Commit graph

153 commits

Author SHA1 Message Date
David Mehren
5f48b530f2
Update @types/express-serve-static-core and @types/serve-static
After updating @types/express these need to be updated to prevent broken typings.
This does not happen automatically, so I needed to delete these two packages from
yarn.lock and run `yarn install` again.

See https://github.com/DefinitelyTyped/DefinitelyTyped/issues/47339#issuecomment-691800846

Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-07 17:14:30 +01:00
Renovate Bot
6918b7a0e5
Update definitelyTyped
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-07 09:15:51 +00:00
Renovate Bot
1f1fadf4f6
Update dependency @types/jest to v26
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 23:00:35 +00:00
Renovate Bot
4f8bb0f348
Update dependency ts-jest to v26.4.4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:57:36 +00:00
Renovate Bot
aabb4e19db
Update dependency file-type to v16
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:54:07 +00:00
Renovate Bot
25e74f4ae7
Update dependency prettier to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:44:29 +00:00
Renovate Bot
ffe2c8f557
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:25:56 +00:00
Renovate Bot
9429e8d6c5
Update dependency typescript to v4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:21:58 +00:00
Renovate Bot
6759f535c4
Update dependency jest to v26.6.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:16:28 +00:00
Renovate Bot
96fe8a39ce
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:13:17 +00:00
Renovate Bot
24de4cc477
Update dependency ts-node to v9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:51:21 +00:00
Renovate Bot
90f8dfb77a
Update dependency ts-loader to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:46:50 +00:00
Renovate Bot
07273bda1d
Update dependency supertest to v6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:40:56 +00:00
Renovate Bot
7580a7ba13
Update dependency swagger-ui-express to v4.1.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:25:55 +00:00
Renovate Bot
62be9eb442
Update dependency typeorm to v0.2.29
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:14:55 +00:00
Renovate Bot
c41124bb2e
Pin dependency class-transformer to 0.3.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:03:59 +00:00
David Mehren
a9afd5030f
Add cli-color dependency, that previously was in @nestjs/common
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 20:56:11 +01:00
Renovate Bot
3f1783dcde
Update NestJS packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 19:43:16 +00:00
Renovate Bot
50e7352467
Update dependency class-transformer to ^0.3.0 [SECURITY]
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 18:38:14 +00:00
Renovate Bot
86b54a9c5e
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-05 22:12:43 +00:00
David Mehren
0f1cab5006
Update dependencies
Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-24 23:02:05 +02:00
David Mehren
560efc71d8
Use useStaticAssets instead of @nestjs/serve-static
`serve-static` does not work with `createTestingModule` and is not recommended when "just" serving a few images.

See https://github.com/nestjs/serve-static/issues/240

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-24 11:32:23 +02:00
David Mehren
9743018591
Use serve-static to serve uploaded files.
Add `@nestjs/serve-static` to serve uploaded media from the upload directory on the local filesystem.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-17 19:58:22 +02:00
David Mehren
b4b91acddb
NotesController: Use custom logic to access raw markdown
NestJS does not support content-types other than application/json.
Therefore we need to directly access the request object to get the raw body content.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-09-25 21:35:47 +02:00
David Mehren
db026d6a57
Add Session entity
This entity implements the Session interface from connect-typeorm, which we will later use to store session data from express-session.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:12 +02:00
David Mehren
f03642aba8
Update yarn.lock with Nest 7.4
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:10 +02:00
David Mehren
f3d1644f95
Enable automatic OpenAPI spec generation.
NestJS can automatically generate an OpenAPI spec by analyzing controllers and used DTOs.
This commit enables this feature. The API docs are served under /apidoc.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:08 +02:00
David Mehren
56d5a2e1b1
Add NoteModule
This contains the module, a model which was adapted from the old code and two DTOs.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:07 +02:00
David Mehren
4135b7e6e4
Add TypeORM support
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
David Mehren
f4caee2ac7
Add empty NestJS application
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
Sheogorath
6c1ca5bd8d
Run database migrations automatically on startup
Instead of using sequelize-cli and ensure migrations by shellscript,
this patch automates database migrations properly to the umzug library.
The sequelize CLI becomes a dev dependencies as it's still useful for
generating migrations.

This should eliminate the need for crude generating of database config
files and alike. Instead we utilize the pre-configured sequelize
connection that CodiMD will use anyway.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-07-11 20:33:35 +02:00
David Mehren
4df1ea6a5c
Upgrade pg package to fix node version 14 compatibility
This is a forward-port of d6ce60c.

The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-07-10 18:52:15 +02:00
Sheogorath
2230f7fa93
Upgrade LDAP-auth to fix RCE in ldapauth dependency
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.

This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.

Reference:
ea21d75f54
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
2020-06-28 02:49:07 +02:00
David Mehren
cb0f5c1bed
Update yarn.lock
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:34:16 +02:00
David Mehren
ba6055a03d
Downgrade jQuery to 3.4.1
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:19 +02:00
Philip Molares
3c216795e7
added all @types for passport-strategies as devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:15 +02:00
Philip Molares
ef6632cac9
added userRouter.ts
- added @types/passport
- added @types/archiver
- types all req and res arguments
- renamed unused argument next to _

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:12 +02:00
Yannick Bungers
c4178e5d77
changed path dmpWorker.js -> dmpWorker.ts
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:10 +02:00
Philip Molares
ab5a654068
added @types/minio to devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
Yannick Bungers
6d256dd5b6
Added Types for csp.ts
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
David Mehren
b6ad2b2625
Add @types/lodash
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:05 +02:00
Philip Molares
f9193822a7
created letter-avatars.ts
added @types/randomcolor

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
7cdcf627db
note.ts: ESLint fixes, add types for diff-match-patch
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
0228d00c56
Use ESLint and 'typescript-eslint' plugin.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:03 +02:00
David Mehren
1d4107fe90
Migrate models to TypeScript
Co-authored-by: David Mehren <dmehren1@gmail.com>
Co-authored-by: Yannick Bungers <git@innay.de>
Co-authored-by: Philipp Hochkamp <me@phochkamp.de>
Co-authored-by: nzbr <mail@nzbr.de>

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:01 +02:00
Sheogorath
144f17aade
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:09:26 +01:00
Sheogorath
06d0438013
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-24 15:10:14 +01:00
Sheogorath
afe38bcbb7
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-16 23:41:12 +01:00
Sheogorath
8039066f99
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 14:34:28 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-23 18:11:17 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-28 01:43:22 +01:00
Sheogorath
20a67e3446
Update yarn.lock 2019-10-23 21:21:35 +02:00
Sheogorath
09e1584800
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:25:30 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:48 +02:00
Sheogorath
7d67566b96
Update yarn.lock 2019-08-01 20:14:48 +02:00
Sheogorath
0d5923d61c
Update sequelize to latest version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
Sheogorath
502fae70a4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:23:24 +02:00
Sheogorath
3eca0a74ae
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30 00:10:44 +02:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1 2019-05-06 10:42:41 +02:00
Sheogorath
d359d4aa84
Update yarn.lock 2019-04-16 14:31:01 +02:00
Sheogorath
197b0db88f
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:58:04 +02:00
Sheogorath
b817b9efd9
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:25:33 +01:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 19:14:12 +01:00
Sheogorath
edfe7fc401
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 15:27:16 +01:00
Sheogorath
0d88707475
Update yarn.lock 2019-02-15 15:40:45 +01:00
Sheogorath
3dc40116e4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 12:21:19 +01:00
Sheogorath
5f1406a136
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-18 22:04:22 +01:00
Sheogorath
b40f14f66d
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-04 14:04:34 +01:00
Sheogorath
f9929605af
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:34:56 +01:00
Sheogorath
2d241b9300
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:06:37 +01:00
Sheogorath
3d1b138a31
Update yarn.lock 2018-11-12 14:27:42 +01:00
MartB
6bce9ac5bf Fix #1016: webpack include defect for scripts and header files.
Signed-off-by: MartB <mart.b@outlook.de>
2018-10-16 11:40:21 +02:00
Sheogorath
a7281a5275
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-11 00:23:23 +02:00
David Mehren
7eed584c01
Update yarn.lock
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Sheogorath
c7478c1694
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-09 23:08:57 +02:00
Sheogorath
53ad4ef555
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-06 15:56:18 +02:00
Sheogorath
d9ba11b21a
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:31:56 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
Sheogorath
0017ddd310
Update yarn.lock 2018-09-06 15:12:37 +01:00
Sheogorath
53a846bdc5
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 14:15:45 +02:00
Sheogorath
bd93269dae
Update yarn.lock 2018-06-30 17:45:26 +02:00
Sheogorath
fe5248acbd
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 17:07:53 +02:00
Sheogorath
4fcefebe5c
Update yarn.lock 2018-06-17 23:36:22 +02:00
Sheogorath
b07925b849
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-05 01:43:17 +02:00
Sheogorath
7a91d01830
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-21 23:12:34 +02:00
Sheogorath
43fa5cf57f
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-17 12:20:57 +02:00
Sheogorath
6e6a98b392
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-18 15:36:52 +01:00
Sheogorath
21be5a5517
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-07 11:30:08 +01:00
Sheogorath
6b97dd7aac
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-31 01:16:52 +01:00
Sheogorath
e055f270b4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 22:37:02 +01:00
Sheogorath
4c08afbbb5
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 16:38:32 +01:00
Sheogorath
e5074df910
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-24 19:50:09 +01:00
Sheogorath
ae294f51f5
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-17 16:34:56 +01:00
Sheogorath
9c002ce29b Update yarn 2017-11-27 08:14:28 +01:00
Peter Dave Hello
da2426ae3d Update yarn.lock 2017-10-30 00:21:35 +08:00
Wu Cheng-Han
7f52a4b38a Update yarn.lock file 2017-09-27 22:07:55 +08:00
Christian Schuhmann
355c805db8 Update yarn.lock 2017-08-29 16:53:15 +02:00
Max Wu
c37b666915 Merge branch 'master' into BackendRefactor 2017-05-14 17:42:14 +08:00
BoHong Li
ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00