David Mehren
63b61f304b
Merge pull request #783 from hedgedoc/renovate/ts-jest-26.x
...
chore(deps): update dependency ts-jest to v26.5.0
2021-01-29 19:24:55 +01:00
David Mehren
d8a02aa409
Merge pull request #780 from hedgedoc/fix/inconsistentEnvVars
...
config: Fix inconsistent env vars
2021-01-29 19:24:01 +01:00
Renovate Bot
1f26c992a1
chore(deps): update dependency ts-jest to v26.5.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-29 14:02:05 +00:00
Philip Molares
2f17291079
config: Fix inconsistent env vars
...
This should make the translation from env var name to config name and vice versa more consistent.
Fixes #751
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-28 23:28:16 +01:00
Yannick Bungers
333b5a07e6
Merge pull request #768 from hedgedoc/feat/split-openapi
...
Swagger: Split public and private API
2021-01-27 23:13:49 +01:00
David Mehren
13fcd72f2d
Merge pull request #770 from hedgedoc/renovate/nestjs-packages
...
fix(deps): update nestjs packages to v7.6.7
2021-01-27 20:07:14 +01:00
David Mehren
3ba64f15f1
Swagger: Split public and private API
...
Fixes #759
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-27 20:02:25 +01:00
David Mehren
932cb636ff
Merge pull request #771 from hedgedoc/fix/base64Url
2021-01-27 19:49:02 +01:00
Renovate Bot
df3e389b6f
fix(deps): update nestjs packages to v7.6.7
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:26:10 +00:00
David Mehren
4d03577bba
Merge pull request #772 from hedgedoc/renovate/mkdocs-material-6.x
...
Update dependency mkdocs-material to v6.2.6
2021-01-27 18:25:36 +01:00
Renovate Bot
c39d159cf2
Update dependency mkdocs-material to v6.2.6
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:23:14 +00:00
David Mehren
b029d3100a
Merge pull request #769 from hedgedoc/renovate/pymdown-extensions-8.x
...
Update dependency pymdown-extensions to v8.1.1
2021-01-27 18:22:23 +01:00
Philip Molares
563f862846
auth: Encode secret in base64url
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-27 00:23:43 +01:00
Philip Molares
7aeb77b262
auth: Fix base64url transformation
...
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:56:45 +01:00
Renovate Bot
fa235f6fe1
Update dependency pymdown-extensions to v8.1.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-26 01:46:17 +00:00
David Mehren
f8757d0e5b
Merge pull request #766 from hedgedoc/feat/dto-docs
2021-01-25 23:16:02 +01:00
David Mehren
12263acce6
Merge pull request #767 from hedgedoc/renovate/test-packages
...
chore(deps): update dependency supertest to v6.1.3
2021-01-25 23:10:55 +01:00
Renovate Bot
af555d972b
chore(deps): update dependency supertest to v6.1.3
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 22:02:40 +00:00
David Mehren
c0ee27e2b0
Merge pull request #765 from hedgedoc/renovate/pin-dependencies
...
fix(deps): pin dependencies
2021-01-25 23:02:09 +01:00
Renovate Bot
999099c94b
fix(deps): pin dependencies
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 21:52:35 +00:00
David Mehren
3dc223847d
HistoryEntryDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
3f16a398d2
HistoryEntryUpdateDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
5f71e779ef
NoteDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
be2dc0e4d6
NoteAuthorshipDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
84143eec7d
RevisionMetadataDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
43194500e9
RevisionDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
e4f0c5c064
NoteMetadata DTOs: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
a83a7c7a66
NotePermission DTOs: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
d3acd3d2db
UserInfoDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
a144a55eb4
Swagger: Enable comment parsing
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
Yannick Bungers
ca04856425
Merge pull request #738 from hedgedoc/private/tokens
2021-01-25 21:38:53 +01:00
Philip Molares
2c38bd55a8
regenerated yarn.lock
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:34:11 +01:00
Philip Molares
bfe14dad8d
auth: Run removeInvalidTokens 5s after startup
...
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
67a5f3c7ec
auth: Add maximum token lifetime of 2 years.
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
99d6b39e00
auth: Run removeInvalidTokens 5s after startup
...
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
c2d759da53
auth: Add token limit of 200
...
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
c96edb31a5
tokens: Add token creation
...
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
28abc37e2c
auth: fixes unit and e2e tests
...
adds MockAuthGuard which always return user 'hardcoded'
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
ee6293f5a3
auth: adds token-auth to public api
...
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:06 +01:00
Philip Molares
0a3247492a
auth: Add cron to clean old tokens
...
Rename AuthToken.identifier to label
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:04 +01:00
Philip Molares
cc2fcac532
auth: Remove userName parameter of removeToken function
...
As suggested by @innaytool
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
f68caab6e8
auth: Integrate suggestions by @davidmehren
...
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
265195e305
auth: Split randomBase64UrlString in two functions
...
add test for BufferToBase64Url and toAuthTokenDto
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
84ec528d14
auth: Add tests for AuthService
...
Move AuthTokens to auth folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
599fe57ec6
tokens: Add token creation
...
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
fd70b2d121
auth: fixes unit and e2e tests
...
adds MockAuthGuard which always return user 'hardcoded'
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
74fd7abfb2
openapi: adds auth to all public api routes
...
See:
https://docs.nestjs.com/openapi/security
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
8d89614a4d
auth: adds token-auth to public api
...
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:59 +01:00
Philip Molares
9a65a9bd29
private: Add until to token creation
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:53 +01:00
Philip Molares
e8cdbdd677
private: removes collision check for tokens
...
this seems very unnecessary as the chance of this is 1 / 2^512
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:53 +01:00