As we want to support the browser print dialog why not make it possible
to access that from our UI?
Signed-off-by: Philip Molares <philip.molares@udo.edu>
We release Alpha v3 of HedgeDoc 2.0 and need to make sure that all
version are changed accordingly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The url the placeholder text linked to is not accurate anymore
and needed to be changed. Also the "Happy hacking" part seemed
outdated so we changed it to "Let the ideas grow" in accordance
with the new slogan of HedgeDoc
Signed-off-by: Philip Molares <philip.molares@udo.edu>
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.
The previous name PublicAuthToken was a bit misleading, since PublicAuth
could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This adds support for keeping the uploads attached to a note when
deleting the same note. This is done by a simple checkbox that can be
clicked in the DeletionModal.
To do this, some parts of the note deletion had to be refactored,
especially in the case of the history page. Both the note deletion and
history removal methods used the same modal, which isn't applicable now
anymore. Additionally, there was a bug that the modal checked for
ownership in the frontend before allowing the note deletion. However, in
the context of the history page, the ownership couldn't be evaluated
since the backend API didn't include that information. This is now fixed
as well.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The dark-mode selector changed from the class "dark" attached to the
body element to a data-attribute with some react-bootstrap upgrade.
This commit reflects this change in our custom css.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit changes the caddyfile to not directly rely on the
HD_BASE_URL environment variable, but instead default to port 8080 as
used in our package.json scripts and docs.
The caddy domain can optionally be overridden using the CADDY_HOST env
variable.
Furthermore, this change adds a section to trust reverse-proxies in
front of Caddy if they are in a private range IP address network.
Both these changes are required to be able to expose a local development
setup with another domain than localhost to a co-developer. With
this change it works without having Caddy trying to generate TLS
certificates for that domain nor HedgeDoc erroring about a origin
mismatch, that occurs as Caddy doesn't forward specific headers
otherwise.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Since we use rathole while developing to share a local dev environment
with a co-developer, the client config with the secrets should not be
accidentally committed.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The provided types by ldapauth-fork are re-exported from ldapjs. ldapjs
is unmaintained by now but since their last update, the
ConnectionOptions type seems to not contain the mandatory parameter
`url` anymore. Therefore this typecast is needed.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Due to failing docker builds it was brought to our attention,
that the backend relied on the uuid package without declaring
it as dependency. This worked in all development and build
scenarios as the frontend declares uuid as dependency already
and top-level `yarn install` installs all dependencies from all
workspaces. However as the docker build only runs for either
the backend or the frontend, this failed.
This commit adds the dependency to the backend as well.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The API documentation belongs strictly to the API itself.
Due to the usage of version-prefixed API endpoints, there is no conflict
with existing or future endpoints.
The reason behind this is that we already have enough exceptions in the
routing (default everything to react-frontend, exceptions for backend)
and it is hard to keep it synchronized throughout all relevant places.
This came to attention as the dev setup didn't proxy the API docs to the
backend.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>