Commit graph

6597 commits

Author SHA1 Message Date
Erik Michelson
62dfe4df72 fix(avatars): show correct profile picture of users
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:44 +02:00
Erik Michelson
7195c1bdc0 fix(styles): use correct dark-mode selector in css
The dark-mode selector changed from the class "dark" attached to the
body element to a data-attribute with some react-bootstrap upgrade.
This commit reflects this change in our custom css.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:02 +02:00
Erik Michelson
603ad8088c enhancement(auth/oidc): allow manual defining end_session_endpoint URL
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
53409825d4 fix(config/auth): error message mappings for manual OIDC attributes
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
88cfd6a974 fix(auth/oidc): clean-up oidcIdToken session variable
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
c4c5cbd5d0 fix(auth/oidc): string "undefined" for missing userinfo response fields
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
e8793271a0 enhancement(caddy): expose :8080 by default, trust private proxies
This commit changes the caddyfile to not directly rely on the
HD_BASE_URL environment variable, but instead default to port 8080 as
used in our package.json scripts and docs.
The caddy domain can optionally be overridden using the CADDY_HOST env
variable.
Furthermore, this change adds a section to trust reverse-proxies in
front of Caddy if they are in a private range IP address network.
Both these changes are required to be able to expose a local development
setup with another domain than localhost to a co-developer. With
this change it works without having Caddy trying to generate TLS
certificates for that domain nor HedgeDoc erroring about a origin
mismatch, that occurs as Caddy doesn't forward specific headers
otherwise.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 17:56:25 +02:00
Erik Michelson
f40aa020c4 chore(gitignore): ignore rathole proxy config with secrets
Since we use rathole while developing to share a local dev environment
with a co-developer, the client config with the secrets should not be
accidentally committed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 17:56:25 +02:00
renovate[bot]
a86012be21 fix(deps): update dependency next to v14.2.10 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-18 08:42:35 +00:00
Emmanuel Ferdman
3e0d84f031 fix(docker): update docker documentation reference
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2024-09-17 01:35:45 +02:00
Erik Michelson
3e17edf95d fix(types): typecast ldap options due to wrong types in ldapjs
The provided types by ldapauth-fork are re-exported from ldapjs. ldapjs
is unmaintained by now but since their last update, the
ConnectionOptions type seems to not contain the mandatory parameter
`url` anymore. Therefore this typecast is needed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
Erik Michelson
3261929a2a fix(types): move and remove unused types
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
renovate[bot]
7b66965014 fix(deps): update dependency ldapauth-fork to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-13 13:56:02 +02:00
Erik Michelson
21dcf0eb49 fix(tests): minio upload type is not exported anymore
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 16:55:41 +02:00
renovate[bot]
57cba653e3 fix(deps): update dependency minio to v8
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-12 16:55:41 +02:00
Erik Michelson
62eb4b6d2b fix(packages): backend was missing uuid package
Due to failing docker builds it was brought to our attention,
that the backend relied on the uuid package without declaring
it as dependency. This worked in all development and build
scenarios as the frontend declares uuid as dependency already
and top-level `yarn install` installs all dependencies from all
workspaces. However as the docker build only runs for either
the backend or the frontend, this failed.
This commit adds the dependency to the backend as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 15:45:14 +02:00
Erik Michelson
157a0fe278 refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
4132833b5d refactor(api-docs): move api docs to /api/doc/
The API documentation belongs strictly to the API itself.
Due to the usage of version-prefixed API endpoints, there is no conflict
with existing or future endpoints.
The reason behind this is that we already have enough exceptions in the
routing (default everything to react-frontend, exceptions for backend)
and it is hard to keep it synchronized throughout all relevant places.
This came to attention as the dev setup didn't proxy the API docs to the
backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
Philip Molares
1609f3e01f fix(frontend): first heading will be cleared
If all headings are deleted the note title will be deleted and not be kept to the last value.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-11 20:46:38 +02:00
Philip Molares
02a5f62d27 fix: frontmatter headline
If one wrote a frontmatter the incomplete ending dashes where interpreted as a headline and therefore the last line in the frontmatter was handled as the first heading of the document.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-11 20:46:38 +02:00
renovate[bot]
61fc33fc73 chore(deps): update yarn to v4.4.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2024-09-02 16:38:54 +02:00
renovate[bot]
b5c15c5c2d fix(deps): update dependency mermaid to v11
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 11:18:10 +02:00
renovate[bot]
9427a946b5 fix(deps): update dependency @react-hook/resize-observer to v2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:57:26 +02:00
renovate[bot]
d430af4bc1 chore(deps): update testing-library
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:46:45 +02:00
renovate[bot]
528f4dade1 fix(deps): update dependency raw-body to v3
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:36:06 +02:00
Erik Michelson
73d9c3231b refactor(backend): rename auth to public-auth-token
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-02 10:33:08 +02:00
renovate[bot]
52fe7f55de fix(deps): update dependency rimraf to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:28:52 +02:00
renovate[bot]
2ff657a745 fix(deps): update dependency markdown-it-anchor to v9
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:21:15 +02:00
renovate[bot]
0b95e59417 fix(deps): update i18next
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:13:55 +02:00
renovate[bot]
5d1113ad0a fix(deps): update dependency uuid to v10
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-01 19:36:12 +02:00
renovate[bot]
0bad560ece chore(deps): update dependency mkdocs-material to v9.5.34
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-01 16:12:36 +00:00
Philip Molares
48ced674e7 fix: prevent emoji autocomplete
Add an empty entry to the emoji autocompletion which allows us to press enter to continue without any random emojis in the note where we did not intend them.

Fixes #5251

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-01 18:04:22 +02:00
Philip Molares
994b159618 fix(frontend): build messages
The urls are not https://example.org since https://github.com/hedgedoc/hedgedoc/pull/5598 and this message should have been changed then as well.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-01 17:57:45 +02:00
Philip Molares
4d7621c45f fix: avatar url
With the recent dicebear update we don't need to use the sync method anymore as toDataUri now is sync.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-01 12:36:23 +02:00
Philip Molares
d8281d2d0e fix: caddy candidate order
We should use the most specific caddy first and go to more general caddy executables as is the norm and expected from systems in general.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-01 08:43:23 +02:00
Philip Molares
558283ea48 chore(deps): update caniuse-lite
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 18:46:09 +02:00
renovate[bot]
783cd1c8b5 chore(deps): update docker/build-push-action action to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-31 18:12:25 +02:00
Philip Molares
c4ccb37c29 fix: convert dep5 file
reuse 4 now uses a REUSE.toml file instead.

See: https://reuse.readthedocs.io/en/stable/history.html#id6
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 18:04:12 +02:00
renovate[bot]
e1c5332bec chore(deps): update fsfe/reuse docker tag to v4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-31 18:04:12 +02:00
renovate[bot]
e38d3bbb1b chore(deps): update dependency @codemirror/commands to v6.6.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-31 15:26:57 +00:00
Philip Molares
ab48b332ac fix: turbo env
Because turbo now removes non specified environment variables we need to specify --env-mode explicitly as loose

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 15:33:01 +02:00
Philip Molares
09641c14f6 fix: migrate turbo.json
turbo v2 changed the turbo.json file somewhat. This PR address this.
See: https://turbo.build/repo/docs/crafting-your-repository/upgrading

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 12:53:53 +02:00
Philip Molares
03a388c6f9 fix: turbo filter commands
turbo now wants you to specify the whole name and not just part of the name.

See: https://github.com/vercel/turborepo/pull/8137
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 12:53:53 +02:00
renovate[bot]
9bb33cbc70 chore(deps): update dependency turbo to v2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-31 12:53:53 +02:00
renovate[bot]
e10a7f885a chore(deps): update actions/upload-artifact action to v4.4.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-31 10:16:03 +02:00
renovate[bot]
5fea1206b9 chore(deps): update dependency @dicebear/converter to v9
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-31 10:08:44 +02:00
renovate[bot]
b481f79c34 chore(deps): remove dependency http-proxy-middleware
This is no longer necessary, as we needed this previously when the backend proxied the frontend

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-31 09:56:18 +02:00
renovate[bot]
d85f2d6e00 chore(deps): update dependency mkdocs to v1.6.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 15:32:46 +00:00
renovate[bot]
3a8869fab9 chore(deps): update dependency @darraghor/eslint-plugin-nestjs-typed to v5
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-30 17:27:29 +02:00