Commit graph

170 commits

Author SHA1 Message Date
David Mehren
5eab4f42d6 refactor: merge AuthTokenDTOs into one file
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
0be8e4ea55 feat(api/private): add GroupsController
The GroupsController can be used to fetch information about groups.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
0394679134 feat(user-info-dto): split email into separate DTO
The email address should only be available
in /me routes.
This commit splits the email address into a new FullUserInfoDto.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
a7edf00ebc feat(api/private): add UsersController
The UsersController can be used to fetch information about users.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
Philip Molares
cf5c398933 fix: openapi decorator
This now correctly returns the dto if it is provided. Previously it would return () => undefined, when the dto was not defined, which crashed some internal logic in nestjs.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-27 18:40:53 +01:00
Philip Molares
86ef8f3c7f docs: add documentation to OpenApi decorator
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
89aac9d4b6 refactor: use new openapi decorator
Also remove fullapi decorator, because it's fully replaced by the openapi decorator.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
a283002a34 feat: create openapi decorator
This decorator gets a list of http codes and possible descriptions and adds all necessary decorator internally to the method or the class. This will prevent long OpenApi annotations and keep the controllers shorter.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
0955bf048d refactor: rename markdown body decorator
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
7f8d745c80 refactor: move permissions decorator into api utils dir
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
c891a95588 feat: checkNoteIdOrAlias in more alias service methods
This should prevent any interaction by a forbidden id

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
796b8294cf docs: improved auto-generated openapi docs
With these additional annotations the openapi docs under `/apidoc` and `/private/apidoc` will be improved by adding errors that the requests can return

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
2bc8c0d6da refactor(public-api): use TokenAuthGuard on controller not method level
As the public api is nearly completely protected by the TokenAuthGuard it seems unnecessarily verbose to add the guard to every method in the controllers, when an annotation at the top of the controller would be sufficient.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
d142cbadeb refactor: remove try catches from controllers
This is handled by the ErrorExceptionMapping class

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
2c7e82680e feat: add additional default descriptions for HttpExceptions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
d0477a5e34 refactor: omit error mapping in GetNoteInterceptor
Because this mapping will now be done with the ErrorExceptionMapping class, the mapping will be omitted in the interceptor.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
4500caf882 refactor: move error messages from controller to service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
f672c5179f test: remove controller tests
These test files are only autogenerated and don't have any benefit. Any behaviour one would test with them are (or at least should) already be covered by our e2e tests.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-06 20:57:34 +01:00
Philip Molares
f4a580cf2a refactor(config): extract note config from app config
This commit separates the app config object from a new note config object. This was done to separate different concerns in different config files. Especially if the number of settings that are about notes increase, it is a good idea to keep them separate from the app config.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-01-30 22:19:50 +01:00
David Mehren
64667d81c0
docs(api): Add missing tags
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:40:48 +01:00
Yannick Bungers
b562a5dac7
Change error types in checkLocalPassword and updateLocalPassword to InvalidCredentialsError and NoLocalIdentityError
Signed-off-by: Yannick Bungers <git@innay.de>
2022-01-06 21:59:46 +01:00
Erik Michelson
820a1ae43a
Rename local password check method
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-01-03 23:41:34 +01:00
Erik Michelson
277e2fb1ca
feat(auth): password change requires old password
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:46:40 +01:00
David Mehren
4e70044a2c
refactor(edit): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:58:01 +01:00
David Mehren
235e4f647c
refactor(note): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-30 16:46:07 +01:00
David Mehren
296d73c121
refactor(media-upload): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:47:12 +01:00
David Mehren
0c5fdf4201
refactor(group): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 19:05:28 +01:00
Philip Molares
10b5b11269
feat: replace GetNotePipe with GetNoteInterceptor and RequestNote
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:33:20 +01:00
Philip Molares
5a45ff2d0b
feat: add request note decorator
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:26:55 +01:00
Philip Molares
470b32ed5e
feat: refactor get note pipe to interceptor
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:20:49 +01:00
Philip Molares
3e4abb561d
refactor: move permissions service calls into permissions guard
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:19:57 +01:00
Philip Molares
3b92226bab
feat: create permissions guard
This guard protects resources and let's users only access them if they hold the correct permission

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:18:23 +01:00
Philip Molares
82643cd790
chore: extract getNote code from GetNotePipe.transform
This was done so the same code could be used in the PermissionsGuard

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:12:35 +01:00
Philip Molares
7927ac2217
chore: move get-note-pipe to api utils
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:05:27 +01:00
David Mehren
b9d3c95d2d
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:44:59 +01:00
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
Yannick Bungers
24d79a9493
Add API doc for private media API
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 20:20:14 +02:00
Yannick Bungers
85dc2cd02d
Remove unnecessary exception handling in private notes.controller.ts
and change noteIdOrAlias to Note as parameter

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 21:12:33 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
f4799c5ebe
Change createTokenForUser signature
user is now used instead of username

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:59:51 +02:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
be27686610
change getTokensByUsername to getTokensByUser
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:22:08 +02:00
Yannick Bungers
ad190fcf22
Get user from Session instead of hardcoded value
Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-23 22:44:34 +02:00
Philip Molares
90b64c73b3
test: fix service tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:53:07 +02:00
Philip Molares
b135333a51
feat: add alias controller to private and public api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:28:59 +02:00
Philip Molares
366057fb8b
feat: add auth controller with internal login, registration, password change and logout
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 22:00:14 +02:00
Philip Molares
cd4ee84ec3
feat: add LoginEnabledGuard and RegistrationEnabledGuard
These guards check if the login or registration are enabled in the config. If so the guarded method is executed, if not the client will get the HTTP Error 400 Forbidden as an answer

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:31:01 +02:00
Philip Molares
23e26fb830
chore: move identity entity in its own folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:53:20 +02:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00