Commit graph

581 commits

Author SHA1 Message Date
David Mehren
64667d81c0
docs(api): Add missing tags
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:40:48 +01:00
David Mehren
df9fa39b99
test(front-config): Add missing URL import
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 19:53:02 +01:00
Yannick Bungers
030e40ccf0
Update error types for checkLocalPassword and updateLocalPassword to InvalidCredentialsError and NoLocalIdentityError in tests
Signed-off-by: Yannick Bungers <git@innay.de>
2022-01-06 22:01:39 +01:00
Yannick Bungers
b562a5dac7
Change error types in checkLocalPassword and updateLocalPassword to InvalidCredentialsError and NoLocalIdentityError
Signed-off-by: Yannick Bungers <git@innay.de>
2022-01-06 21:59:46 +01:00
Erik Michelson
820a1ae43a
Rename local password check method
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2022-01-03 23:41:34 +01:00
Erik Michelson
277e2fb1ca
feat(auth): password change requires old password
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:46:40 +01:00
Erik Michelson
20b0ded223
refactor(frontend-config): return auth providers as array
This change removes the customAuthNames property and redefines the
authProviders property of the frontend-config DTO. Instead of an
map from auth providers to their enabled-state (boolean), there is
now an array that just includes the configured auth providers while
also having the identifier and providerName of custom auth providers.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:16:42 +01:00
David Mehren
dcfb00adc1
refactor(identity): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 22:10:59 +01:00
David Mehren
3539216cf3
refactor(user): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 22:03:41 +01:00
David Mehren
16c9d6c011
refactor(session): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 21:49:29 +01:00
David Mehren
5f87406809
refactor(revision): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 21:38:36 +01:00
David Mehren
4e70044a2c
refactor(edit): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:58:01 +01:00
David Mehren
7f7886c5a7
docs(permissions): document why we can't lazy-load
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:32:31 +01:00
David Mehren
d7aaf736a2
refactor(tag): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 19:06:05 +01:00
David Mehren
235e4f647c
refactor(note): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-30 16:46:07 +01:00
David Mehren
d761ff7f4f
refactor(alias): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:53:39 +01:00
David Mehren
296d73c121
refactor(media-upload): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:47:12 +01:00
David Mehren
4d57105853
docs(history-entry): document why we can't lazy-load
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-18 18:08:29 +01:00
David Mehren
0c5fdf4201
refactor(group): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 19:05:28 +01:00
David Mehren
5d7b544e1f
refactor(author): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 18:45:40 +01:00
David Mehren
de6d75238c
refactor(auth-token): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 18:39:52 +01:00
David Mehren
708ae86444
docs: explain the choice of sha-512 for auth tokens
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-14 19:21:28 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
David Mehren
bda58322be
fix(session-guard): correctly check for missing session
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-07 20:23:18 +01:00
Philip Molares
10b5b11269
feat: replace GetNotePipe with GetNoteInterceptor and RequestNote
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:33:20 +01:00
Philip Molares
5a45ff2d0b
feat: add request note decorator
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:26:55 +01:00
Philip Molares
470b32ed5e
feat: refactor get note pipe to interceptor
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:20:49 +01:00
Philip Molares
3e4abb561d
refactor: move permissions service calls into permissions guard
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:19:57 +01:00
Philip Molares
3b92226bab
feat: create permissions guard
This guard protects resources and let's users only access them if they hold the correct permission

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:18:23 +01:00
Philip Molares
7404ebf5ea
feat: create permission decorator
This gathers the permission a user needs to hold to access a resource for the PermissionsGuard.

See https://docs.nestjs.com/guards#setting-roles-per-handler

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:17:33 +01:00
Philip Molares
4a7ccc8178
feat: create permission enum
This enum makes it possible which permissions a user needs to hold to access a specific resource

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:16:12 +01:00
Philip Molares
82643cd790
chore: extract getNote code from GetNotePipe.transform
This was done so the same code could be used in the PermissionsGuard

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:12:35 +01:00
Philip Molares
7927ac2217
chore: move get-note-pipe to api utils
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:05:27 +01:00
Yannick Bungers
9093e5fabc
Add missing null in type in permissions service
The parameters of the permission checking methods were missing a null value for not set user. This is the case if user is not logged in and operating as guest.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-11-29 22:42:31 +01:00
David Mehren
7ef380241d
fix(seed): fix create method usage
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:49:31 +01:00
David Mehren
b9d3c95d2d
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:44:59 +01:00
David Mehren
c675dd0e9e
fix(alias): remove default for primary
To make the create method more consistent with the
guidelines,
this commit removes the default value from the `primary` parameter.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:22:22 +01:00
David Mehren
04412826a7
fix(media-upload): remove backendData parameter
`Create` methods should only contain optional properties

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:14:03 +01:00
David Mehren
3fe1bb0edf
fix(identity): remove default for syncSource
To make the create method more consistent with the
guidelines,
this commit removes the default value from the `syncSource` parameter.

An Identity will be created as sync source,
when the associated account is created using an external provider.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 20:56:17 +01:00
David Mehren
178513a3a0
fix(group): add special flag to create method
To make the create method more consistent with the
guidelines, this commit adds the `special` flag to
the parameters.
As this function will only be used to create the two hard-coded groups
and to handle API requests at one or two places, adding the parameter
should not be too problematic.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 20:53:45 +01:00
Philip Molares
62037acc97
fix(media-upload): rework create and media services saveFile
This was done to make the create method more concise.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-11 22:06:30 +01:00
Philip Molares
b1d4696895
fix: the tests use the new typing from create methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-25 11:55:35 +02:00
Philip Molares
8cda5f99fb
fix: services use the new typings from create methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-25 11:52:42 +02:00
Philip Molares
d0b8e4cd36
feat: consolidate entities create
This was done to give better typings to the function signatures of entities `create` methods.
It also ensures that each field that should be set to `null` is set to `null` and doesn't leave that up to the typeorm handlers.

See: #1641
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-25 11:50:28 +02:00
David Mehren
d4b806bbf8
test(mockconfig): generate unique upload paths
This stops multiple concurrently running tests disturbing each other.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-16 18:25:00 +01:00
Philip Molares
c9be26235c
docs: fix createUser and test docs
this ports the fixes applied to createGroup to this method as well

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-06 11:49:26 +01:00
Philip Molares
0470497ccb
feat: setupSpecialGroups in bootstrap
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-31 00:06:55 +02:00
Philip Molares
bcf35c61a5
fix: permissions service use new SpecialGroup enum
instead of random strings the permissions service now uses the SpecialGroup enum

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-31 00:05:59 +02:00
Philip Molares
5fd9750d68
feat: add createGroup function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-31 00:04:12 +02:00
Philip Molares
9a8f4c0b8c
feat: add SpecialGroup enum
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-10-30 23:58:17 +02:00
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
Yannick Bungers
24d79a9493
Add API doc for private media API
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 20:20:14 +02:00
Yannick Bungers
85dc2cd02d
Remove unnecessary exception handling in private notes.controller.ts
and change noteIdOrAlias to Note as parameter

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 21:12:33 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
f4799c5ebe
Change createTokenForUser signature
user is now used instead of username

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:59:51 +02:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
be27686610
change getTokensByUsername to getTokensByUser
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:22:08 +02:00
David Mehren
0da7d01dec
Add dev-proxy to frontend dev server
This adds a reverse proxy to the backend, that automatically
redirects requests that are not handled by the backend to the React
dev server running on port 3001.

The reverse proxy is only enabled when NODE_ENV is set to
'development'.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-23 22:36:13 +02:00
Yannick Bungers
ad190fcf22
Get user from Session instead of hardcoded value
Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-23 22:44:34 +02:00
David Mehren
39eb5ff116
Log errors in ValidationPipe
Previously, when an error was encountered while validating
the request, only an HTTP 400 status code was returned to the client.
This adds logging of the error message,
so invalid requests can be debugged.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-23 22:05:57 +02:00
David Mehren
1f2067288a
Explicitly import URL
With Yarn PnP, URL is seems to not automatically be
part of the global scope.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-06 16:32:24 +02:00
Philip Molares
9383eeb53a
fix: the seed command handles the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:56:12 +02:00
Philip Molares
90b64c73b3
test: fix service tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:53:07 +02:00
Philip Molares
b135333a51
feat: add alias controller to private and public api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:28:59 +02:00
Philip Molares
2b76d33a23
feat: add aliases to service files
This commit makes it possible to identifier notes via any alias in the note and history service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:47:38 +02:00
Philip Molares
babd5ce393
chore: create getIdentifier utility function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:53:29 +02:00
Philip Molares
8c214820e1
chore: create getPrimaryAlias utility function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:51:47 +02:00
Philip Molares
d1b7c2a2db
feat: add alias service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:53:54 +02:00
Philip Molares
17c55195c3
feat: add list of aliases to note entity
One of the aliases can be primary for each note, but all can be used to get information from the apis.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:46:32 +02:00
Philip Molares
86d060706f
chore: add PrimaryAliasDeletionForbiddenError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:52:00 +02:00
Philip Molares
1fd15cc376
chore: add alias dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:54:42 +02:00
Philip Molares
366057fb8b
feat: add auth controller with internal login, registration, password change and logout
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 22:00:14 +02:00
Philip Molares
cd4ee84ec3
feat: add LoginEnabledGuard and RegistrationEnabledGuard
These guards check if the login or registration are enabled in the config. If so the guarded method is executed, if not the client will get the HTTP Error 400 Forbidden as an answer

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:31:01 +02:00
Philip Molares
46d03571c1
fix: update seed.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:51 +02:00
Philip Molares
5a91662865
feat: add session handling
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:36:13 +02:00
Philip Molares
1c52ad69a6
feat: add identity module
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:23 +02:00
Philip Molares
df10ed92e3
feat: add local auth strategy
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:12 +02:00
Philip Molares
b9cec8aeca
feat: add identity service
This service handles all the authentication of the private api.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:58:54 +02:00
Philip Molares
3cc321f353
feat: add getFirstIdentityFromUser helper function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:46 +02:00
Philip Molares
e7eb6694a6
feat: change email auth config to local
This was done to use the same term. Also email was the old term from HedgeDoc 1 and wildly inaccurate. As we never checked any mail addresses, in fact it was more of a username than anything else.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 19:24:32 +02:00
Philip Molares
43242cccc9
feat: add session to AuthConfig
this handles the settings for the cookie session. The secret and the lifeTime of the cookie can be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 17:46:58 +02:00
Philip Molares
0ef0d1e111
feat: add local auth dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:54:05 +02:00
Philip Molares
5e4eb574c5
chore: add user relation enum
this enum is used to specify which relation of the user object should be populated.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:36 +02:00
Philip Molares
337854c86a
feat: lazy load identities of user object
This makes it possible that we can get identities from any user object even if we didn't specify that while getting them from the orm

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 22:13:16 +02:00
Philip Molares
23e26fb830
chore: move identity entity in its own folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:53:20 +02:00
Philip Molares
547f2239cc
chore: move password related functions from AuthService to utils file
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:47:13 +02:00
Philip Molares
cf8f3b39ec
feat: add ProviderType enum
This is used to give identities a type and to easily get the identity any auth method would need.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:22 +02:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00
David Mehren
5ecb0c0694
RevisionsService: Refactor getFirst/LastRevision
The functions now expect a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:45:56 +02:00
David Mehren
fe26f1689c
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:28:21 +02:00
David Mehren
341e3a3e5a
HistoryService: Remove getEntryByNoteIdOrAlias
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:57:35 +02:00
David Mehren
d2b60a316f
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:42:46 +02:00
David Mehren
839877dbc5
HistoryService: Refactor updateHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:38:10 +02:00
David Mehren
3396d3e47d
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:19:53 +02:00
David Mehren
470f09d8fe
Private API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:33:02 +02:00
David Mehren
ed8fd3939c
Public API: Remove superfluous try/catch
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:32:45 +02:00
David Mehren
83869aaa48
Public API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:28:14 +02:00
David Mehren
73be10e606
Implement GetNotePipe
This pipe transforms a note ID or alias to a Note object
by loading it from the database.
It also performs error handling

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:18:54 +02:00
David Mehren
b480adc807
Public API: Introduce RequestUser decorator
This introduces the `RequestUser` decorator
to extract the `User` from a request.

It reduces code duplication across the public API
and allows us to drop the override of the `Request` type from express.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-28 19:03:15 +02:00
Yannick Bungers
3b5ccddfcc
Fix copy paste error in auth toAuthTokenDto test
Add an hour difference between createdAt and validUntil to better detect
these errors.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-03 19:15:42 +02:00
David Mehren
9450f500d6
Cleanup some imports
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:57:00 +02:00
David Mehren
5ed2fae44e
Enforce import order with prettier
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
Philip Molares
c31da7ec33
test(generatePublicId): test if with a given random buffer a correct encoding is generated
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-15 21:17:07 +02:00
Philip Molares
ef5dfebb53
fix(publicId): generate 128-bit instead of 128-byte value
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-14 08:45:48 +02:00
David Mehren
28a1628722
Switch to new buffered logger
NestJS 8 allows the logs to buffer on startup, so that all logs run
through our custom logger.

See also https://docs.nestjs.com/techniques/logger#dependency-injection

Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-15 20:21:42 +02:00
David Mehren
43f887b4c1
EditDto: Clarify that the username can be null
If the edit was made by a anonymous user, we don't have a username.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 22:04:59 +02:00
David Mehren
1b1e232476
Rename NoteAuthorshipDto to EditDto
After Authorship was renamed to Edit, the DTO should follow.
The file is also moved to the revisions folder, where the entity
already is.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 22:02:32 +02:00
David Mehren
b2d37abf6c
Rename Authorship entity to Edit
As we now have a separate Author entity, which holds information
about an author (the color), the Authorship name became confusing.
Edit seems to be a better name, as the entity saves information
about a change in a note.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 21:46:41 +02:00
David Mehren
5846ca75a9
NotesService: Implement getAuthorUsers
This reimplements logic to get all Users that ever edited a note
and fixes the empty `editedBy` property of `toNoteMetadataDto`
introduced in 81cc092e.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-24 21:58:44 +02:00
David Mehren
6abcb686ca
Seed: Generate multiple notes and authorships
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 21:09:15 +02:00
David Mehren
f6d430c23f
Adjust tests to new Session and Author entities
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-17 22:28:35 +02:00
David Mehren
3d07c5e443
AuthorshipEntity: Adjust to DB schema
This commit replaces the user property with a author property,
in accordance with the DB schema updated in 0d6c3002.

It also adjusts the NoteService accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 22:12:25 +02:00
David Mehren
8040f47d00
Add Author property to Session & User
The DB schema was updated in 0d6c3002,
this adds the new author property to
the Session and User entities.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:39:33 +02:00
David Mehren
1dc6db24a9
AuthorEntity: Add create method
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 22:12:00 +02:00
David Mehren
4e14053f8f
AuthorEntity: Add missing properties
This adds the missing properties according to the DB PlantUML schema

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:11:48 +02:00
David Mehren
59a4c72299
UsersModule: Add Session to TypeORM module
This seems to have been missed in
db026d6a57, where the Session entity
was added.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:15:10 +02:00
David Mehren
283ec673cf
Remove AuthorColor entity
It will be replaced with the Author entity,
that will save the color

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-17 21:08:13 +02:00
David Mehren
9e5d95657d
Move publicID creation to Note.create
Before this commit, `Note.create()` did not return a complete object,
as the `publicId` property was missing.
This adds the generation of the property to the `create` method and
moves the actual generation code from the `NotesService`
to a utility method.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 21:19:08 +02:00
Philip Molares
0f58757858
chore(test): Change test to work with publicId
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:46:02 +02:00
Philip Molares
b7e52f8166
feat(notes): Use publicId in notes service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:44:43 +02:00
Philip Molares
ce132f2432
feat(note): Add publicId field
This field is a randomly generated 128-bit value encoded with base32-encode using the crockford variant and converted to lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:43:42 +02:00
Philip Molares
875e848b80
refactor: Remove randomString function
This was done because it was only a wrapper for a nodejs function to check if the given parameter is a positive number.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:41:01 +02:00
Thomas Snowden
7087135ea4
Add API decorator to reduce clutter
Signed-off-by: Thomas Snowden <zapperchamp1@gmail.com>
2021-04-24 19:10:16 -04:00
David Mehren
eaf1852fe5
Format with Prettier 2.3
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-15 21:13:44 +02:00
Philip Molares
f739687b00
Refactor(note): Remove shortid from note
This is a 1.x relict and isn't used anymore in 2.x. All 1.x shortids will be converted to aliases on migration of 1.x to 2.x.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-11 22:37:52 +02:00
Philip Molares
f5039791ed
Linting: Fixed wrong logger contexts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 21:53:28 +02:00
David Mehren
375cb4eae9
AuthTokenEntity: Make validUntil not nullable
As all tokens are valid for a maximum of 2 years, the
validUntil attribute is always populated.

This updates the database schema and the DTO to reflect that.

Fixes #1256

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 22:05:47 +02:00
David Mehren
6ddaa59e8c
Remove superfluous overrideProvider statements
Fixes #1254

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 21:34:43 +02:00
David Mehren
076c9c502d
Add error handling in seed.ts
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-02 18:35:38 +02:00
David Mehren
6471ba92ef
Fix nullable property types in Note DTOs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-02 18:33:07 +02:00
David Mehren
73997d4693
MediaUploadDto: Make noteId optional
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:59:40 +02:00
David Mehren
d4495a0a62
GroupsService: Remove test obsoleted by strict mode
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 21:53:05 +02:00
David Mehren
8388edcd53
UsersService: Remove test obsoleted by strict mode
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 21:52:20 +02:00
David Mehren
0944f07834
Ensure optional properties of AuthTokenDto are initialized
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 21:14:09 +02:00
David Mehren
246d053b68
Add explicit type annotations to nullable columns
TypeORM can't correctly infer the data type on properties with a `| null` type.
This commit adds explicit type annotations.

See also https://github.com/typeorm/typeorm/issues/2567#issuecomment-408599335

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 19:08:59 +02:00
David Mehren
80d8ce901b
NotesService.toNoteMetadataDto: Handle undefined updateUser
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:30:48 +02:00
David Mehren
772263317d
NotesService: Fix type errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:30:17 +02:00
David Mehren
e217b30d26
Consistently type properties as optional
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:29:12 +02:00
David Mehren
bc08493f89
GroupsService: Remove null from toGroupDto return type
toGroupDto won't return null, as TS's strict mode
prevents group from being nullish

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:28:32 +02:00
David Mehren
b962e8390a
NotesController: Double-check that req.user is defined
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:12:20 +02:00
David Mehren
0a8dd454ab
NoteEntity: Allow anonymous notes
Notes created by anonymous users don't have an owner.
This commit updates the entity accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:09:22 +02:00
David Mehren
bd56d17663
MediaUploadDto: Make noteId optional
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:59:40 +02:00
David Mehren
3b0bbe8b00
MediaService: Handle unexpected backend type
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:59:18 +02:00
David Mehren
22702b3390
Correctly type nullable columns
TypeORM columns with `nullable: true` can be `null` at runtime.
This commit ensures that the types of the corresponding properties reflect that.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:54:57 +02:00
David Mehren
d63f581a42
MediaController: Double-check that req.user is defined
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:44:27 +02:00
David Mehren
90038cf116
MeController: Double-check that req.user is defined
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:43:16 +02:00
David Mehren
87eb099d34
UsersService: Remove null from toUserDto return type
toUserDto won't return null, as TS's strict mode
prevents user from being nullish

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:40:13 +02:00
David Mehren
a453344205
MarkdownBody: Handle error in getOwnPropertyDescriptor
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:27:15 +02:00
David Mehren
4959be739a
Handle config initialisation error on app bootstrap
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:22:01 +02:00