Commit graph

523 commits

Author SHA1 Message Date
David Mehren
1710b7c00a
Merge pull request #1751 from hedgedoc/fix/privateMediaAPIDoc 2021-10-21 19:40:47 +02:00
Yannick Bungers
a2ebd16260 Remove unnecessary exception handling in private notes.controller.ts
and change noteIdOrAlias to Note as parameter

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 22:35:47 +02:00
Yannick Bungers
04dca6aa68 Add API doc for private media API
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 20:20:14 +02:00
Alexandru Văleanu
b3d3015ce7
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 20:00:28 +02:00
Yannick Bungers
9d4fc6d7c6
Merge pull request #1735 from hedgedoc/fix-username 2021-10-15 21:37:10 +02:00
Yannick Bungers
325e1893f8 Change createTokenForUser signature
user is now used instead of username

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:59:51 +02:00
Yannick Bungers
d33cfa4541 fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:54:00 +02:00
Yannick Bungers
aa8455a079 change getTokensByUsername to getTokensByUser
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:22:08 +02:00
David Mehren
a4749d60f7
Add dev-proxy to frontend dev server
This adds a reverse proxy to the backend, that automatically
redirects requests that are not handled by the backend to the React
dev server running on port 3001.

The reverse proxy is only enabled when NODE_ENV is set to
'development'.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-13 21:36:38 +02:00
Yannick Bungers
e5750b0084
Merge pull request #1673 from hedgedoc/remove-hardcoded 2021-10-13 21:14:33 +02:00
Yannick Bungers
28266bca0b Get user from Session instead of hardcoded value
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:52:39 +02:00
David Mehren
9d785100e8
Merge pull request #1671 from hedgedoc/enhancement/validation_logs 2021-10-07 20:38:38 +02:00
David Mehren
9bf75614e2
Log errors in ValidationPipe
Previously, when an error was encountered while validating
the request, only an HTTP 400 status code was returned to the client.
This adds logging of the error message,
so invalid requests can be debugged.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-23 22:10:19 +02:00
David Mehren
8c238530a7
Explicitly import URL
With Yarn PnP, URL is seems to not automatically be
part of the global scope.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-23 16:13:25 +02:00
Philip Molares
7bb70649a0 fix: the seed command handles the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:45 +02:00
Philip Molares
b95a6f56b6 test: fix service tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:45 +02:00
Philip Molares
e9d4a81922 feat: add alias controller to private and public api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:45 +02:00
Philip Molares
3b7a06913b feat: add aliases to service files
This commit makes it possible to identifier notes via any alias in the note and history service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:44 +02:00
Philip Molares
794be4a5dc chore: create getIdentifier utility function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:44 +02:00
Philip Molares
10ed40f9f1 chore: create getPrimaryAlias utility function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:44 +02:00
Philip Molares
0db7a41d1a feat: add alias service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:44 +02:00
Philip Molares
aaef0f72ba feat: add list of aliases to note entity
One of the aliases can be primary for each note, but all can be used to get information from the apis.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-21 15:14:00 +02:00
Philip Molares
7dd4f97d64 chore: add PrimaryAliasDeletionForbiddenError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-21 15:14:00 +02:00
Philip Molares
dd2667b523 chore: add alias dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-21 15:14:00 +02:00
Philip Molares
b153615637 feat: add auth controller with internal login, registration, password change and logout
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-17 00:00:00 +02:00
Philip Molares
1a96900224 feat: add LoginEnabledGuard and RegistrationEnabledGuard
These guards check if the login or registration are enabled in the config. If so the guarded method is executed, if not the client will get the HTTP Error 400 Forbidden as an answer

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-17 00:00:00 +02:00
Philip Molares
53f5713905 fix: update seed.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-17 00:00:00 +02:00
Philip Molares
28be215aad feat: add session handling
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-17 00:00:00 +02:00
Philip Molares
ce68184578 feat: add identity module
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
9fa0994497 feat: add local auth strategy
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
6ad11e47cc feat: add identity service
This service handles all the authentication of the private api.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
021a0c9440 feat: add getFirstIdentityFromUser helper function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
cda8c7ac63 feat: change email auth config to local
This was done to use the same term. Also email was the old term from HedgeDoc 1 and wildly inaccurate. As we never checked any mail addresses, in fact it was more of a username than anything else.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
df08d56f28 feat: add session to AuthConfig
this handles the settings for the cookie session. The secret and the lifeTime of the cookie can be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
a2e89c7c97 feat: add local auth dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
5985c4e67d chore: add user relation enum
this enum is used to specify which relation of the user object should be populated.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
e37caf1e6a feat: lazy load identities of user object
This makes it possible that we can get identities from any user object even if we didn't specify that while getting them from the orm

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
b2da8a2b95 chore: move identity entity in its own folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
87a5f77abe chore: move password related functions from AuthService to utils file
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Philip Molares
4938d308b0 feat: add ProviderType enum
This is used to give identities a type and to easily get the identity any auth method would need.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Abhilasha Sinha
9d6aa10923 Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-09-07 21:23:26 +05:30
David Mehren
7c618e7f9f
Merge pull request #1613 from hedgedoc/merge/tokenGuardAndStrategy 2021-09-06 12:12:44 +02:00
David Mehren
0dc472bba8
RevisionsService: Refactor getFirst/LastRevision
The functions now expect a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
5c7a787d7e
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
279d90dad1
HistoryService: Remove getEntryByNoteIdOrAlias
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
b552fc10b6
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
c515569299
HistoryService: Refactor updateHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
99db4bc336
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
ea2dfafbd0
Private API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 21:42:54 +02:00
David Mehren
adc9ca6939
Public API: Remove superfluous try/catch
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 21:42:54 +02:00