Commit graph

574 commits

Author SHA1 Message Date
Philip Molares
45df0e6edb fix: rename parseOptionalInt to parseOptionalNumber
This allows us to handle the possible errors due to non-integer numbers with joi and return more precise error messages.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
Philip Molares
151e12a8a7 fix: use joi positive, integer and max validators on PORT
validate PORT with the positive, integer and max validators of Joi.

See also:
- https://joi.dev/api/#numberpositive
- https://joi.dev/api/#numberinteger
- https://joi.dev/api/#numbermax

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
Philip Molares
0a778d8a64 fix: use joi uri validator in appConfig
validate HD_DOMAIN and HD_RENDERER_ORIGIN with the uri validator of Joi. This should prevent the problem described in #2150.

Fixes #2150

See also: https://joi.dev/api/#stringurioptions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
David Mehren
7e8716ec95 fix: ensure dates are properly transformed
To correctly transform Date objects from ISO-strings in JSON
to instances, class-transformer requires the `@Type` annotation.

References:
https://github.com/typestack/class-transformer#%D1%81onverting-date-strings-into-date-objects
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 20:54:46 +01:00
David Mehren
59a235ebc4 fix: ensure nested objects are properly validated & transformed
To validate nested objects, class-transformer requires
the `@ValidateNested` annotation.
For arrays, class-transfomer requires
setting `each: true`.

To correctly transform nested objects from JSON to instances,
class-transformer requires the `@Type` annotation.

References:
https://github.com/typestack/class-validator#validating-nested-objects
https://github.com/typestack/class-validator#validating-arrays
https://github.com/typestack/class-transformer#working-with-nested-objects
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 20:54:46 +01:00
David Mehren
324536bc2d feat(validation): send error message to client
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 20:52:52 +01:00
David Mehren
0be8e4ea55 feat(api/private): add GroupsController
The GroupsController can be used to fetch information about groups.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
0394679134 feat(user-info-dto): split email into separate DTO
The email address should only be available
in /me routes.
This commit splits the email address into a new FullUserInfoDto.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
a7edf00ebc feat(api/private): add UsersController
The UsersController can be used to fetch information about users.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
931a168e5d fix(session-middleware): don't hardcode database ttl
The cookie expiration is taken from the config,
but the expiration of session data in the database was hardcoded.

This removes the hardcoded value, so TypeormStore defaults
to cookie.maxAge.

References:
https://github.com/nykula/connect-typeorm#options
https://github.com/expressjs/session#cookiemaxage
Signed-off-by: David Mehren <git@herrmehren.de>
2022-02-27 20:55:13 +01:00
Philip Molares
cf5c398933 fix: openapi decorator
This now correctly returns the dto if it is provided. Previously it would return () => undefined, when the dto was not defined, which crashed some internal logic in nestjs.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-27 18:40:53 +01:00
Philip Molares
86ef8f3c7f docs: add documentation to OpenApi decorator
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
89aac9d4b6 refactor: use new openapi decorator
Also remove fullapi decorator, because it's fully replaced by the openapi decorator.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
a283002a34 feat: create openapi decorator
This decorator gets a list of http codes and possible descriptions and adds all necessary decorator internally to the method or the class. This will prevent long OpenApi annotations and keep the controllers shorter.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
c6bb8f62e8 refactor: use a base dto class
This gives all dto classes a common super class for usage of the type system.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
0955bf048d refactor: rename markdown body decorator
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
7f8d745c80 refactor: move permissions decorator into api utils dir
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
David Mehren
2c081b8dbf fix: correctly initialize exception mapping
The constructor of an exception filter must be given
an instance of HttpAdapterHost, otherwise it will crash at runtime.

This can be reproduced by GETing /.

Reference: https://docs.nestjs.com/exception-filters#inheritance
Signed-off-by: David Mehren <git@herrmehren.de>
2022-02-14 11:28:02 +01:00
Philip Molares
1c67622bf8 test(notes.service): a forbidden id throws a ForbiddenIdError in getNoteByIdOrAlias method
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
c891a95588 feat: checkNoteIdOrAlias in more alias service methods
This should prevent any interaction by a forbidden id

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
796b8294cf docs: improved auto-generated openapi docs
With these additional annotations the openapi docs under `/apidoc` and `/private/apidoc` will be improved by adding errors that the requests can return

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
2bc8c0d6da refactor(public-api): use TokenAuthGuard on controller not method level
As the public api is nearly completely protected by the TokenAuthGuard it seems unnecessarily verbose to add the guard to every method in the controllers, when an annotation at the top of the controller would be sufficient.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
d142cbadeb refactor: remove try catches from controllers
This is handled by the ErrorExceptionMapping class

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
2cd4f412e5 feat: add ErrorExceptionMapping as a global filter
This filters all error that the controller will throw and either maps
them to the correct HttpException if they are internal errors like
NotInDBError, or just leaves them be if they are not part in the map.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
2c7e82680e feat: add additional default descriptions for HttpExceptions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
d0477a5e34 refactor: omit error mapping in GetNoteInterceptor
Because this mapping will now be done with the ErrorExceptionMapping class, the mapping will be omitted in the interceptor.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
4ad7ad368c feat: add error-mapping
The ErrorExceptionMapping class maps internal error to nestjs's appropriate HttpException.
The object returned by those HttpExceptions is now changed to include the name of the intern error code and error message instead of statusCode and error message as is default. This makes it possible to more easily programmatically distinguish between two errors that map to the same HttpException and only differ in the error message.
The statusCode was unnecessary, because any user of the api gets this information already by which HttpException was used.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
451dedef15 refactor: getNoteByIdOrAlias throws NotInDBError instead of ForbiddenIdError for an id on the forbidden list
It's not really necessary to tell the user via get that this id is forbidden, it will not be there and as such NotInDBError is the correct message to the user

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
4500caf882 refactor: move error messages from controller to service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Philip Molares
f672c5179f test: remove controller tests
These test files are only autogenerated and don't have any benefit. Any behaviour one would test with them are (or at least should) already be covered by our e2e tests.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-06 20:57:34 +01:00
Philip Molares
2d8d29cf20 refactor(config): type config mocks
To minimize type errors, when the config objects are changed, this commit introduces types to the mock config object accordingly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-01-30 22:19:50 +01:00
Philip Molares
6c82b95ea2 refactor(config): introduce new interface MediaBackendConfig
This interface is needed to help to use types in some cases, where it didn't work before.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-01-30 22:19:50 +01:00
Philip Molares
f4a580cf2a refactor(config): extract note config from app config
This commit separates the app config object from a new note config object. This was done to separate different concerns in different config files. Especially if the number of settings that are about notes increase, it is a good idea to keep them separate from the app config.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-01-30 22:19:50 +01:00
David Mehren
898abc08f3 style: remove unused variables
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-23 23:01:45 +01:00
David Mehren
7eba4bf83b
style(note-metadata): remove unused imports
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-17 11:58:23 +01:00
David Mehren
08f97209ec
refactor(note-metadata): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:54:53 +01:00
David Mehren
96ed5f3cc8
refactor(note-group-permission-update-dto): rename attribute groupName
For consistency with NoteGroupPermissionEntryDto

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:46:46 +01:00
David Mehren
b40b2e164f
refactor(note-group-permission-entry-dto): do not embed Group objects
This is part of an effort to consistently not embed Group objects
in API responses. Names are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:45:27 +01:00
David Mehren
13284b26cb
refactor(note-user-permission-entry-dto): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:24:54 +01:00
David Mehren
b955faa983
refactor(note-permissions-dto): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:19:53 +01:00
David Mehren
6cd3feb82c
refactor(history-entry): rename lastVisited
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:04:34 +01:00
David Mehren
f1feb3bf94
refactor(note-metadata): rename date attributes
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:59:54 +01:00
David Mehren
b0e2987987
refactor(auth-token): rename lastUsed to lastUsedAt
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:52:15 +01:00
David Mehren
64667d81c0
docs(api): Add missing tags
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:40:48 +01:00
David Mehren
df9fa39b99
test(front-config): Add missing URL import
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 19:53:02 +01:00
Yannick Bungers
030e40ccf0
Update error types for checkLocalPassword and updateLocalPassword to InvalidCredentialsError and NoLocalIdentityError in tests
Signed-off-by: Yannick Bungers <git@innay.de>
2022-01-06 22:01:39 +01:00
Yannick Bungers
b562a5dac7
Change error types in checkLocalPassword and updateLocalPassword to InvalidCredentialsError and NoLocalIdentityError
Signed-off-by: Yannick Bungers <git@innay.de>
2022-01-06 21:59:46 +01:00
Erik Michelson
820a1ae43a
Rename local password check method
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-01-03 23:41:34 +01:00
Erik Michelson
277e2fb1ca
feat(auth): password change requires old password
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:46:40 +01:00
Erik Michelson
20b0ded223
refactor(frontend-config): return auth providers as array
This change removes the customAuthNames property and redefines the
authProviders property of the frontend-config DTO. Instead of an
map from auth providers to their enabled-state (boolean), there is
now an array that just includes the configured auth providers while
also having the identifier and providerName of custom auth providers.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:16:42 +01:00
David Mehren
dcfb00adc1
refactor(identity): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 22:10:59 +01:00
David Mehren
3539216cf3
refactor(user): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 22:03:41 +01:00
David Mehren
16c9d6c011
refactor(session): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 21:49:29 +01:00
David Mehren
5f87406809
refactor(revision): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 21:38:36 +01:00
David Mehren
4e70044a2c
refactor(edit): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:58:01 +01:00
David Mehren
7f7886c5a7
docs(permissions): document why we can't lazy-load
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:32:31 +01:00
David Mehren
d7aaf736a2
refactor(tag): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:06:05 +01:00
David Mehren
235e4f647c
refactor(note): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-30 16:46:07 +01:00
David Mehren
d761ff7f4f
refactor(alias): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:53:39 +01:00
David Mehren
296d73c121
refactor(media-upload): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:47:12 +01:00
David Mehren
4d57105853
docs(history-entry): document why we can't lazy-load
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:08:29 +01:00
David Mehren
0c5fdf4201
refactor(group): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 19:05:28 +01:00
David Mehren
5d7b544e1f
refactor(author): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 18:45:40 +01:00
David Mehren
de6d75238c
refactor(auth-token): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 18:39:52 +01:00
David Mehren
708ae86444
docs: explain the choice of sha-512 for auth tokens
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-14 19:21:28 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
David Mehren
bda58322be
fix(session-guard): correctly check for missing session
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-07 20:23:18 +01:00
Philip Molares
10b5b11269
feat: replace GetNotePipe with GetNoteInterceptor and RequestNote
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:33:20 +01:00
Philip Molares
5a45ff2d0b
feat: add request note decorator
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:26:55 +01:00
Philip Molares
470b32ed5e
feat: refactor get note pipe to interceptor
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:20:49 +01:00
Philip Molares
3e4abb561d
refactor: move permissions service calls into permissions guard
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:19:57 +01:00
Philip Molares
3b92226bab
feat: create permissions guard
This guard protects resources and let's users only access them if they hold the correct permission

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:18:23 +01:00
Philip Molares
7404ebf5ea
feat: create permission decorator
This gathers the permission a user needs to hold to access a resource for the PermissionsGuard.

See https://docs.nestjs.com/guards#setting-roles-per-handler

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:17:33 +01:00
Philip Molares
4a7ccc8178
feat: create permission enum
This enum makes it possible which permissions a user needs to hold to access a specific resource

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:16:12 +01:00
Philip Molares
82643cd790
chore: extract getNote code from GetNotePipe.transform
This was done so the same code could be used in the PermissionsGuard

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:12:35 +01:00
Philip Molares
7927ac2217
chore: move get-note-pipe to api utils
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:05:27 +01:00
Yannick Bungers
9093e5fabc
Add missing null in type in permissions service
The parameters of the permission checking methods were missing a null value for not set user. This is the case if user is not logged in and operating as guest.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-11-29 22:42:31 +01:00
David Mehren
7ef380241d
fix(seed): fix create method usage
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:49:31 +01:00
David Mehren
b9d3c95d2d
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:44:59 +01:00
David Mehren
c675dd0e9e
fix(alias): remove default for primary
To make the create method more consistent with the
guidelines,
this commit removes the default value from the `primary` parameter.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:22:22 +01:00
David Mehren
04412826a7
fix(media-upload): remove backendData parameter
`Create` methods should only contain optional properties

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:14:03 +01:00
David Mehren
3fe1bb0edf
fix(identity): remove default for syncSource
To make the create method more consistent with the
guidelines,
this commit removes the default value from the `syncSource` parameter.

An Identity will be created as sync source,
when the associated account is created using an external provider.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 20:56:17 +01:00
David Mehren
178513a3a0
fix(group): add special flag to create method
To make the create method more consistent with the
guidelines, this commit adds the `special` flag to
the parameters.
As this function will only be used to create the two hard-coded groups
and to handle API requests at one or two places, adding the parameter
should not be too problematic.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 20:53:45 +01:00
Philip Molares
62037acc97
fix(media-upload): rework create and media services saveFile
This was done to make the create method more concise.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-11 22:06:30 +01:00
Philip Molares
b1d4696895
fix: the tests use the new typing from create methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-25 11:55:35 +02:00
Philip Molares
8cda5f99fb
fix: services use the new typings from create methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-25 11:52:42 +02:00
Philip Molares
d0b8e4cd36
feat: consolidate entities create
This was done to give better typings to the function signatures of entities `create` methods.
It also ensures that each field that should be set to `null` is set to `null` and doesn't leave that up to the typeorm handlers.

See: #1641
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-25 11:50:28 +02:00
David Mehren
d4b806bbf8
test(mockconfig): generate unique upload paths
This stops multiple concurrently running tests disturbing each other.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 18:25:00 +01:00
Philip Molares
c9be26235c
docs: fix createUser and test docs
this ports the fixes applied to createGroup to this method as well

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-06 11:49:26 +01:00
Philip Molares
0470497ccb
feat: setupSpecialGroups in bootstrap
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-31 00:06:55 +02:00
Philip Molares
bcf35c61a5
fix: permissions service use new SpecialGroup enum
instead of random strings the permissions service now uses the SpecialGroup enum

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-31 00:05:59 +02:00
Philip Molares
5fd9750d68
feat: add createGroup function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-31 00:04:12 +02:00
Philip Molares
9a8f4c0b8c
feat: add SpecialGroup enum
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-30 23:58:17 +02:00
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
Yannick Bungers
24d79a9493
Add API doc for private media API
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 20:20:14 +02:00
Yannick Bungers
85dc2cd02d
Remove unnecessary exception handling in private notes.controller.ts
and change noteIdOrAlias to Note as parameter

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 21:12:33 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
f4799c5ebe
Change createTokenForUser signature
user is now used instead of username

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:59:51 +02:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
be27686610
change getTokensByUsername to getTokensByUser
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:22:08 +02:00