Commit graph

3129 commits

Author SHA1 Message Date
David Mehren
5a207c4ab4
Merge pull request #787 from hedgedoc/chore/commit-guidelines
Add commit guidelines to contribution docs
2021-02-01 21:43:10 +01:00
David Mehren
f7f2752af7
Add commit guidelines to contribution docs
To ensure maintainability,
commit guidelines are added to our contribution documentation.
They include notes on commit structure and the commit message,
which evolved from issues that were encountered while developing.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-01 21:40:38 +01:00
David Mehren
6bce4c241b
Merge pull request #786 from hedgedoc/refactor/dto 2021-02-01 20:19:36 +01:00
David Mehren
5cb8173070
Merge pull request #790 from hedgedoc/github/support-template
Add issue config to add external links to the community forum
2021-01-31 11:52:16 +01:00
Sheogorath
495ca5bbc9
Add issue config to add external links to the community forum
This patch adds a Issue template config, which can be used to link to
the forum for support requests as well as community discussions.

Note: The change in `.reuse/dep5` just makes sure the CI process doesn't
cry about licenses on files.

Reference:
https://docs.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2021-01-31 01:51:37 +01:00
Yannick Bungers
c2b6c6fe49 Reformat code by yarn format
Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-31 00:12:00 +01:00
Philip Molares
a7f35aaeec tests: Fix tests as part of the DTO Refactor
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-31 00:11:58 +01:00
Yannick Bungers
b07d6d478c Refactoring of controllers and service interfaces
DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers

Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-30 00:15:05 +01:00
Yannick Bungers
3431934ceb
Merge pull request #778 from hedgedoc/fix/secretLength 2021-01-29 22:27:54 +01:00
Philip Molares
08b3dd5db9 auth: Fix undefined secret error
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:24:19 +01:00
Philip Molares
ba517b3cfe auth: Fix UnauthorizedException throwing
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:00:47 +01:00
Philip Molares
5a727d530b auth: Fix secret length
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 21:32:54 +01:00
David Mehren
b49c802c79
Merge pull request #776 from hedgedoc/fix/UnauthorizedException
auth: Fix handling of internal server errors
2021-01-29 20:52:36 +01:00
Philip Molares
84915b61ac auth: Fix handling of internal server errors
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 20:33:56 +01:00
David Mehren
63b61f304b
Merge pull request #783 from hedgedoc/renovate/ts-jest-26.x
chore(deps): update dependency ts-jest to v26.5.0
2021-01-29 19:24:55 +01:00
David Mehren
d8a02aa409
Merge pull request #780 from hedgedoc/fix/inconsistentEnvVars
config: Fix inconsistent env vars
2021-01-29 19:24:01 +01:00
Renovate Bot
1f26c992a1
chore(deps): update dependency ts-jest to v26.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-29 14:02:05 +00:00
Philip Molares
2f17291079 config: Fix inconsistent env vars
This should make the translation from env var name to config name and vice versa more consistent.

Fixes #751

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-28 23:28:16 +01:00
Yannick Bungers
333b5a07e6
Merge pull request #768 from hedgedoc/feat/split-openapi
Swagger: Split public and private API
2021-01-27 23:13:49 +01:00
David Mehren
13fcd72f2d
Merge pull request #770 from hedgedoc/renovate/nestjs-packages
fix(deps): update nestjs packages to v7.6.7
2021-01-27 20:07:14 +01:00
David Mehren
3ba64f15f1
Swagger: Split public and private API
Fixes #759

Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-27 20:02:25 +01:00
David Mehren
932cb636ff
Merge pull request #771 from hedgedoc/fix/base64Url 2021-01-27 19:49:02 +01:00
Renovate Bot
df3e389b6f
fix(deps): update nestjs packages to v7.6.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:26:10 +00:00
David Mehren
4d03577bba
Merge pull request #772 from hedgedoc/renovate/mkdocs-material-6.x
Update dependency mkdocs-material to v6.2.6
2021-01-27 18:25:36 +01:00
Renovate Bot
c39d159cf2
Update dependency mkdocs-material to v6.2.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-27 17:23:14 +00:00
David Mehren
b029d3100a
Merge pull request #769 from hedgedoc/renovate/pymdown-extensions-8.x
Update dependency pymdown-extensions to v8.1.1
2021-01-27 18:22:23 +01:00
Philip Molares
563f862846 auth: Encode secret in base64url
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-27 00:23:43 +01:00
Philip Molares
7aeb77b262 auth: Fix base64url transformation
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:56:45 +01:00
Renovate Bot
fa235f6fe1
Update dependency pymdown-extensions to v8.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-26 01:46:17 +00:00
David Mehren
f8757d0e5b
Merge pull request #766 from hedgedoc/feat/dto-docs 2021-01-25 23:16:02 +01:00
David Mehren
12263acce6
Merge pull request #767 from hedgedoc/renovate/test-packages
chore(deps): update dependency supertest to v6.1.3
2021-01-25 23:10:55 +01:00
Renovate Bot
af555d972b
chore(deps): update dependency supertest to v6.1.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 22:02:40 +00:00
David Mehren
c0ee27e2b0
Merge pull request #765 from hedgedoc/renovate/pin-dependencies
fix(deps): pin dependencies
2021-01-25 23:02:09 +01:00
Renovate Bot
999099c94b
fix(deps): pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 21:52:35 +00:00
David Mehren
3dc223847d
HistoryEntryDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
3f16a398d2
HistoryEntryUpdateDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
5f71e779ef
NoteDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
be2dc0e4d6
NoteAuthorshipDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
84143eec7d
RevisionMetadataDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
43194500e9
RevisionDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
e4f0c5c064
NoteMetadata DTOs: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
a83a7c7a66
NotePermission DTOs: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
d3acd3d2db
UserInfoDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
a144a55eb4
Swagger: Enable comment parsing
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
Yannick Bungers
ca04856425
Merge pull request #738 from hedgedoc/private/tokens 2021-01-25 21:38:53 +01:00
Philip Molares
2c38bd55a8 regenerated yarn.lock
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:34:11 +01:00
Philip Molares
bfe14dad8d auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
67a5f3c7ec auth: Add maximum token lifetime of 2 years.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
99d6b39e00 auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
c2d759da53 auth: Add token limit of 200
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00