured of [
facebook,
twitter,
github,
dropbox,
google,
gitlab,
ldap,
saml,
oauth2,
]) {
for (const customName of [undefined, 'Test Branding Name']) {
for (const customLogo of [
undefined,
'https://example.com/logo.png',
]) {
for (const privacyLink of [
undefined,
'https://example.com/privacy',
]) {
for (const termsOfUseLink of [
undefined,
'https://example.com/terms',
]) {
for (const imprintLink of [
undefined,
'https://example.com/imprint',
]) {
for (const plantUmlServer of [
undefined,
'https://plantuml.example.com',
]) {
for (const imageProxy of [
undefined,
'https://imageProxy.example.com',
]) {
it(`combination #${index} works`, async () => {
const appConfig: AppConfig = {
domain: 'http://md.example.com',
rendererOrigin: renderOrigin,
port: 3000,
loglevel: Loglevel.ERROR,
forbiddenNoteIds: [],
maxDocumentLength: maxDocumentLength,
};
const authConfig: AuthConfig = {
...emptyAuthConfig,
email: {
enableLogin,
enableRegister,
},
...authConfigConfigured,
};
const customizationConfig: CustomizationConfig = {
branding: {
customName: customName,
customLogo: customLogo,
},
specialUrls: {
privacy: privacyLink,
termsOfUse: termsOfUseLink,
imprint: imprintLink,
},
};
const externalServicesConfig: ExternalServicesConfig = {
plantUmlServer: plantUmlServer,
imageProxy: imageProxy,
};
const module: TestingModule = await Test.createTestingModule(
{
imports: [
ConfigModule.forRoot({
isGlobal: true,
load: [
registerAs('appConfig', () => appConfig),
registerAs(
'authConfig',
() => authConfig,
),
registerAs(
'customizationConfig',
() => customizationConfig,
),
registerAs(
'externalServicesConfig',
() => externalServicesConfig,
),
],
}),
LoggerModule,
],
providers: [FrontendConfigService],
},
).compile();
const service = module.get(FrontendConfigService);
const config = await service.getFrontendConfig();
expect(config.allowRegister).toEqual(
enableRegister,
);
expect(config.authProviders.dropbox).toEqual(
!!authConfig.dropbox.clientID,
);
expect(config.authProviders.facebook).toEqual(
!!authConfig.facebook.clientID,
);
expect(config.authProviders.github).toEqual(
!!authConfig.github.clientID,
);
expect(config.authProviders.google).toEqual(
!!authConfig.google.clientID,
);
expect(config.authProviders.internal).toEqual(
enableLogin,
);
expect(config.authProviders.twitter).toEqual(
!!authConfig.twitter.consumerKey,
);
expect(config.authProviders.gitlab).toEqual(
authConfig.gitlab.length !== 0,
);
expect(config.authProviders.ldap).toEqual(
authConfig.ldap.length !== 0,
);
expect(config.authProviders.saml).toEqual(
authConfig.saml.length !== 0,
);
expect(config.authProviders.oauth2).toEqual(
authConfig.oauth2.length !== 0,
);
expect(config.allowAnonymous).toEqual(false);
expect(config.banner.text).toEqual('');
expect(config.banner.updateTime).toEqual(
new Date(0),
);
expect(config.branding.name).toEqual(customName);
expect(config.branding.logo).toEqual(
customLogo ? new URL(customLogo) : undefined,
);
expect(
config.customAuthNames.gitlab.length,
).toEqual(authConfig.gitlab.length);
if (config.customAuthNames.gitlab.length === 1) {
expect(
config.customAuthNames.gitlab[0].identifier,
).toEqual(authConfig.gitlab[0].identifier);
expect(
config.customAuthNames.gitlab[0].providerName,
).toEqual(authConfig.gitlab[0].providerName);
}
expect(config.customAuthNames.ldap.length).toEqual(
authConfig.ldap.length,
);
if (config.customAuthNames.ldap.length === 1) {
expect(
config.customAuthNames.ldap[0].identifier,
).toEqual(authConfig.ldap[0].identifier);
expect(
config.customAuthNames.ldap[0].providerName,
).toEqual(authConfig.ldap[0].providerName);
}
expect(config.customAuthNames.saml.length).toEqual(
authConfig.saml.length,
);
if (config.customAuthNames.saml.length === 1) {
expect(
config.customAuthNames.saml[0].identifier,
).toEqual(authConfig.saml[0].identifier);
expect(
config.customAuthNames.saml[0].providerName,
).toEqual(authConfig.saml[0].providerName);
}
expect(
config.customAuthNames.oauth2.length,
).toEqual(authConfig.oauth2.length);
if (config.customAuthNames.oauth2.length === 1) {
expect(
config.customAuthNames.oauth2[0].identifier,
).toEqual(authConfig.oauth2[0].identifier);
expect(
config.customAuthNames.oauth2[0].providerName,
).toEqual(authConfig.oauth2[0].providerName);
}
expect(
config.iframeCommunication.editorOrigin,
).toEqual(new URL(appConfig.domain));
expect(
config.iframeCommunication.rendererOrigin,
).toEqual(
appConfig.rendererOrigin
? new URL(appConfig.rendererOrigin)
: new URL(appConfig.domain),
);
expect(config.maxDocumentLength).toEqual(
maxDocumentLength,
);
expect(config.plantUmlServer).toEqual(
plantUmlServer
? new URL(plantUmlServer)
: undefined,
);
expect(config.specialUrls.imprint).toEqual(
imprintLink ? new URL(imprintLink) : undefined,
);
expect(config.specialUrls.privacy).toEqual(
privacyLink ? new URL(privacyLink) : undefined,
);
expect(config.specialUrls.termsOfUse).toEqual(
termsOfUseLink
? new URL(termsOfUseLink)
: undefined,
);
expect(config.useImageProxy).toEqual(!!imageProxy);
expect(config.version).toEqual(
await getServerVersionFromPackageJson(),
);
});
index += 1;
}
}
}
}
}
}
}
}
}
}
}
}
});

160
src/frontend-config/frontend-config.service.ts Normal file
View file

@ -0,0 +1,160 @@
/*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Inject, Injectable } from '@nestjs/common';
import { ConsoleLoggerService } from '../logger/console-logger.service';
import {
AuthProviders,
BannerDto,
BrandingDto,
CustomAuthNamesDto,
FrontendConfigDto,
IframeCommunicationDto,
SpecialUrlsDto,
} from './frontend-config.dto';
import authConfiguration, { AuthConfig } from '../config/auth.config';
import customizationConfiguration, {
CustomizationConfig,
} from '../config/customization.config';
import appConfiguration, { AppConfig } from '../config/app.config';
import externalServicesConfiguration, {
ExternalServicesConfig,
} from '../config/external-services.config';
import { getServerVersionFromPackageJson } from '../utils/serverVersion';
import { promises as fs, Stats } from 'fs';
import { join } from 'path';
@Injectable()
export class FrontendConfigService {
constructor(
private readonly logger: ConsoleLoggerService,
@Inject(appConfiguration.KEY)
private appConfig: AppConfig,
@Inject(authConfiguration.KEY)
private authConfig: AuthConfig,
@Inject(customizationConfiguration.KEY)
private customizationConfig: CustomizationConfig,
@Inject(externalServicesConfiguration.KEY)
private externalServicesConfig: ExternalServicesConfig,
) {
this.logger.setContext(FrontendConfigService.name);
}
async getFrontendConfig(): Promise<FrontendConfigDto> {
return {
// ToDo: use actual value here
allowAnonymous: false,
allowRegister: this.authConfig.email.enableRegister,
authProviders: this.getAuthProviders(),
banner: await FrontendConfigService.getBanner(),
branding: this.getBranding(),
customAuthNames: this.getCustomAuthNames(),
iframeCommunication: this.getIframeCommunication(),
maxDocumentLength: this.appConfig.maxDocumentLength,
plantUmlServer: this.externalServicesConfig.plantUmlServer
? new URL(this.externalServicesConfig.plantUmlServer)
: undefined,
specialUrls: this.getSpecialUrls(),
useImageProxy: !!this.externalServicesConfig.imageProxy,
version: await getServerVersionFromPackageJson(),
};
}
private getAuthProviders(): AuthProviders {
return {
dropbox: !!this.authConfig.dropbox.clientID,
facebook: !!this.authConfig.facebook.clientID,
github: !!this.authConfig.github.clientID,
gitlab: this.authConfig.gitlab.length !== 0,
google: !!this.authConfig.google.clientID,
internal: this.authConfig.email.enableLogin,
ldap: this.authConfig.ldap.length !== 0,
oauth2: this.authConfig.oauth2.length !== 0,
saml: this.authConfig.saml.length !== 0,
twitter: !!this.authConfig.twitter.consumerKey,
};
}
private getCustomAuthNames(): CustomAuthNamesDto {
return {
gitlab: this.authConfig.gitlab.map((entry) => {
return {
identifier: entry.identifier,
providerName: entry.providerName,
};
}),
ldap: this.authConfig.ldap.map((entry) => {
return {
identifier: entry.identifier,
providerName: entry.providerName,
};
}),
oauth2: this.authConfig.oauth2.map((entry) => {
return {
identifier: entry.identifier,
providerName: entry.providerName,
};
}),
saml: this.authConfig.saml.map((entry) => {
return {
identifier: entry.identifier,
providerName: entry.providerName,
};
}),
};
}
private getBranding(): BrandingDto {
return {
logo: this.customizationConfig.branding.customLogo
? new URL(this.customizationConfig.branding.customLogo)
: undefined,
name: this.customizationConfig.branding.customName,
};
}
private getSpecialUrls(): SpecialUrlsDto {
return {
imprint: this.customizationConfig.specialUrls.imprint
? new URL(this.customizationConfig.specialUrls.imprint)
: undefined,
privacy: this.customizationConfig.specialUrls.privacy
? new URL(this.customizationConfig.specialUrls.privacy)
: undefined,
termsOfUse: this.customizationConfig.specialUrls.termsOfUse
? new URL(this.customizationConfig.specialUrls.termsOfUse)
: undefined,
};
}
private getIframeCommunication(): IframeCommunicationDto {
return {
editorOrigin: new URL(this.appConfig.domain),
rendererOrigin: this.appConfig.rendererOrigin
? new URL(this.appConfig.rendererOrigin)
: new URL(this.appConfig.domain),
};
}
private static async getBanner(): Promise<BannerDto> {
const path = join(__dirname, '../../banner.md');
try {
const bannerContent: string = await fs.readFile(path, {
encoding: 'utf8',
});
const fileStats: Stats = await fs.stat(path);
return {
text: bannerContent,
updateTime: fileStats.mtime,
};
} catch (e) {
return {
text: '',
updateTime: new Date(0),
};
}
}
}