Commit graph

147 commits

Author SHA1 Message Date
Tilman Vatteroth
f95f5406be fix: make other services use the revision create method
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-20 11:44:38 +02:00
Tilman Vatteroth
7161ffd5f2 fix: adjust seeding to new revision create signature
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-20 11:44:38 +02:00
Tilman Vatteroth
e84096b5dc feat: generate metadata from content on revision creation
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-20 11:44:38 +02:00
Tilman Vatteroth
90df9a4e32 feat: move title and description to revision entity
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-20 11:44:38 +02:00
Tilman Vatteroth
ac825edbe3 fix: replace RouterModule from nest-router with @nestjs/core
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-16 23:00:06 +02:00
Philip Molares
0a8945d934 feat(backend): handle username always in lowercase
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-04 21:55:19 +02:00
Tilman Vatteroth
753c6e593f refactor: remove isomorphic-ws
The package caused some issues while working on other features.
Mostly because bundlers have been unable to determine the correct
websocket constructor.
So I replaced it with a more object-oriented approach.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-06-02 17:40:25 +02:00
Tilman Vatteroth
d1ce1cb3e4 refactor: turn random word list source from json to ts
This prevents future import issues

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-30 09:17:05 +02:00
Tilman Vatteroth
11ccd678de test: add test for permissions guard
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
a852c79947 refactor: replace permission check methods with ordered permission enum
This commit replaces the "mayWrite", "mayRead" and "checkPermissionOnNote"
functions with one that returns a sortable permission value.
This is done because many places in the code need to do actions based on the fact if
the user has no, read or write access. If done with the may-functions then the permission
data need to be looked through multiple times.

Also, the whole check code is split into more functions that are tested separately and make it easier
to understand the process.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
4e298cccfb refactor: make class fields of permissions guard read-only
They're only read and never written after the construction

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
6e0e63688b refactor: allow only one required permission in require-permission decorator
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
9ca6485219 refactor: extract permission metadata key
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
488238d854 refactor: rename "Permissions" enum to "RequiredPermission"
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
6b73016583 refactor: rename "Permissions" decorator to "RequirePermission"
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
4c384cc8de test: add test for get note interceptor
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
b1dc383a7a refactor: use "extractNoteFromRequest" in permission guard
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
ab5aebc9c4 refactor: extract "extract note from request" logic into separate function
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
65fb110a1e refactor: move permissions decorator and guard into permissions directory
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Tilman Vatteroth
22f0abbfbe fix: remove redundant permission guard annotations
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-19 19:10:45 +02:00
Avinash
e73d28dba1 feat(backend): added test realtime note service
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-05-15 20:49:59 +02:00
Avinash
d15a8b18d9 fix(backend): updated realtime connection's acceptEdit, close connection based on permission
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-05-15 20:49:59 +02:00
Tilman Vatteroth
e3a3690b58 refactor(realtime): solve circle dependencies in realtime-user-status-adapter.ts
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-15 17:59:28 +02:00
Tilman Vatteroth
39fff87f52 fix: migrate import code
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-12 19:14:34 +02:00
Tilman Vatteroth
d29e840bc6 fix(realtime): allow realtime user status updates from users that have read-only access
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 20:33:23 +02:00
Tilman Vatteroth
b199cdba67 test: increase coverage of constructor tests
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
2f59869e12 fix: retrieve read-only state for realtime user status adapter from connection
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
f012282a41 fix: restore of test state
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
02a3b7f07b refactor: make displayName readonly
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
3c1ea7bda9 fix: allow change of accept edits in realtime connection
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Tilman Vatteroth
eebbb79d08 fix: retrieve read-only state for y-doc-sync-server-adapter from connection
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-09 12:33:09 +02:00
Yannick Bungers
ed3c688e8b refactor: extract mocking in permissions.service.spec.ts
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
d73bbcaeff fix: increase test coverage
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
dad60a25ea fix: change logging from id to publicId in media upload
Signed-off-by: Yannick Bungers <git@innay.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
c20e20b30a refactor: exclude create permission from note permission check
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
fad5e1e22e test: add private api tests for checkPermissionOnNote and checkMediaDeletePermission
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
001a49329c refactor: extract permission checking from controllers and guard
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338 feat: Add guest file uploads and add deletion for note owners
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
0f464dedfe fix: clean up decorators in the public notes.controller.ts
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
d369132519 fix: add CompleteRequest type to have better type checks for HTTP-Request attribute injection.
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Tilman Vatteroth
0263c09ce1 fix(deps): migrate zxcvbn
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 19:37:41 +02:00
Tilman Vatteroth
e02221acd2 fix: don't create user permissions for owner
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 22:34:24 +02:00
Tilman Vatteroth
a5e12b9ad0 fix(backend): fix extraction body values in permission controllers
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 14:54:37 +02:00
Avinash
bb7a6a74f7 refactor(backend): create mock function for noteRepo and eventemiter
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-04-16 20:55:26 +02:00
Tilman Vatteroth
0950e036b0 refactor(s3-backend): use URL object to construct complete URL instead of string template
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
b6db47a9c2 test(s3-backend): add unit test
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
e8d4fc692d fix(s3-backend): remove redundant parameter
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
baaa41b1e5 fix(media config): expect HD_MEDIA_BACKEND_S3_ENDPOINT to be an uri
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
3c2f59c382 fix(s3-backend): force endpoint to be a uri
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
2016874a3d fix(s3-backend): let minio lib handle the port fallback
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
a72f695124 fix(s3-backend): correct endpoint
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Philip Molares
2fc89a7de5 feat: don't let read-only users send their cursors or selections
This was done as it may be used to distract or annoy other users either intentionally or unintentionally.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Philip Molares
c2f41118b6 feat: check permissions in realtime code and frontend
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Tilman Vatteroth
6fb58d56c2 fix: add missing tests for realtime-user-status-adapter
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
2a2d3756ad refactor: test code of realtime
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
15374acb93 fix(backend): throw error if key in param decorator is not defined
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-31 15:43:28 +02:00
Tilman Vatteroth
598fc8ee11 feat(realtime): synchronize and show realtime activity state
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-29 01:16:43 +02:00
Tilman Vatteroth
8fc59aad82 refactor: make permission service less complex
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-26 20:21:13 +02:00
Tilman Vatteroth
0f8effd318 fix: use correct body parameter for permission controller
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-26 20:21:13 +02:00
David Mehren
f7f052fca1 refactor: use separate env vars for frontend/backend port
As we moved to a combined .env file for simplicity, frontend and backend need to be configured with separate variables.

Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-26 15:53:49 +02:00
Erik Michelson
ca9836d691 enhancement(auth): better error message handling
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
Tilman Vatteroth
24b7514e25 feat: submit own style index on realtime user state set
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-25 13:11:40 +01:00
David Mehren
382e70bf7b fix: replace Equals constructor
TypeORMs Equals constructor is still broken, so this commit removes all remaining usages.

See https://github.com/hedgedoc/hedgedoc/issues/2467

Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-25 12:43:27 +01:00
Tilman Vatteroth
088f2905a5 fix(backend): Fix type errors in query builder mock
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-25 12:43:27 +01:00
David Mehren
162a8e8816 docs: Move 'User Profiles & Authentication' to design docs
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-24 20:06:11 +01:00
Philip Molares
e01628cfb0 fix(backend): fix permission routes in NotesController
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-03-24 18:47:23 +01:00
Tilman Vatteroth
a826677225 refactor: save ydoc state in the database, so it can be restored easier
By storing the ydoc state in the database we can reconnect lost clients easier
and enable offline editing because we continue using the crdt data that has been
used by the client before the connection loss.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-24 16:03:55 +01:00
Tilman Vatteroth
3a06f84af1 refactor: reimplement realtime-communication
This commit refactors a lot of things that are not easy to separate.
It replaces the binary protocol of y-protocols with json.
It introduces event based message processing.
It implements our own code mirror plugins for synchronisation of content and remote cursors

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-24 14:06:03 +01:00
Tilman Vatteroth
229d4a4a1d fix: change sessionstate type to prevent unset values
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-19 22:45:44 +01:00
David Mehren
7233f862f2 test(auth-service): add mock for find
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
ebb8b10804 fix(public/notes-controller): extract canEdit parameter from body
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
068517a73b fix(public/notes-controller): bind setUserPermission to an URL
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
ada90ed30b fix: map PermissionError to HTTP Forbidden
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
921cffb76f fix(auth-service): typeorm query in getTokensbyUser
TypeORM does not support WHERE queries for relation-colums directly.
This replaces the Equal() constructor with a manual comparison of the IDs.

See https://github.com/typeorm/typeorm/issues/2707

Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
7012f807b8 test: fix URLs in mock config
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
9e78776412 refactor(notes-service): use default-access-level & cleanup createNote
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-12 20:42:10 +01:00
David Mehren
cdc9ebd352 refactor(default-access-level): rename from default-access-permission
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-12 20:42:10 +01:00
Tilman Vatteroth
caa53e3556 feat: add patch to add generic types to eventemitter2
EventEmitter2 has types, but they're very basic and not very type safe.
I created this patch, because my improved types haven't been merged into the official package.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-09 21:58:41 +01:00
Tilman Vatteroth
11c2f57e4b fix(commons): extract name of markdown content yjs channel into the commons package
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-09 15:43:59 +01:00
Yannick Bungers
7f8371fec2 Remove redundant password strength check
Signed-off-by: Yannick Bungers <git@innay.de>
2023-02-06 08:46:56 +01:00
Tilman Vatteroth
5e1fdbe81d fix(config): Replace HD_DOMAIN and HD_EDITOR_BASE_URL with HD_BASE_URL
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 22:32:31 +01:00
Tilman Vatteroth
7b2d541cac fix(backend): Use regex to parse version
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 21:21:08 +01:00
Tilman Vatteroth
74178b6edf fix(backend): Remove redundant test
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Tilman Vatteroth
38bcb9affd fix(backend): Fix open handles in backend test
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Tilman Vatteroth
d76714f2a2 fix(commons): Move "wait for other promises to finish" util to commons
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Erik Michelson
2225057ebe misc(apidocs): move URL route of API docs
This makes the Swagger UI route more consistent to the real API routes.
Especially, the "private" prefix of the private API docs was irritating.
Additionally, this commit adds a rule to the Caddyfile for proxying the API docs to the backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-01-15 18:20:25 +01:00
Erik Michelson
d52fc55ef3 feat(apidocs): use real version number
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-01-15 18:20:25 +01:00
Philip Molares
47d1765b12 refactor(backend): don't create local user if password is too weak
This prevents the previous problem that the backend created a user that was then not correctly removed again

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:15:28 +01:00
Philip Molares
c39a9430a2 feat(backend): add RegistrationDisabledError
This error is thrown by RegistrationEnabledGuard instead of directly throwing an http error.
The new RegistrationDisabledError is mapped to the Forbidden HTTP code 403, since this better represents the actual error.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:14:01 +01:00
Erik Michelson
69d625188c fix(tests): syntax for loop in console-logger service
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-09 20:09:56 +01:00
Tamotsu Takahashi
396050c6cf Set the session cookie after registering
Fix https://github.com/hedgedoc/react-client/issues/2524

Signed-off-by: Tamotsu Takahashi <ttakah+github@gmail.com>
2023-01-08 14:31:34 +01:00
David Mehren
b311265762 fix(media-controller): throw if no file was uploaded
Signed-off-by: David Mehren <git@herrmehren.de>
2022-12-30 11:02:56 +01:00
Tilman Vatteroth
298b6bc205 fix(backend): migrate code to use the commons workspace
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-12-11 23:09:10 +01:00
Tilman Vatteroth
a97f7e8fd1 fix(realtime): Allow connections for guest users
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-12-11 22:21:51 +01:00
Philip Molares
d3249c6635 test: fix "creates a new revision" test
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-27 21:29:23 +01:00
Philip Molares
231a3fd6bd feat: add note specific filename for unidiff format in revision patch
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-27 21:29:23 +01:00
Tilman Vatteroth
bf30cbcf48 fix(repository): Move backend code into subdirectory
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-10-30 22:46:42 +01:00