Erik Michelson
157a0fe278
refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b
feat(auth): refactor auth, add oidc
...
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
Erik Michelson
73d9c3231b
refactor(backend): rename auth to public-auth-token
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-02 10:33:08 +02:00
Erik Michelson
9597ac5422
feat(notes): check for equal alias or note id
...
When creating a new note or adding a new alias to one,
it is checked that the new name
is neither forbidden nor already in use.
Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:15:11 +02:00
Erik Michelson
8693edbf6a
refactor(media): add media redirection endpoint
...
Previous versions of HedgeDoc suffered from the problem
that changing the media backend required manipulation of
the media links in all created notes. We discussed in
#3704 that it's favourable to have an endpoint that
redirects to the image's original URL. When changing the
media backend, the link stays the same but just the
redirect changes.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-18 22:11:49 +02:00
Erik Michelson
92bde4d281
enhancement(api-tokens): add prefix and more strict validation
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-04-09 10:54:35 +02:00
David Mehren
f8f198f9c9
feat: add initial database migration
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-10-08 17:58:32 +02:00
Yannick Bungers
fbd5fa8b07
Remove not needed TODOs
...
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Yannick Bungers
8879b51344
Adding issues for TODOs
...
Signed-off-by: Yannick Bungers <git@innay.de>
2023-10-08 16:00:42 +02:00
Tilman Vatteroth
0111f2b65e
fix(backend): format code
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-08-15 20:16:09 +00:00
Yannick Bungers
f362d27d3f
Move session entity to sessions folder
...
Signed-off-by: Yannick Bungers <git@innay.de>
2023-07-06 12:07:44 +02:00
Tilman Vatteroth
ac825edbe3
fix: replace RouterModule from nest-router with @nestjs/core
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-16 23:00:06 +02:00
Philip Molares
0a8945d934
feat(backend): handle username always in lowercase
...
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-04 21:55:19 +02:00
Yannick Bungers
d73bbcaeff
fix: increase test coverage
...
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338
feat: Add guest file uploads and add deletion for note owners
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Tilman Vatteroth
825b3b72ff
test: add e2e tests for note permissions
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 22:34:24 +02:00
Erik Michelson
408d82e280
enhancement(auth): better error message handling
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
Erik Michelson
ca9836d691
enhancement(auth): better error message handling
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
David Mehren
81531b6559
test: use correct note content
...
The `works with an existing note` test was refactored to use testSetup
notes, but didn't use the correct content to compare to.
It's unclear why this test is only failing now.
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-25 12:43:27 +01:00
David Mehren
944304b274
test(setup): use HD_BASE_URL
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
15a691b364
test(public/notes): compare permission lists as Set
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
5fc6265b77
test(public/notes): update tests for default groups
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
679d8a8655
refactor(default-access-level): rename from default-access-permission
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
976e5671fa
test(e2e/public/notes): test permission api
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
3884d79474
test(e2e/public/notes): enable real auth
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
845861a030
style: fix linting errors
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
1f2cec2f7c
test(e2e/public/media): test using real auth
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
4271ef740c
test: use constant credentials
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
4ade25036e
test(setup): set HD_DOMAIN
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
7256717611
test(e2e/private/tokens): check token can't be deleted by wrong user
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
e52cf4b4ae
test(e2e/private/media): check upload can't be deleted by wrong user
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
Tilman Vatteroth
5e1fdbe81d
fix(config): Replace HD_DOMAIN and HD_EDITOR_BASE_URL with HD_BASE_URL
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 22:32:31 +01:00
Philip Molares
8ee2d809c7
test(backend): add regression test for issue #3135
...
When a PasswordTooWeakError is encountered the newly created user should be removed again. This should prevent registration error from "burning" usernames for further use.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:15:28 +01:00
Philip Molares
0ec9edc07d
test(backend): change registration disabled error code
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:14:01 +01:00
David Mehren
b311265762
fix(media-controller): throw if no file was uploaded
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-12-30 11:02:56 +01:00
Tilman Vatteroth
bf30cbcf48
fix(repository): Move backend code into subdirectory
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-10-30 22:46:42 +01:00