The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.
Signed-off-by: David Mehren <git@herrmehren.de>
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.
Signed-off-by: David Mehren <git@herrmehren.de>
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.
Signed-off-by: David Mehren <git@herrmehren.de>
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.
Signed-off-by: David Mehren <git@herrmehren.de>
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.
Signed-off-by: David Mehren <git@herrmehren.de>
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.
Signed-off-by: David Mehren <git@herrmehren.de>
This introduces the `RequestUser` decorator
to extract the `User` from a request.
It reduces code duplication across the public API
and allows us to drop the override of the `Request` type from express.
Signed-off-by: David Mehren <git@herrmehren.de>
As we now have a separate Author entity, which holds information
about an author (the color), the Authorship name became confusing.
Edit seems to be a better name, as the entity saves information
about a change in a note.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
This is the transactional reimplementation of the business logic of the history controllers setHistory method (of the private api). This should prevent the problem that the history gets deleted, but a later error in the handling of the list of HistoryEntryImportDto let's the call fail.
See also: https://docs.nestjs.com/techniques/database#transactions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The former deleteFile was moved to the public apis media controller and the actual deletion functionality was moved in a separate function to be called on user deletion.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This re-enables the `@typescript-eslint/explicit-module-boundary-types`
check and also enables the
`@typescript-eslint/explicit-function-return-type` check.
Signed-off-by: David Mehren <git@herrmehren.de>
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).
Fixes#838
Signed-off-by: David Mehren <git@herrmehren.de>
As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Handle the AlreadyInDB and PermissionsUpdateInconsistent errors and correctly show them to the api user as BadRequest errors.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This service is necessary as we plan to have functions to create and manipulate groups in the future.
The GroupInfoDto was moved from the file note-permissions.dto.ts to mimic the UserInfoDto.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The permission check also tries to get the note and a non existing note needs to be handled there too.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Our custom logger supports providing the name of the function that
calls the logger, this commit adds this context string where it
was previously missing.
Signed-off-by: David Mehren <git@herrmehren.de>
For a better structure of the autogenerated apidoc website tags are used. Each Controller get it's own tag and will be put in a separate section.
See https://docs.nestjs.com/openapi/operations#tags
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add history service to allow for CRUD operations.
Use history service in controllers to:
1. Allow manipulating of history entries
2. Guaranty the correct existence of history entries
Signed-off-by: Philip Molares <philip.molares@udo.edu>
With this the backend now can hold a history entry.
Also included in this commit are some minor changes to tests and services so they can still work.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers
Signed-off-by: Yannick Bungers <git@innay.de>
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As explained in https://github.com/nestjs/swagger/issues/32#issuecomment-716169471, it's possible to register swagger metadata in custom decorators by providing an array of `enhancers`.
We now add metadata with the `MarkdownBody` decorator: The request needs a `body` with content-type `text/markdown`.
Signed-off-by: David Mehren <git@herrmehren.de>
This commit adds proper error handling and returns 404 when a note does not exist.
Previously, we leaked the `NotInDBError` and sent a 500 status code.
Signed-off-by: David Mehren <git@herrmehren.de>
As the `saveFile` method only really uses the files `Buffer`, this commit changes the signature so it directly gets a `Buffer` instead of a complicated `MulterFile` object. This also simplifies testing.
Signed-off-by: David Mehren <git@herrmehren.de>
