hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-02-20 03:22:00 +00:00

Author	SHA1	Message	Date
David Mehren	3233b5c958	NoteMetadata DTOs: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:23:09 +01:00
David Mehren	eb2544bc2b	NotePermission DTOs: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:22:52 +01:00
David Mehren	1a825ed199	UserInfoDto: Add doc comments Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-25 22:22:01 +01:00
Philip Molares	c8da989f25	auth: Run removeInvalidTokens 5s after startup This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after. Also move base64url comment to right function Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 16:29:09 +01:00
Philip Molares	ad0ab648bc	auth: Add maximum token lifetime of 2 years. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 12:14:26 +01:00
Philip Molares	6686fa58c5	auth: Run removeInvalidTokens 5s after startup This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after. Also move base64url comment to right function Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 18:16:08 +01:00
Philip Molares	af993407b3	auth: Add token limit of 200 This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 12:05:25 +01:00
Philip Molares	39d9fb5dec	tokens: Add token creation Fix token deletion Update plantuml docs Add token validUntil and lastUsed fields Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-21 19:37:43 +01:00
Philip Molares	b84d0f7cab	auth: fixes unit and e2e tests adds MockAuthGuard which always return user 'hardcoded' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-16 19:33:09 +01:00
Philip Molares	8f008c7cc5	auth: Add cron to clean old tokens Rename AuthToken.identifier to label Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-24 20:37:04 +01:00
Philip Molares	14a4872f49	auth: Remove userName parameter of removeToken function As suggested by @innaytool Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-23 22:24:59 +01:00
Philip Molares	a8b46923fd	auth: Integrate suggestions by @davidmehren Add number type alias TimestampMillis Remove solved ToDos Change AuthToken and AuthTokenDto to use Date Rename authService unit tests Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-23 21:24:11 +01:00
Philip Molares	e6dc8c7678	auth: Split randomBase64UrlString in two functions add test for BufferToBase64Url and toAuthTokenDto Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-23 19:04:00 +01:00
Philip Molares	508ad26771	auth: Add tests for AuthService Move AuthTokens to auth folder Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-22 15:29:10 +01:00
Philip Molares	c9751404f7	tokens: Add token creation Fix token deletion Update plantuml docs Add token validUntil and lastUsed fields Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-21 19:37:43 +01:00
Philip Molares	cce1626c48	auth: fixes unit and e2e tests adds MockAuthGuard which always return user 'hardcoded' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-16 19:33:09 +01:00
Philip Molares	33d9c455b8	openapi: adds auth to all public api routes See: https://docs.nestjs.com/openapi/security Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-16 17:45:14 +01:00
Philip Molares	2ab950c5c3	auth: adds token-auth to public api adds auth service adds auth module adds token-auth strategy adds token-auth to all public api calls Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-15 18:53:09 +01:00
Philip Molares	4784a1aea2	private: Add until to token creation Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-21 12:33:45 +01:00
Philip Molares	324ba71d24	private: removes collision check for tokens this seems very unnecessary as the chance of this is 1 / 2^512 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 20:35:43 +01:00
Philip Molares	97f7128355	private: fixed token generation bugs Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 19:52:08 +01:00
Philip Molares	822c01f2c7	private: save token hashed Auth tokens are now saved in hashed form. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 14:45:16 +01:00
Philip Molares	e5545043be	auth: hash auth token Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 14:38:05 +01:00
Philip Molares	667cf7e915	auth: add hash function the hash function uses bcrypt with 2^16 iterations. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 14:32:17 +01:00
Philip Molares	b589dedd2a	private: adds tokens controller adds private api adds AuthTokenDto and AuthTokenWithSecretDto adds necessary methods in the users service adds RandomnessError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-16 23:53:46 +01:00
Philip Molares	e04fcb9ee9	auth: hash auth token Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 15:27:13 +01:00
Philip Molares	80c7ae2fa9	private: adds tokens controller adds private api adds AuthTokenDto and AuthTokenWithSecretDto adds necessary methods in the users service adds RandomnessError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-16 23:53:46 +01:00
Yannick Bungers	5246f0c05d	Removed special table name in Note object and changed table names in plantuml file Signed-off-by: Yannick Bungers <git@innay.de>	2021-01-23 00:41:49 +01:00
Philip Molares	bc525633fc	config: Improve error messages Add labels to most Joi objects Convert all auth variable insert names to upper case to prevent inconsistent naming of the variables Rewrite auth errors to correctly point out the problematic variable Add tests for the config utils functions Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-19 15:47:05 +01:00
Philip Molares	4372106ef0	tests: Removed unnecessary import of appConfigMock As suggested by an review of David Mehren Co-authored by: David Mehren <git@herrmehren.de> Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-19 12:45:36 +01:00
Philip Molares	072ef223e0	config: splits config in multiple files splits the big appConfig in multiple configs adds media.config.mock.ts Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-15 16:57:04 +01:00
Philip Molares	d59ccaba54	config: removes unnecessary options removes options that we don't need from the config removes linkify-header-style.enum.ts Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-15 16:23:56 +01:00
David Mehren	22e14fb706	NotesService: `updateNoteByIdOrAlias` should return the new note Fixes #702 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:30:45 +01:00
David Mehren	a14056dbc9	Move note permission route under metadata Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:25:28 +01:00
Philip Molares	286575315e	Extend config with various options from 1.x Signed-off-by: Philip Molares <philip.molares@udo.edu>	2020-12-31 22:37:37 +01:00
David Mehren	18c6694bcb	Add config to tests in various places Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-08 12:56:25 +01:00
David Mehren	e8e82076d0	FilesystemBackend: Use scoped appConfig Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-08 12:53:16 +01:00
David Mehren	67c7c4b8d1	MediaService: Get media backend from configuration Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-08 13:06:44 +01:00
David Mehren	cd37eef45e	Get port and upload path from config Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-30 22:35:57 +01:00
David Mehren	99dfa2d1fb	Load config to global scope Otherwise every module would have to parse the config again Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-08 12:52:30 +01:00
David Mehren	7d9e606b7d	Add proof of concept config system Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-30 22:35:12 +01:00
David Mehren	88c0794724	NotesService: Get note creation time from database Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 18:22:30 +01:00
David Mehren	b7cb3181c4	NotesService: rename `getLastRevision` to `getLatestRevision` This fixes an inconsistency with `RevisionsService` Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 18:20:28 +01:00
David Mehren	9b9f101577	MarkdownBody: Register swagger metadata As explained in https://github.com/nestjs/swagger/issues/32#issuecomment-716169471, it's possible to register swagger metadata in custom decorators by providing an array of `enhancers`. We now add metadata with the `MarkdownBody` decorator: The request needs a `body` with content-type `text/markdown`. Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 19:21:00 +01:00
David Mehren	a523eadec2	NotesController: Do not crash on nonexistent notes This commit adds proper error handling and returns 404 when a note does not exist. Previously, we leaked the `NotInDBError` and sent a 500 status code. Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-09 22:38:10 +01:00
David Mehren	3801b1b042	Format with Prettier 2 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-06 23:48:53 +01:00
Tilman Vatteroth	7aeaf488c4	Change year in copyright to 2021 Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>	2021-01-06 21:36:07 +01:00
David Mehren	890e9c942b	Fix prettier errors Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-05 23:11:31 +01:00
Philip Molares	dc63c76f43	added reuse information Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-05 22:12:38 +01:00
David Mehren	c95c68541c	Fix tests Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 21:11:16 +02:00

1 2 3 4

159 commits