hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 09:46:30 -05:00

Author	SHA1	Message	Date
Yannick Bungers	4dd2762be2	Add unit tests for new notes service methods setUserPermission removeUserPermission setGroupPermission removeGroupPermission changeOwner Signed-off-by: Yannick Bungers <git@innay.de>	2022-03-13 21:33:02 +01:00
Yannick Bungers	0a3271e4a5	Add GroupsModule import to public API module Signed-off-by: Yannick Bungers <git@innay.de>	2022-03-13 21:33:02 +01:00
Yannick Bungers	647990022b	Add API routes for fine-grained permission manipulation Signed-off-by: Yannick Bungers <git@innay.de> fix lint Signed-off-by: Yannick Bungers <git@innay.de>	2022-03-13 21:33:02 +01:00
Yannick Bungers	20ebb41197	Add service functions for fine-grained permission API calls Signed-off-by: Yannick Bungers <git@innay.de>	2022-03-13 21:33:02 +01:00
David Mehren	3e096e9cbe	fix(note-user-permission): ensure whole row gets deleted By default, TypeORM wants to NULL the child-side of a many-to-one relation, when the relation gets deleted. This is not possible when the column is not nullable, so the whole row needs to get deleted. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-13 21:33:02 +01:00
David Mehren	2ae8b0c44f	refactor(frontend-integration): inline-import http-proxy-middleware If no dev-dependencies are installed, the unconditional import crashes the app. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:55:07 +01:00
David Mehren	e7ca10bb66	refactor(history-entry-import-dto): rename lastVisited -> lastVisitedAt Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	2605e8894d	refactor(media-service): delete unused method Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	c16d5bb79e	fix(revision): DTOs should correctly extend BaseDto Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	09ec447069	feat(note): save createdAt in a separate column To keep the createdAt date stable, even when the revisions are dropped, this adds a separate column to store this data separately from revisions. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	342efcd7b7	feat(note-metadata): replace primaryAlias with primaryAddress The primary address is never null. If no alias is set, the id is returned. To still easily get the primary alias, the complete Alias DTOs are now included in the metadata. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	64b16c831e	refactor(register-dto): rename displayname -> displayName Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	6f1bdcbaa5	feat(revision): include author details in metadata dto Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	a9f27731bd	refactor(revision): make RevisionDto extend RevisionMetadataDto Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	3ea42fb048	feat(revision): include length in dto Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	7050c9f13b	feat(revision): include edits in dto Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	50c8f39c0c	feat(note): add version attribute This attribute was defined in the dev docs, but never implemented. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	6944094b9b	fix(api/private/me): require and document displayName This renames the argument in the POST /profile route to `displayName` to be more consistent with the UserDTO. It also adds OpenAPI docs. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	d6ea4d29fe	feat(api/private/me): include authProvider in UserInfo This information is supposed to be used by the frontend to identify the login method that was used. The used login method is saved as a string into the session data and extracted via a new SessionAuthProvider decorator. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	3f8e3b0589	refactor(api/public/media): return MediaUpload object instead of url This ensures the POST /media API behaves in the same way as /me/media Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	8e31f3a393	refactor(api/private/media): return MediaUpload object instead of url This ensures the private POST /media API behaves in the same way as /me/media Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	4f10e17d40	fix(frontend-config): iframe origins should be non-optional Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-07 13:54:43 +01:00
David Mehren	513d64493e	test: add and use a mocked DatabaseConfig Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	89297e748f	fix: TypeError in HistoryEntryImportDto For reasons, during testing, reflect-metadata might not be imported. This causes the `@Type` annotation to crash the test with a TypeError. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	f9448bb801	fix(session): limit subqueries for mariadb MariaDB does not support `connect-typeorm`s subqueries, so they need to be disabled if this dialect is used. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	552cb05d92	refactor(api/private/tokens): validate POST data with DTO This adds a `AuthTokenCreateDto` which allows to fully validate incoming JSON data. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	fd3fde9cc8	refactor(api/private/history): validate POST data with DTO This adds a `HistoryEntryImportListDto` which allows to fully validate incoming JSON data. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	a32d9e8305	fix(api/private/auth): wait for error Previously, the `logout` method immediately returned and did not wait for the possible error callback. This wraps the call to `session.destroy` into a promise, so the error can be properly handled. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	72c354d5f6	refactor(history-service): use NoteService to get note Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	5eab4f42d6	refactor: merge AuthTokenDTOs into one file Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
David Mehren	de952fe3b2	feat(auth-service): accept undefined validUntil param The `validUntil` parameter for `createTokenForUser` may be undefined in some usages. As it is easy to add handling for that here, this commit implements it. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 22:24:21 +01:00
Philip Molares	35075bdb0b	test: add unit test for noteConfig Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-03-06 21:42:19 +01:00
Philip Molares	96747b6d68	fix: use joi positive and integer validators on HD_MAX_DOCUMENT_LENGTH validate HD_MAX_DOCUMENT_LENGTH with the positive and integer validators of Joi. See also: - https://joi.dev/api/#numberpositive - https://joi.dev/api/#numberinteger Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-03-06 21:42:19 +01:00
Philip Molares	de8bad13cf	test: add unit test for appConfig Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-03-06 21:35:58 +01:00
Philip Molares	45df0e6edb	fix: rename parseOptionalInt to parseOptionalNumber This allows us to handle the possible errors due to non-integer numbers with joi and return more precise error messages. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-03-06 21:35:58 +01:00
Philip Molares	151e12a8a7	fix: use joi positive, integer and max validators on PORT validate PORT with the positive, integer and max validators of Joi. See also: - https://joi.dev/api/#numberpositive - https://joi.dev/api/#numberinteger - https://joi.dev/api/#numbermax Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-03-06 21:35:58 +01:00
Philip Molares	0a778d8a64	fix: use joi uri validator in appConfig validate HD_DOMAIN and HD_RENDERER_ORIGIN with the uri validator of Joi. This should prevent the problem described in #2150. Fixes #2150 See also: https://joi.dev/api/#stringurioptions Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-03-06 21:35:58 +01:00
David Mehren	7e8716ec95	fix: ensure dates are properly transformed To correctly transform Date objects from ISO-strings in JSON to instances, class-transformer requires the `@Type` annotation. References: https://github.com/typestack/class-transformer#%D1%81onverting-date-strings-into-date-objects Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 20:54:46 +01:00
David Mehren	59a235ebc4	fix: ensure nested objects are properly validated & transformed To validate nested objects, class-transformer requires the `@ValidateNested` annotation. For arrays, class-transfomer requires setting `each: true`. To correctly transform nested objects from JSON to instances, class-transformer requires the `@Type` annotation. References: https://github.com/typestack/class-validator#validating-nested-objects https://github.com/typestack/class-validator#validating-arrays https://github.com/typestack/class-transformer#working-with-nested-objects Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 20:54:46 +01:00
David Mehren	324536bc2d	feat(validation): send error message to client Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-06 20:52:52 +01:00
David Mehren	0be8e4ea55	feat(api/private): add GroupsController The GroupsController can be used to fetch information about groups. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-01 20:20:18 +01:00
David Mehren	0394679134	feat(user-info-dto): split email into separate DTO The email address should only be available in /me routes. This commit splits the email address into a new FullUserInfoDto. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-01 20:20:18 +01:00
David Mehren	a7edf00ebc	feat(api/private): add UsersController The UsersController can be used to fetch information about users. Signed-off-by: David Mehren <git@herrmehren.de>	2022-03-01 20:20:18 +01:00
David Mehren	931a168e5d	fix(session-middleware): don't hardcode database ttl The cookie expiration is taken from the config, but the expiration of session data in the database was hardcoded. This removes the hardcoded value, so TypeormStore defaults to cookie.maxAge. References: https://github.com/nykula/connect-typeorm#options https://github.com/expressjs/session#cookiemaxage Signed-off-by: David Mehren <git@herrmehren.de>	2022-02-27 20:55:13 +01:00
Philip Molares	cf5c398933	fix: openapi decorator This now correctly returns the dto if it is provided. Previously it would return () => undefined, when the dto was not defined, which crashed some internal logic in nestjs. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-02-27 18:40:53 +01:00
Philip Molares	86ef8f3c7f	docs: add documentation to OpenApi decorator Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-02-20 20:56:09 +01:00
Philip Molares	89aac9d4b6	refactor: use new openapi decorator Also remove fullapi decorator, because it's fully replaced by the openapi decorator. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-02-20 20:56:09 +01:00
Philip Molares	a283002a34	feat: create openapi decorator This decorator gets a list of http codes and possible descriptions and adds all necessary decorator internally to the method or the class. This will prevent long OpenApi annotations and keep the controllers shorter. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-02-20 20:56:09 +01:00
Philip Molares	c6bb8f62e8	refactor: use a base dto class This gives all dto classes a common super class for usage of the type system. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-02-20 20:56:09 +01:00
Philip Molares	0955bf048d	refactor: rename markdown body decorator Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-02-20 20:56:09 +01:00

1 2 3 4 5 ...

558 commits