Commit graph

369 commits

Author SHA1 Message Date
Philip Molares
57f76499f0
Dev Docs: Add configuration documentation
This explains how the configuration code works and give some hints on what do look out for while working on the configuration code.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-03 20:50:49 +01:00
David Mehren
99ddee7815
Add missing logging context at various places
Our custom logger supports providing the name of the function that
calls the logger, this commit adds this context string where it
was previously missing.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-05 22:30:22 +01:00
Philip Molares
0dbcc9a653
Docs: Add api tags to group controller
For a better structure of the autogenerated apidoc website tags are used. Each Controller get it's own tag and will be put in a separate section.

See https://docs.nestjs.com/openapi/operations#tags

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-04 13:44:08 +01:00
Philip Molares
744a55181e
Tests: Rename users.e2e-spec.ts to me.e2e-spec.ts
As users.e2e-spec.ts tests the MeController this commit renames the test appropriately

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-03 21:51:30 +01:00
Philip Molares
d457729ab7
Tests: Fix Mock Auth
This makes it possible to create the user before the mock auth guard does it's magic. This is necessary for some test, where we need the user object before the api is called.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-03 21:49:39 +01:00
Philip Molares
36f041f0e0
History: Add unit and e2e test
Add unit tests for history service
Adapt relevant me e2e tests to work

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-03 21:46:36 +01:00
Philip Molares
e55e62c2cd
History: Add history service and usage
Add history service to allow for CRUD operations.
Use history service in controllers to:
  1. Allow manipulating of history entries
  2. Guaranty the correct existence of history entries

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-03 21:22:55 +01:00
Philip Molares
300b464efd
History: Add HistoryEntry
With this the backend now can hold a history entry.
Also included in this commit are some minor changes to tests and services so they can still work.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-03 21:15:39 +01:00
David Mehren
2ee8ff4d91
Update docs with hint about 2.0 development
Replace the old docs index page with a hint where the (for now) 'real'
docs can be found and that HedgeDoc 2.0 is still in development.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-04 21:50:38 +01:00
David Mehren
effba43fe8
Delete old docs not relevant for 2.x
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-04 16:14:59 +01:00
Renovate Bot
7bf3f59dd8
Lock file maintenance
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-01 22:38:57 +00:00
Sheogorath
93710eeb18
renovatebot: Configure renovatebot to update 1.x and 2.x branches
Currently renovatebot only cares about the default branch, which is
currently develop. In order to keep everything up-to-date we should
configure it, to also make sure that the master branch for 1.x will be
updated.

Therefore this patch adds the `baseBranches` config option, which allows
to define an array of branches to update.

Reference:

https://docs.renovatebot.com/configuration-options/#basebranches

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2021-02-02 22:16:33 +01:00
Renovate Bot
ea5ea73ae1
chore(deps): update dependency mkdocs-material to v6.2.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-01 21:06:50 +00:00
David Mehren
7efd73e02f
Expand PR template with hint about branches
Add a sub-step to the PR template to remind the user to use the correct
branch.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-01 21:53:37 +01:00
David Mehren
90674fb80e
Docs: Emphasize the difference between branches
To further reduce confusion between the `develop` and `master` branches,
this commit adds more information about them in the README
and the contribution docs.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-30 18:37:45 +01:00
David Mehren
c42871be66
Add commit guidelines to contribution docs
To ensure maintainability,
commit guidelines are added to our contribution documentation.
They include notes on commit structure and the commit message,
which evolved from issues that were encountered while developing.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-30 17:36:19 +01:00
Yannick Bungers
22aaa956a7
Reformat code by yarn format
Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-30 18:09:00 +01:00
Philip Molares
5920a1c72f
tests: Fix tests as part of the DTO Refactor
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-30 12:47:31 +01:00
Yannick Bungers
0d5b9dea00
Refactoring of controllers and service interfaces
DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers

Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-30 00:06:38 +01:00
Sheogorath
e8e269b1bb
Add issue config to add external links to the community forum
This patch adds a Issue template config, which can be used to link to
the forum for support requests as well as community discussions.

Note: The change in `.reuse/dep5` just makes sure the CI process doesn't
cry about licenses on files.

Reference:
https://docs.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2021-01-30 20:38:12 +01:00
Philip Molares
08ba52293c
auth: Fix undefined secret error
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:24:19 +01:00
Philip Molares
aa10e10412
auth: Fix UnauthorizedException throwing
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:00:47 +01:00
Philip Molares
46b5cdfb47
auth: Fix secret length
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-28 12:18:20 +01:00
Philip Molares
8b27f6f393
auth: Fix handling of internal server errors
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-27 21:55:30 +01:00
Renovate Bot
5a811b9109
chore(deps): update dependency ts-jest to v26.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-29 14:02:05 +00:00
Philip Molares
8d815cf2c5
config: Fix inconsistent env vars
This should make the translation from env var name to config name and vice versa more consistent.

Fixes #751

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-28 23:28:16 +01:00
David Mehren
1883db4c93
Swagger: Split public and private API
Fixes #759

Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 23:11:56 +01:00
Renovate Bot
ca066f4228
fix(deps): update nestjs packages to v7.6.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:26:10 +00:00
Philip Molares
62a5215242
auth: Encode secret in base64url
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:19:12 +01:00
Philip Molares
1791cb7c82
auth: Fix base64url transformation
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:18:52 +01:00
Renovate Bot
06768e33f5
Update dependency mkdocs-material to v6.2.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:23:14 +00:00
Renovate Bot
ce71581661
Update dependency pymdown-extensions to v8.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-26 01:46:17 +00:00
David Mehren
af35cd1bb2
HistoryEntryDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:45:52 +01:00
David Mehren
c38019b0f2
HistoryEntryUpdateDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:45:43 +01:00
David Mehren
6a21665c3e
NoteDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:45:34 +01:00
David Mehren
7688b7c21f
NoteAuthorshipDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:44:47 +01:00
David Mehren
6c7bd0ed26
RevisionMetadataDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:44:20 +01:00
David Mehren
09cf25d111
RevisionDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:44:11 +01:00
David Mehren
3233b5c958
NoteMetadata DTOs: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:23:09 +01:00
David Mehren
eb2544bc2b
NotePermission DTOs: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:22:52 +01:00
David Mehren
1a825ed199
UserInfoDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:22:01 +01:00
David Mehren
9a77cd5565
Swagger: Enable comment parsing
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:20:54 +01:00
Renovate Bot
e643d59fc2
chore(deps): update dependency supertest to v6.1.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 22:02:40 +00:00
Renovate Bot
671aa005f5
fix(deps): pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 21:52:35 +00:00
Philip Molares
141e16c2b9
regenerated yarn.lock
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:32:17 +01:00
Philip Molares
c8da989f25
auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 16:29:09 +01:00
Philip Molares
ad0ab648bc
auth: Add maximum token lifetime of 2 years.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 12:14:26 +01:00
Philip Molares
6686fa58c5
auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 18:16:08 +01:00
Philip Molares
af993407b3
auth: Add token limit of 200
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 12:05:25 +01:00
Philip Molares
39d9fb5dec
tokens: Add token creation
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-21 19:37:43 +01:00