TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
TypeORM columns with `nullable: true` can be `null` at runtime.
This commit ensures that the types of the corresponding properties reflect that.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds error handling to getEntryByNote, so it throws a
NotInDBError instead of (illegally, according to the type) returning
null.
Signed-off-by: David Mehren <git@herrmehren.de>
Some properties already have a IsOptional decorator,
this makes the properties themselves also optional
Signed-off-by: David Mehren <git@herrmehren.de>
A string with a negative length is invalid, so we should throw here
instead of complicating the type with a possible null return value.
Signed-off-by: David Mehren <git@herrmehren.de>
validUntil and lastUsed already have a IsOptional decorator,
this makes the properties themselves also optional
Signed-off-by: David Mehren <git@herrmehren.de>
This adds error handling to various getters, so they throw a
NotInDBError instead of (illegally, according to the type) returning
null.
Signed-off-by: David Mehren <git@herrmehren.de>
This is the transactional reimplementation of the business logic of the history controllers setHistory method (of the private api). This should prevent the problem that the history gets deleted, but a later error in the handling of the list of HistoryEntryImportDto let's the call fail.
See also: https://docs.nestjs.com/techniques/database#transactions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the function is now only called with a user and a note and the previous extra parameters are now added into the transactional setHistory method, this is no longer necessary.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To reuse this functionality in the history services setHistory method, it was extracted into its own exported function.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This script invokes src/seed.ts to create a sqlite DB. The DB already contains some objects to manual test with. This ensures that devs easily can spin up a test instance of HedgeDoc and don't need to fumble around with the DB file.
See https://github.com/typeorm/typeorm#creating-a-connection-to-the-database
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As we only use rendererOrigin in the frontend config service, where domain will be used if it is not defined, it makes more sense to move this default behavior to the app config directly. That makes it easier to understand what this variable contains and that it defaults to domain.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
NestJS adds the headers "Last Modified" and "ETag" to asset serving responses.
Therefore all the information we need for the banner are already given by the
file content or the file meta data.
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As it is possible to delete a note without also deleting the associated media uploads this needs to changed in the media upload entity, too.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit adds a few missing `functionContext` parameters in calls to
`this.logger` and fixes a copy-paste error in `ensureDirectory`
Signed-off-by: David Mehren <git@herrmehren.de>
Until now the app config mock used ts-loader's LogLevel instead of our own Loglevel, which is obviously wrong.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To better handle deletion of entities, all necessary other entities got the option onDelete CASCADE set. So everything that does not make any sense if something else is deleted will be deleted along side of it.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The former deleteFile was moved to the public apis media controller and the actual deletion functionality was moved in a separate function to be called on user deletion.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add test to createUser method to ensure an already used username triggers a AlreadyInDBError.
Add debug entry if user is deleted.
Add changeDisplayName method.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This makes it possible to create permissions by setting them in the note entity and delete them when either the user or note is deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This functions makes it possible to make a partial order of the Loglevel enum. This simplifies the if statements in ConsoleLogger.
This is done, because the Loglevel enum already has a string backing for easy conversion from the config environmental variables and therefore can't also have a ordinal number assigned…
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The cache is never null, because it defaults to undefined, and therefore this function always returns undefined.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
All urls should be of the form `uploads/<filename>.<extension>` regardless of what the uploadDirectory is, because the backend proxies all locally uploaded files.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
These are used in the /config private API call and needed to distinguish with which of the multiple auth providers a login should occur.
This also fixes the types of the multiple auth provider arrays to something that works, as `[{}]` specifics exactly on object in an array.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
CustomizationConfig holds all possible customization configs.
ExternalConfig holds external services that may be configured.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
We need this function in at least on other part of the application so extracting it into an util file was only logical.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This makes it possible for the autogenerated openapi file to contain all the dtos instead of nothing.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
'...use' tries to go up one level and grab the value of 'use' there and not the same level 'use' as we want here
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This re-enables the `@typescript-eslint/explicit-module-boundary-types`
check and also enables the
`@typescript-eslint/explicit-function-return-type` check.
Signed-off-by: David Mehren <git@herrmehren.de>
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).
Fixes#838
Signed-off-by: David Mehren <git@herrmehren.de>
This is necessary as typescript is unable to determine that `year` in this object is of type "numeric" and not string.
Signed-off-by: Philip Molares <philip.molares@udo.edu>