github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-22 15:12:08 -04:00
Code Issues Projects Releases Packages Wiki Activity
4296 commits 40 branches 47 tags 110 MiB
Commit graph

4296 commits

This branch
This branch
All branches
Author SHA1 Message Date
renovate[bot]
1627952a30
chore(deps): update dependency mkdocs-material to v8.0.5 (#1892) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-11 05:00:44 +00:00
renovate[bot]
3e6129744e
chore(deps): update dependency eslint to v8.4.1 (#1891) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-11 03:21:49 +00:00
renovate[bot]
d278f27a54
chore(deps): update dependency @types/node to v16.11.12 (#1890) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-11 02:03:12 +00:00
David Mehren
abcd8e03f9
Merge pull request #1878 from hedgedoc/bug/session_guard 2021-12-07 22:38:42 +01:00
David Mehren
03981f9e0b
fix(session-guard): correctly check for missing session 
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-12-07 20:23:18 +01:00
renovate[bot]
b3688e6486
chore(deps): lock file maintenance (#1876) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-06 02:54:05 +00:00
David Mehren
724443c41a
Merge pull request #1818 from hedgedoc/davidmehren-njsscan 2021-12-05 22:44:53 +01:00
David Mehren
2c0d750324
Merge pull request #1874 from hedgedoc/chore/codecov_yaml 2021-12-05 22:42:43 +01:00
David Mehren
336d60a13c
ci: setup njsscan 
See: https://github.com/ajinabraham/njsscan-action

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-12-05 22:40:29 +01:00
David Mehren
f4ca531a5c
ci(codecov): Wait for 2 builds to be submitted 
This should stop Codecov from complaining about low
coverage after only half the tests have finished.

See: https://docs.codecov.com/docs/notifications#section-preventing-notifications-until-after-n-builds

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-12-05 22:35:37 +01:00
David Mehren
6a56599c8a
Merge pull request #1871 from hedgedoc/renovate/develop-swagger-ui-express-4.x 2021-12-05 19:31:14 +01:00
Renovate Bot
e678611533
fix(deps): update dependency swagger-ui-express to v4.2.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-12-05 18:08:07 +00:00
David Mehren
7aad15019f
Merge pull request #1872 from hedgedoc/renovate/develop-mkdocs-material-8.x 2021-12-05 19:05:21 +01:00
David Mehren
7ffd670fe0
Merge pull request #1870 from hedgedoc/renovate/develop-joi-17.x 2021-12-05 19:04:19 +01:00
Renovate Bot
7078a8912f
chore(deps): update dependency mkdocs-material to v8 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-12-05 17:55:24 +00:00
Renovate Bot
479a49dacf
fix(deps): update dependency joi to v17.5.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-12-05 17:54:55 +00:00
David Mehren
c1560ba48f
Merge pull request #1869 from hedgedoc/renovate/develop-linters 2021-12-05 18:50:52 +01:00
David Mehren
fc9cbce523
Merge pull request #1867 from hedgedoc/renovate/develop-test-packages 2021-12-05 18:50:45 +01:00
Renovate Bot
541e0cb399
chore(deps): update test packages 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-12-05 17:40:16 +00:00
Renovate Bot
71c7ae6b8e
chore(deps): update linters 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-12-05 17:39:46 +00:00
David Mehren
1514558d94
Merge pull request #1863 from hedgedoc/renovate/develop-yarn-3.1.x 2021-12-05 18:35:20 +01:00
David Mehren
ca9021863e
Merge pull request #1868 from hedgedoc/renovate/develop-prettier-2.x 2021-12-05 18:35:08 +01:00
Renovate Bot
6a6398b940
chore(deps): update yarn to v3.1.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-12-05 18:31:36 +01:00
Renovate Bot
9dba346b50
chore(deps): update dependency prettier to v2.5.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-12-04 15:05:10 +00:00
renovate[bot]
902fc64a1d
fix(deps): update nestjs packages (#1866) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-04 13:02:24 +00:00
renovate[bot]
0aced17e7b
fix(deps): update dependency minio to v7.0.23 (#1865) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-04 10:11:24 +00:00
renovate[bot]
810fc576d8
fix(deps): update dependency joi to v17.4.3 (#1864) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-04 05:49:23 +00:00
renovate[bot]
6fd25eb726
chore(deps): update dependency @types/node to v16.11.11 (#1862) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-04 03:38:06 +00:00
Yannick Bungers
87cb90abda
Merge pull request #1853 from hedgedoc/feat/getNoteInterceptor 2021-12-02 22:02:09 +01:00
Philip Molares
6fddeebc56 feat: replace GetNotePipe with GetNoteInterceptor and RequestNote 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 21:57:51 +01:00
Yannick Bungers
85aa3324f4
Merge pull request #1844 from hedgedoc/feat/permissionsGuard 2021-12-02 21:13:43 +01:00
Philip Molares
9e2a138a14 feat: add request note decorator 
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 20:41:45 +01:00
Philip Molares
ea0588f02e feat: refactor get note pipe to interceptor 
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 20:41:45 +01:00
Philip Molares
16cd42f197 test: fix note e2e test 'fails with non-existing alias' 
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 20:41:14 +01:00
Philip Molares
40e8acb6bb test: fix note e2e test 'fails, when user can't read note' 
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 20:41:14 +01:00
Philip Molares
d27c531d9a refactor: move permissions service calls into permissions guard 
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 20:41:14 +01:00
Philip Molares
f6ae0d30a1 feat: create permissions guard 
This guard protects resources and let's users only access them if they hold the correct permission

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-12-02 20:41:12 +01:00
Philip Molares
6f7cfced39 feat: create permission decorator 
This gathers the permission a user needs to hold to access a resource for the PermissionsGuard.

See https://docs.nestjs.com/guards#setting-roles-per-handler

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-11-30 19:48:47 +01:00
Philip Molares
c30a06d90b feat: create permission enum 
This enum makes it possible which permissions a user needs to hold to access a specific resource

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-11-30 19:48:47 +01:00
Philip Molares
dbf467fea5 chore: extract getNote code from GetNotePipe.transform 
This was done so the same code could be used in the PermissionsGuard

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-11-30 19:48:47 +01:00
Philip Molares
4b3c726101 chore: move get-note-pipe to api utils 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-11-30 19:48:47 +01:00
David Mehren
b4ce0dc889
Merge pull request #1851 from hedgedoc/fix-permissions-types 2021-11-29 22:54:26 +01:00
Yannick Bungers
15e2e177fb Add missing null in type in permissions service 
The parameters of the permission checking methods were missing a null value for not set user. This is the case if user is not logged in and operating as guest.

Signed-off-by: Yannick Bungers <git@innay.de>
 2021-11-29 22:42:31 +01:00
David Mehren
0881d5f041
Merge pull request #1677 from hedgedoc/renovate/develop-passport-0.x 2021-11-29 21:41:43 +01:00
David Mehren
64867127d8
Merge pull request #1843 from hedgedoc/renovate/develop-linters 2021-11-29 21:41:24 +01:00
David Mehren
178704c79f
Merge pull request #1841 from hedgedoc/renovate/develop-class-transformer-0.x 2021-11-29 21:38:40 +01:00
David Mehren
9a5126f335
Merge pull request #1838 from hedgedoc/renovate/develop-tsconfig-paths-3.x 2021-11-29 21:37:26 +01:00
Renovate Bot
da38d0f166
chore(deps): update linters 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-11-23 07:50:47 +00:00
Renovate Bot
e5d98654c9
fix(deps): update dependency class-transformer to v0.5.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-11-22 19:53:40 +00:00
Renovate Bot
eac3ca4647
fix(deps): update dependency passport to v0.5.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-11-21 23:20:49 +00:00