hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-27 03:58:02 -05:00

Author	SHA1	Message	Date
Philip Molares	3493a7a26f	Logging: Improve mediabackend filesystem log message. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-04-02 17:38:22 +02:00
Philip Molares	4fb7623225	FileMediaBackend: Fix generated urls All urls should be of the form `uploads/<filename>.<extension>` regardless of what the uploadDirectory is, because the backend proxies all locally uploaded files. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-04-01 00:28:13 +02:00
Philip Molares	354db0c1a2	MediaConfigMock: Change upload path This changes the upload path in all test to 'test_uploads' to ensure no real uploads are lost. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-04-01 00:28:13 +02:00
Philip Molares	ff7fbcaf0e	PrivateAPI: Add media controller Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-25 22:26:41 +01:00
Philip Molares	b60fa155dd	PrivateAPI: Add notes controller Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-25 20:36:18 +01:00
Philip Molares	dd7ca87337	PrivateApi: Add config controller Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 20:08:13 +01:00
Philip Molares	e471342497	FrontendConfig: Add new service This service handles the config for the frontend. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 20:08:13 +01:00
Philip Molares	c4161cec98	Config: Add rendererOrigin and maxDocumentLength to AppConfig These are used in the /config private API call. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 20:08:13 +01:00
Philip Molares	f63d37dbf7	Config: Add identifier to all multi auth provider to AuthConfig These are used in the /config private API call and needed to distinguish with which of the multiple auth providers a login should occur. This also fixes the types of the multiple auth provider arrays to something that works, as `[{}]` specifics exactly on object in an array. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 20:08:13 +01:00
Philip Molares	de82b72b62	Config: Create new config mocks for tests Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 20:08:09 +01:00
Philip Molares	e8339e0976	Config: Add two new Subconfigs CustomizationConfig holds all possible customization configs. ExternalConfig holds external services that may be configured. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 19:59:07 +01:00
Philip Molares	19318ae518	Config: Extend AppConfig mock This is now more in line what you would get from the regular config code Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 19:59:07 +01:00
Philip Molares	381718f0eb	Config: Move config mocks in own folder To clean up the config folder, all mocks are now in it's own folder. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 19:59:05 +01:00
Philip Molares	942cb44e05	Utils: Extract getServerVersionFromPackageJson into own file We need this function in at least on other part of the application so extracting it into an util file was only logical. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 19:58:37 +01:00
Philip Molares	37fa75fc91	PublicApi: Add GET /api/v2/notes/{note}/media Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 19:18:40 +01:00
Philip Molares	3ef2fce067	MediaService: Add listUploadsByNote method Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-21 19:18:40 +01:00
David Mehren	6d8780de4b	Merge pull request #1047 from hedgedoc/docs/apidocs	2021-03-21 19:07:14 +01:00
David Mehren	d3e7be491a	Merge pull request #981 from hedgedoc/privateApi/history PrivateAPI: history	2021-03-21 19:00:21 +01:00
Philip Molares	168d85778c	Docs: Add more documentation to the public api Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-20 10:18:44 +01:00
Philip Molares	cb5c135cb7	Docs: Add description for common http codes These are the descriptions for all 401, 403, 404 and 204 HTTP responses in HedgeDoc. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-20 10:18:42 +01:00
Philip Molares	3620416ed6	Docs: Add ApiProperty to all Dtos This makes it possible for the autogenerated openapi file to contain all the dtos instead of nothing. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-19 12:08:34 +01:00
Philip Molares	7f399735f6	PrivateAPI: Add history controller Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-18 21:56:35 +01:00
Philip Molares	b5575bbebe	MediaService: Remove allowedMimeType application/pdf Uploading PDFs does not work with imgur and therefore HedgeDoc should not offer that. See #533 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-15 22:41:40 +01:00
Philip Molares	9e55af1247	HistoryService: Add deleteHistory method This method deletes all history entries of a user. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-15 21:14:56 +01:00
Yannick Bungers	7183d1fabb	Merge pull request #1021 from hedgedoc/publicApi/listMediaUpload PublicAPI: Add GET /me/media	2021-03-15 20:26:59 +01:00
Philip Molares	c77773c247	AppConfig: Fix bug in the schema of forbiddenNoteIds Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-14 17:54:50 +01:00
Yannick Bungers	ef352a1313	Add GET /me/media Returns all media files uploaded by the authenticated user. Signed-off-by: Yannick Bungers <git@innay.de>	2021-03-14 17:47:16 +01:00
David Mehren	b67ec817e6	Merge pull request #993 from hedgedoc/publicApi/me	2021-03-14 16:28:49 +01:00
David Mehren	99439af25e	Merge pull request #937 from hedgedoc/feature/forbiddenNoteIds	2021-03-14 16:06:48 +01:00
Philip Molares	d4b2dc9e4a	PublicAPI: Add /me/history/:note Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-06 17:55:48 +01:00
Philip Molares	de098cf68e	HistoryService: Add unit test for getEntryByNoteIdOrAlias Also add extra test to deleteHistoryEntry Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-06 17:55:24 +01:00
Philip Molares	4034fa6495	NotesService: Add unit tests for forbidden note alias Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-06 17:49:33 +01:00
Philip Molares	9b25f401f7	NotesService: Check if note alias is forbidden If the note alias is forbidden return a BadRequest. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-06 17:49:25 +01:00
Philip Molares	df2f14ffbf	HistoryService: Add JSDocs for all methods Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-03-05 11:59:07 +01:00
David Mehren	8de1e4b938	Merge pull request #970 from hedgedoc/typeOrm/synchronizeToDo AppModule: Add reminder to remove synchronize	2021-02-27 23:09:52 +01:00
Philip Molares	cbc88fd315	Errors: Add ForbiddenIdError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 23:04:52 +01:00
Philip Molares	2f028a4aae	Config: Add forbiddenNoteIds to AppConfig Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 23:04:49 +01:00
Philip Molares	1042954e98	AppModule: Add reminder to remove synchronize This auto creates schema on startup and is not intended for production use See https://typeorm.io/#/connection-options/common-connection-options Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 22:58:34 +01:00
Philip Molares	2d98e2f8b4	S3Backend: Add S3 MediaBackend Add minio dependency Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 22:40:56 +01:00
Philip Molares	cf6c08e3d6	MediaConfig: Change s3 config remove region as this is specified by endPoint now add bucket in schema and actual assignment Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 22:34:27 +01:00
Philip Molares	942360ea22	MediaConfig: Fix Joi schema alternatives '...use' tries to go up one level and grab the value of 'use' there and not the same level 'use' as we want here Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 22:34:27 +01:00
Philip Molares	dde74f37ff	AzureBackend: Add Azure MediaBackend Add @azure/storage-blob dependency This is the relevant part of the official azure sdk. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 22:18:24 +01:00
Philip Molares	eb7e6b55eb	DBSchema: Add fileUrl to media_upload table Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 22:03:09 +01:00
Philip Molares	e2b2059bde	ImgurBackend: Add Imgur MediaBackend Add node-fetch dependency. This was chosen as other libs we use already use node-fetch. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 21:29:14 +01:00
Philip Molares	165bb7602b	MediaUploadEntity: Add fileUrl Save the fileUrl, returned to the user on creation, in the DB. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 21:29:14 +01:00
Yannick Bungers	a92096034d	Merge pull request #936 from hedgedoc/maint/stronger_lint_checks	2021-02-27 21:24:35 +01:00
David Mehren	609b1cf3a3	Refactor server version object into own interface This makes the type of getServerVersionFromPackageJson() way easier to read. Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 21:21:41 +01:00
David Mehren	235d7efa19	Refactor config utils to use functions instead of consts Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 17:45:44 +01:00
David Mehren	9fcc3c6cee	Enforce explicit function return types This re-enables the `@typescript-eslint/explicit-module-boundary-types` check and also enables the `@typescript-eslint/explicit-function-return-type` check. Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 17:41:32 +01:00
David Mehren	73db821649	FilesystemBackend: Fix ESLint errors Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	0a23538389	NotesController: Fix ESLint errors Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	38b787fe25	MeController: Fix ESLint errors Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	b22d641406	ConsoleLoggerService: Fix ESLint errors We now use @types/cli-color to provide type information Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	a0ffa3be04	NoteEntity: Fix ESLint errors We now use @types/shortid to provide type information Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	2c841ae578	Fix ESLint errors in main.ts Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	1cc86a728a	Fix various ESLint errors in services Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	8c3bf66469	Fix various ESLint errors in unit tests Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	c5fb87de05	Fix various ESLint errors in configs Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	b37b2d1047	HistoryService: toHistoryEntryDto does not need to be async Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	d8d105ed75	NotesService: toNotePermissionsDto does not need to be async Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	b5281991ef	AuthService: randomString does not need to by async Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	ba4825a99f	Add explicit Request type Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	b78c94c3a1	Use Req decorator instead of Request This avoids a clash with the Request type from express Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
David Mehren	2b14ad92cd	Don't await non-Promises Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-27 16:11:27 +01:00
Philip Molares	7f9c310e58	MediaBackendInterface: Correct JSDoc of deleteFile Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 12:24:02 +01:00
Philip Molares	062104f64b	FilesystemBackend: Remove getFileURL Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 11:38:50 +01:00
Philip Molares	d83e0004b7	MediaBackendInterface: Remove getFileURL closes #957 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-27 00:28:17 +01:00
David Mehren	3626ce9dff	ESLint: Enable @typescript-eslint/naming-convention rule This check enforces consistent variable naming. Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-26 12:10:53 +01:00
David Mehren	6ffeb2e9c9	ESLint: Enable @typescript-eslint/return-await rule This ensures stack traces are helpful at the cost of a slightly lower performance (one more tick in the event loop). Fixes #838 Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-26 12:10:51 +01:00
David Mehren	6a6dc7ea21	ESLint: Re-enable @typescript-eslint/no-explicit-any rule Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-26 12:10:05 +01:00
Yannick Bungers	75be4611d3	Merge pull request #953 from hedgedoc/mediaBackendErrors	2021-02-25 22:23:11 +01:00
Philip Molares	31f7c76697	MediaController: Handle MediaBackendErrors Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-25 13:59:32 +01:00
Philip Molares	8365132a39	FilesystemBackend: Throw MediaBackendError where appropriate Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-25 13:52:50 +01:00
Philip Molares	bee2333f77	MediaService: Add MediaBackendError This get's thrown when the backend can't perform the required action. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-25 13:51:54 +01:00
Philip Molares	ca064526a7	ConsoleLogger: Add typing to localeStringOptions This is necessary as typescript is unable to determine that `year` in this object is of type "numeric" and not string. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-24 10:30:20 +01:00
David Mehren	0dd1f80db4	Merge pull request #948 from hedgedoc/fix/unusedImports PermissionsModule: Remove unused imports	2021-02-23 21:09:26 +01:00
David Mehren	3fabf2596a	Merge pull request #943 from hedgedoc/refactor/getNoteContent	2021-02-23 21:05:25 +01:00
Philip Molares	0e6cc0b971	PermissionsModule: Remove unused imports Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-23 19:13:41 +01:00
Yannick Bungers	b7e188cec2	Rename viewcount to viewCount for compliance Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-22 23:36:44 +01:00
Yannick Bungers	e081bd196b	Rename getNoteContentByNote to getNoteContent Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-22 22:34:18 +01:00
Yannick Bungers	15a1a138ee	Remove unused getNoteContentByIdOrAlias Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-22 22:32:00 +01:00
Philip Molares	5f49cb8d48	NotesService: Replace noteByIdOrAlias with note as parameter As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 19:51:27 +01:00
Philip Molares	c9b05b3c44	NotesController: Handle new errors Handle the AlreadyInDB and PermissionsUpdateInconsistent errors and correctly show them to the api user as BadRequest errors. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 19:51:27 +01:00
Philip Molares	93d859647d	NotesService: Add unit tests Fixed toUserDto method of UsersService: If a user has no email an empty string should be returned (like with the photoUrl) instead of null. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 19:51:24 +01:00
Philip Molares	4332b039d6	NotesService: Finished hardcoded functions Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 19:45:16 +01:00
Philip Molares	8b29e32e45	Errors: Add AlreadyInDB and PermissionsUpdateInconsistent error Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 16:54:08 +01:00
Philip Molares	34087561e7	GroupsService: Create new GroupsService This service is necessary as we plan to have functions to create and manipulate groups in the future. The GroupInfoDto was moved from the file note-permissions.dto.ts to mimic the UserInfoDto. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 16:52:18 +01:00
Philip Molares	577811be29	NotePermissions: Remove default constructors As discussed in #835 we don't want to have default constructors and prefer .create methods. Because the created NoteGroupPermission and NoteUserPermission are not saved to the DB by themselves, but are saved via a change to the Note using a Pick<Class, attributes>-style return type is not helpful here as every single time the .create functions are called a full object is required. The mock calls in the PermissionService test are not needed and break the .create calls so they got removed. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 11:38:50 +01:00
Philip Molares	353384435e	NotesService: Add JsDoc strings to all functions Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-20 11:28:19 +01:00
Philip Molares	336117cef5	NotesService: Rename getCurrentContent to getNoteContentByNote The new name should better explain what this functions does. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-19 13:36:01 +01:00
Philip Molares	1aa821460f	NotesController: Catch NotInDBErrors from permission checks The permission check also tries to get the note and a non existing note needs to be handled there too. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-18 22:25:55 +01:00
Yannick Bungers	0fc9c11a41	Add test for permission service Many tests are generated and not static like in other files. Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-18 22:25:55 +01:00
Yannick Bungers	0ea7991e36	Add guest permission mock and checking mocked by attribute of permission service Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-18 22:25:55 +01:00
Yannick Bungers	a694d71fff	Add permission checks for notes routes Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-18 22:25:55 +01:00
Yannick Bungers	f40ed5db2a	Add permissions Service Checks if the given user has sufficient rights on the given resource. Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-18 22:25:55 +01:00
Yannick Bungers	f8e07f6940	Add relation between User and Group This represents the users which are members of this group Signed-off-by: Yannick Bungers <git@innay.de>	2021-02-18 22:25:52 +01:00
David Mehren	669688c12f	Merge pull request #847 from hedgedoc/test/authServiceUnitRewrite Tests: Rewrote AuthService unit test	2021-02-16 22:29:14 +01:00
Philip Molares	680ca4188f	Tests: Rewrote AuthService unit test The unit test now uses per test mocking of the necessary functions instead of one mock in the beforeEach call. Also some tests got expanded to cover more error cases. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-16 22:25:37 +01:00
David Mehren	2367e3c31b	Merge pull request #912 from hedgedoc/feature/serverUploads StaticServe: Fix serving images under uploads/	2021-02-16 21:50:35 +01:00
David Mehren	77f00d961a	Merge pull request #916 from hedgedoc/feature/prefixPublicApi PublicApi: Add correct prefix	2021-02-16 21:49:54 +01:00
Philip Molares	e6c1cc7810	MediaService: Add unit tests The file test.zip is used to fail the saveFile test with 'MIME Type not supported' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-16 21:12:23 +01:00
Philip Molares	3120d2dfb9	MediaService: Add JS-Docs to media service Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-16 20:25:33 +01:00
Philip Molares	05ac7dc4ae	StaticServe: Fix serving images under uploads/ This did not work until now, because path and prefix were swapped. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-16 20:22:49 +01:00
Philip Molares	73113dc361	PublicApi: Add correct prefix Using nest-router for this purpose as it is a rather easy addition to our structure. As we don't add the Router to any e2e tests we don't need to change them. fixes #523 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-16 20:19:45 +01:00
David Mehren	8b62b7d93c	Add missing logging context at various places Our custom logger supports providing the name of the function that calls the logger, this commit adds this context string where it was previously missing. Signed-off-by: David Mehren <git@herrmehren.de>	2021-02-05 22:30:22 +01:00
Philip Molares	88ed1ec8ba	Docs: Add api tags to group controller For a better structure of the autogenerated apidoc website tags are used. Each Controller get it's own tag and will be put in a separate section. See https://docs.nestjs.com/openapi/operations#tags Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-05 14:13:34 +01:00
Philip Molares	1becc9b3d2	Tests: Fix Mock Auth This makes it possible to create the user before the mock auth guard does it's magic. This is necessary for some test, where we need the user object before the api is called. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-04 21:50:19 +01:00
Philip Molares	10ef4fcee1	History: Add unit and e2e test Add unit tests for history service Adapt relevant me e2e tests to work Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-04 21:50:19 +01:00
Philip Molares	7f1afc30c9	History: Add history service and usage Add history service to allow for CRUD operations. Use history service in controllers to: 1. Allow manipulating of history entries 2. Guaranty the correct existence of history entries Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-04 21:50:19 +01:00
Philip Molares	b76fa91a3c	History: Add HistoryEntry With this the backend now can hold a history entry. Also included in this commit are some minor changes to tests and services so they can still work. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-02-04 21:50:14 +01:00
Yannick Bungers	c2b6c6fe49	Reformat code by yarn format Signed-off-by: Yannick Bungers <git@innay.de>	2021-01-31 00:12:00 +01:00
Philip Molares	a7f35aaeec	tests: Fix tests as part of the DTO Refactor Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-31 00:11:58 +01:00
Yannick Bungers	b07d6d478c	Refactoring of controllers and service interfaces DTO should only be used for sending information to and from user. Services now have methods which return normal internal objects and methods which convert them to DTOs. This conversion is done in the controlers Signed-off-by: Yannick Bungers <git@innay.de>	2021-01-30 00:15:05 +01:00
Philip Molares	08b3dd5db9	auth: Fix undefined secret error Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-29 22:24:19 +01:00
Philip Molares	ba517b3cfe	auth: Fix UnauthorizedException throwing Move conversion of Errors from AuthService to TokenStrategy. This is necessary to correctly test the validateToken method. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-29 22:00:47 +01:00
Philip Molares	5a727d530b	auth: Fix secret length The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th. This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-29 21:32:54 +01:00
David Mehren	b49c802c79	Merge pull request #776 from hedgedoc/fix/UnauthorizedException auth: Fix handling of internal server errors	2021-01-29 20:52:36 +01:00
Philip Molares	84915b61ac	auth: Fix handling of internal server errors Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message. This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-29 20:33:56 +01:00
Philip Molares	2f17291079	config: Fix inconsistent env vars This should make the translation from env var name to config name and vice versa more consistent. Fixes #751 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-28 23:28:16 +01:00
David Mehren	3ba64f15f1	Swagger: Split public and private API Fixes #759 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-27 20:02:25 +01:00
Philip Molares	563f862846	auth: Encode secret in base64url Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-27 00:23:43 +01:00
Philip Molares	7aeb77b262	auth: Fix base64url transformation The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function. tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available… Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-26 10:56:45 +01:00
David Mehren	3dc223847d	HistoryEntryDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:39 +01:00
David Mehren	3f16a398d2	HistoryEntryUpdateDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:39 +01:00
David Mehren	5f71e779ef	NoteDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:39 +01:00
David Mehren	be2dc0e4d6	NoteAuthorshipDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:39 +01:00
David Mehren	84143eec7d	RevisionMetadataDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:39 +01:00
David Mehren	43194500e9	RevisionDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:38 +01:00
David Mehren	e4f0c5c064	NoteMetadata DTOs: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:38 +01:00
David Mehren	a83a7c7a66	NotePermission DTOs: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:38 +01:00
David Mehren	d3acd3d2db	UserInfoDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:48:38 +01:00
Philip Molares	bfe14dad8d	auth: Run removeInvalidTokens 5s after startup This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after. Also move base64url comment to right function Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	67a5f3c7ec	auth: Add maximum token lifetime of 2 years. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	99d6b39e00	auth: Run removeInvalidTokens 5s after startup This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after. Also move base64url comment to right function Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	c2d759da53	auth: Add token limit of 200 This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	c96edb31a5	tokens: Add token creation Fix token deletion Update plantuml docs Add token validUntil and lastUsed fields Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	28abc37e2c	auth: fixes unit and e2e tests adds MockAuthGuard which always return user 'hardcoded' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	0a3247492a	auth: Add cron to clean old tokens Rename AuthToken.identifier to label Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:04 +01:00
Philip Molares	cc2fcac532	auth: Remove userName parameter of removeToken function As suggested by @innaytool Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	f68caab6e8	auth: Integrate suggestions by @davidmehren Add number type alias TimestampMillis Remove solved ToDos Change AuthToken and AuthTokenDto to use Date Rename authService unit tests Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	265195e305	auth: Split randomBase64UrlString in two functions add test for BufferToBase64Url and toAuthTokenDto Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	84ec528d14	auth: Add tests for AuthService Move AuthTokens to auth folder Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	599fe57ec6	tokens: Add token creation Fix token deletion Update plantuml docs Add token validUntil and lastUsed fields Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	fd70b2d121	auth: fixes unit and e2e tests adds MockAuthGuard which always return user 'hardcoded' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	74fd7abfb2	openapi: adds auth to all public api routes See: https://docs.nestjs.com/openapi/security Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	8d89614a4d	auth: adds token-auth to public api adds auth service adds auth module adds token-auth strategy adds token-auth to all public api calls Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:59 +01:00
Philip Molares	9a65a9bd29	private: Add until to token creation Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:53 +01:00
Philip Molares	e8cdbdd677	private: removes collision check for tokens this seems very unnecessary as the chance of this is 1 / 2^512 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:53 +01:00
Philip Molares	0a1c3426c0	private: fixed token generation bugs Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:53 +01:00
Philip Molares	5e6e5d0e5f	private: save token hashed Auth tokens are now saved in hashed form. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	37a9f6526b	auth: hash auth token Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	15ca030b67	auth: add hash function the hash function uses bcrypt with 2^16 iterations. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	025f24122c	private: adds tokens controller adds private api adds AuthTokenDto and AuthTokenWithSecretDto adds necessary methods in the users service adds RandomnessError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	a4522d7230	auth: hash auth token Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	cbf6ac912a	private: adds tokens controller adds private api adds AuthTokenDto and AuthTokenWithSecretDto adds necessary methods in the users service adds RandomnessError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Yannick Bungers	17ceb9c31f	Removed special table name in Note object and changed table names in plantuml file Signed-off-by: Yannick Bungers <git@innay.de>	2021-01-23 22:26:49 +01:00
Philip Molares	454a883f17	config: Improve error messages Add labels to most Joi objects Convert all auth variable insert names to upper case to prevent inconsistent naming of the variables Rewrite auth errors to correctly point out the problematic variable Add tests for the config utils functions Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-21 21:35:59 +01:00
Philip Molares	9c3d329bc9	tests: Removed unnecessary import of appConfigMock As suggested by an review of David Mehren Co-authored by: David Mehren <git@herrmehren.de> Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-19 12:45:36 +01:00
Philip Molares	2c4098dc55	config: splits config in multiple files splits the big appConfig in multiple configs adds media.config.mock.ts Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 21:19:45 +01:00
Philip Molares	4f6d15439c	config: removes unnecessary options removes options that we don't need from the config removes linkify-header-style.enum.ts Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 21:19:45 +01:00
Yannick Bungers	0d95c29df2	Merge pull request #709 from hedgedoc/fix/api-notes-metadata	2021-01-15 22:47:52 +01:00
Philip Molares	929795637a	Extend config with various options from 1.x Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-13 22:09:07 +01:00
David Mehren	ce65f2c51a	Add config to tests in various places Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	9f170bca4c	FilesystemBackend: Use scoped appConfig Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	75b6d3cc2b	MediaService: Get media backend from configuration Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	0e7845e38f	Get port and upload path from config Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2021-01-13 21:45:23 +01:00
David Mehren	cbd4684785	Load config to global scope Otherwise every module would have to parse the config again Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	c55f7060be	Add proof of concept config system Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2021-01-13 21:45:21 +01:00
David Mehren	6301a264dd	NotesService: `updateNoteByIdOrAlias` should return the new note Fixes #702 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:31:56 +01:00
David Mehren	4a1bec8eec	Move note permission route under metadata Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:25:28 +01:00
David Mehren	65c76d0998	NotesService: Get note creation time from database Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:12:39 +01:00
David Mehren	32feb5ee10	NotesService: rename `getLastRevision` to `getLatestRevision` This fixes an inconsistency with `RevisionsService` Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:12:39 +01:00
David Mehren	644d7a278a	MarkdownBody: Register swagger metadata As explained in https://github.com/nestjs/swagger/issues/32#issuecomment-716169471, it's possible to register swagger metadata in custom decorators by providing an array of `enhancers`. We now add metadata with the `MarkdownBody` decorator: The request needs a `body` with content-type `text/markdown`. Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 19:21:19 +01:00
David Mehren	141dc349e3	NotesController: Do not crash on nonexistent notes This commit adds proper error handling and returns 404 when a note does not exist. Previously, we leaked the `NotInDBError` and sent a 500 status code. Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-09 22:58:16 +01:00
David Mehren	f81e67a3a1	Format with Prettier 2 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-06 23:49:45 +01:00
Tilman Vatteroth	0c56466dc1	Change year in copyright to 2021 Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>	2021-01-06 22:10:19 +01:00
David Mehren	f0835f5b62	Fix prettier errors Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-06 13:05:15 +01:00
Philip Molares	6896daa62a	added reuse information Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-05 22:12:38 +01:00
David Mehren	61e6020c6b	Fix tests Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:46 +02:00
David Mehren	85ee6780ad	Remove `PUT /notes/{note}/metadata` and corresponding service code Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:45 +02:00
David Mehren	6a1da64cf6	Remove NoteUtils class, as the planned parsing logic is not needed anymore Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:45 +02:00
David Mehren	b2085efb1d	Add missing TagRepository provider in unit tests Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:44 +02:00
David Mehren	c1886ff1dc	NotesController: Add `PUT :noteIdOrAlias/metadata` route Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:44 +02:00
David Mehren	3726b27849	NotesService: Implement `updateNoteMetadata` Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:43 +02:00
David Mehren	943c8b4bab	NoteEntity: Enable eager loading and cascades for tags Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:43 +02:00
David Mehren	b349d25bd7	NotesService: Get metadata from database Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:43 +02:00
David Mehren	f1f57eca54	Add note metadata properties and Tag entity. These were planned to be parsed at runtime from the note-content in the database, but having to run a markdown parser in the backend was found to be a bad idea. Now the frontend (that already implements the parsing logic) has to set title, description and tags. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:42 +02:00
David Mehren	be5b6dcf0e	NoteMetadataDto: Rename `permission` to `permissions` Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:19:14 +02:00
David Mehren	61014f1bc4	Update NotePermissionsUpdate DTOs to be aware of groups The NotePermissionsUpdateDto was not updated when group permissions were introduced. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:19:12 +02:00
David Mehren	d42bc83e38	FilesystemBackend: Ensure uploads directory exists Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-24 12:28:52 +02:00
David Mehren	5030a6d814	AppModule: Remove unused imports Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-24 11:49:19 +02:00
David Mehren	0711dbb6ff	MediaService: Simplify `saveFile` signature As the `saveFile` method only really uses the files `Buffer`, this commit changes the signature so it directly gets a `Buffer` instead of a complicated `MulterFile` object. This also simplifies testing. Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-24 11:49:01 +02:00
David Mehren	9aa2a64a53	UserEntity: Fix column types for create/update dates Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-24 11:34:49 +02:00
David Mehren	5f13c34a07	UsersService: Improve logging in `getNoteByIdOrAlias` Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-24 11:34:16 +02:00
David Mehren	560efc71d8	Use `useStaticAssets` instead of `@nestjs/serve-static` `serve-static` does not work with `createTestingModule` and is not recommended when "just" serving a few images. See https://github.com/nestjs/serve-static/issues/240 Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-24 11:32:23 +02:00
David Mehren	e2696e647b	Merge pull request #534 from codimd/media-controller	2020-10-19 21:07:13 +02:00
David Mehren	3686685f08	MediaController: Add `DELETE /{filename}` route Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-17 21:54:44 +02:00
David Mehren	9e7e15a20a	MediaService: Implement delete feature Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-17 21:54:08 +02:00
David Mehren	db869418d4	FilesystemBackend: ESLint fixes Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-17 21:53:34 +02:00
David Mehren	6e6ab84391	UsersService: Wait for the DB to find a user Signed-off-by: David Mehren <git@herrmehren.de>	2020-10-17 21:52:59 +02:00

... 2 3 4 5 6 ...

492 commits