Commit graph

147 commits

Author SHA1 Message Date
Tilman Vatteroth
a72f695124 fix(s3-backend): correct endpoint
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Philip Molares
2fc89a7de5 feat: don't let read-only users send their cursors or selections
This was done as it may be used to distract or annoy other users either intentionally or unintentionally.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Philip Molares
c2f41118b6 feat: check permissions in realtime code and frontend
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Tilman Vatteroth
6fb58d56c2 fix: add missing tests for realtime-user-status-adapter
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
2a2d3756ad refactor: test code of realtime
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
15374acb93 fix(backend): throw error if key in param decorator is not defined
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-31 15:43:28 +02:00
Tilman Vatteroth
598fc8ee11 feat(realtime): synchronize and show realtime activity state
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-29 01:16:43 +02:00
Tilman Vatteroth
8fc59aad82 refactor: make permission service less complex
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-26 20:21:13 +02:00
Tilman Vatteroth
0f8effd318 fix: use correct body parameter for permission controller
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-26 20:21:13 +02:00
David Mehren
f7f052fca1 refactor: use separate env vars for frontend/backend port
As we moved to a combined .env file for simplicity, frontend and backend need to be configured with separate variables.

Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-26 15:53:49 +02:00
Erik Michelson
ca9836d691 enhancement(auth): better error message handling
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
Tilman Vatteroth
24b7514e25 feat: submit own style index on realtime user state set
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-25 13:11:40 +01:00
David Mehren
382e70bf7b fix: replace Equals constructor
TypeORMs Equals constructor is still broken, so this commit removes all remaining usages.

See https://github.com/hedgedoc/hedgedoc/issues/2467

Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-25 12:43:27 +01:00
Tilman Vatteroth
088f2905a5 fix(backend): Fix type errors in query builder mock
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-25 12:43:27 +01:00
David Mehren
162a8e8816 docs: Move 'User Profiles & Authentication' to design docs
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-24 20:06:11 +01:00
Philip Molares
e01628cfb0 fix(backend): fix permission routes in NotesController
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-03-24 18:47:23 +01:00
Tilman Vatteroth
a826677225 refactor: save ydoc state in the database, so it can be restored easier
By storing the ydoc state in the database we can reconnect lost clients easier
and enable offline editing because we continue using the crdt data that has been
used by the client before the connection loss.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-24 16:03:55 +01:00
Tilman Vatteroth
3a06f84af1 refactor: reimplement realtime-communication
This commit refactors a lot of things that are not easy to separate.
It replaces the binary protocol of y-protocols with json.
It introduces event based message processing.
It implements our own code mirror plugins for synchronisation of content and remote cursors

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-24 14:06:03 +01:00
Tilman Vatteroth
229d4a4a1d fix: change sessionstate type to prevent unset values
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-19 22:45:44 +01:00
David Mehren
7233f862f2 test(auth-service): add mock for find
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
ebb8b10804 fix(public/notes-controller): extract canEdit parameter from body
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
068517a73b fix(public/notes-controller): bind setUserPermission to an URL
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
ada90ed30b fix: map PermissionError to HTTP Forbidden
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
921cffb76f fix(auth-service): typeorm query in getTokensbyUser
TypeORM does not support WHERE queries for relation-colums directly.
This replaces the Equal() constructor with a manual comparison of the IDs.

See https://github.com/typeorm/typeorm/issues/2707

Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
7012f807b8 test: fix URLs in mock config
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
9e78776412 refactor(notes-service): use default-access-level & cleanup createNote
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-12 20:42:10 +01:00
David Mehren
cdc9ebd352 refactor(default-access-level): rename from default-access-permission
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-12 20:42:10 +01:00
Tilman Vatteroth
caa53e3556 feat: add patch to add generic types to eventemitter2
EventEmitter2 has types, but they're very basic and not very type safe.
I created this patch, because my improved types haven't been merged into the official package.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-09 21:58:41 +01:00
Tilman Vatteroth
11c2f57e4b fix(commons): extract name of markdown content yjs channel into the commons package
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-09 15:43:59 +01:00
Yannick Bungers
7f8371fec2 Remove redundant password strength check
Signed-off-by: Yannick Bungers <git@innay.de>
2023-02-06 08:46:56 +01:00
Tilman Vatteroth
5e1fdbe81d fix(config): Replace HD_DOMAIN and HD_EDITOR_BASE_URL with HD_BASE_URL
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 22:32:31 +01:00
Tilman Vatteroth
7b2d541cac fix(backend): Use regex to parse version
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 21:21:08 +01:00
Tilman Vatteroth
74178b6edf fix(backend): Remove redundant test
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Tilman Vatteroth
38bcb9affd fix(backend): Fix open handles in backend test
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Tilman Vatteroth
d76714f2a2 fix(commons): Move "wait for other promises to finish" util to commons
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Erik Michelson
2225057ebe misc(apidocs): move URL route of API docs
This makes the Swagger UI route more consistent to the real API routes.
Especially, the "private" prefix of the private API docs was irritating.
Additionally, this commit adds a rule to the Caddyfile for proxying the API docs to the backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-01-15 18:20:25 +01:00
Erik Michelson
d52fc55ef3 feat(apidocs): use real version number
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-01-15 18:20:25 +01:00
Philip Molares
47d1765b12 refactor(backend): don't create local user if password is too weak
This prevents the previous problem that the backend created a user that was then not correctly removed again

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:15:28 +01:00
Philip Molares
c39a9430a2 feat(backend): add RegistrationDisabledError
This error is thrown by RegistrationEnabledGuard instead of directly throwing an http error.
The new RegistrationDisabledError is mapped to the Forbidden HTTP code 403, since this better represents the actual error.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:14:01 +01:00
Erik Michelson
69d625188c fix(tests): syntax for loop in console-logger service
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-09 20:09:56 +01:00
Tamotsu Takahashi
396050c6cf Set the session cookie after registering
Fix https://github.com/hedgedoc/react-client/issues/2524

Signed-off-by: Tamotsu Takahashi <ttakah+github@gmail.com>
2023-01-08 14:31:34 +01:00
David Mehren
b311265762 fix(media-controller): throw if no file was uploaded
Signed-off-by: David Mehren <git@herrmehren.de>
2022-12-30 11:02:56 +01:00
Tilman Vatteroth
298b6bc205 fix(backend): migrate code to use the commons workspace
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-12-11 23:09:10 +01:00
Tilman Vatteroth
a97f7e8fd1 fix(realtime): Allow connections for guest users
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-12-11 22:21:51 +01:00
Philip Molares
d3249c6635 test: fix "creates a new revision" test
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-27 21:29:23 +01:00
Philip Molares
231a3fd6bd feat: add note specific filename for unidiff format in revision patch
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-27 21:29:23 +01:00
Tilman Vatteroth
bf30cbcf48 fix(repository): Move backend code into subdirectory
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-10-30 22:46:42 +01:00