Commit graph

6577 commits

Author SHA1 Message Date
Erik Michelson
8ce40bc4cd fix(frontend): remove linter workarounds
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
932ecac326 fix(deps): use non-breaking versions
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
a15ece1e7f chore(deps): upgrade dependencies for backend + lint fixes
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
df6540163c chore(deps): upgrade dependencies for frontend + lint fixes
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
f121ca3458 chore(deps): upgrade dependencies for html-to-react
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
9bf50e5dbe chore(deps): upgrade dependencies for markdown-it-plugins
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Erik Michelson
d6549a1d0b chore(deps): upgrade dependencies for commons
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 17:31:27 +01:00
Philip Molares
6d0d7c31ff test: add additional tests for convertInlineStyleToMap
This test if the code leaved custom css properties be.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-11-01 15:53:15 +01:00
jiaSheng
82e7f439c8 fix: ellide inline css custom properties
* ellide css custom properties when converting css inline styles to map

  Signed-off-by: Lim Jia Sheng <50891910+sxxov@users.noreply.github.com>
2024-11-01 15:38:04 +01:00
Philip Molares
a55eac74fc test: add tests for convertInlineStyleToMap
With the new code added, it seemed like good opportunity to add some
 tests here.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-11-01 15:33:32 +01:00
jason lim
620b7d9fa8 fix: use more complex parsing for css statement splitting
Signed-off-by: Lim Jia Sheng <50891910+sxxov@users.noreply.github.com>
2024-11-01 15:26:33 +01:00
Erik Michelson
e7d81c5cdf refactor(oidc): simplify callback statement
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Erik Michelson
f71bf7a974 enhancement(oidc): refetch discovery documents regularly
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Ivan Li
19f4baf79b feat(auth): add OIDC state parameter
Signed-off-by: Ivan Li <ivanli2048@gmail.com>
2024-10-21 17:45:43 +02:00
yamashu
8b6bedab39
refactor(test): Replace inline snapshot with file snapshot (#5830) 2024-10-08 21:13:27 +00:00
renovate[bot]
66822c3bbc chore(deps): update codemirror
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-27 02:32:34 +00:00
renovate[bot]
b33700874f chore(deps): update dependency @dicebear/converter to v9.2.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 17:20:07 +00:00
renovate[bot]
3a1ad565cb chore(deps): update dependency @darraghor/eslint-plugin-nestjs-typed to v5.0.25
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:51:19 +00:00
renovate[bot]
0217f68fc7 chore(deps): update actions/upload-artifact digest to 3eadd8b
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:50:09 +00:00
renovate[bot]
3958fdab71 chore(deps): update actions/setup-node action to v4.0.4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:49:18 +00:00
Erik Michelson
b44f395852 fix(tests): fix tests and linting
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-26 18:39:37 +02:00
renovate[bot]
4250f4458b fix(deps): update dependency ws to v8.18.0 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 18:39:37 +02:00
yamashu
4fce422bdb
feat(backend revision): add clean-up note revisions job (#5349) 2024-09-26 17:24:24 +02:00
yamashush
b80552bb29 Drop X (Twitter) from readme
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
2024-09-26 16:44:08 +02:00
Philip Molares
81a9058347 chore: increase version of all relevant files
We release Alpha v3 of HedgeDoc 2.0 and need to make sure that all
version are changed accordingly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-18 21:30:14 +02:00
renovate[bot]
ddc5f07faa chore(deps): update node.js to 2d07db0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-18 19:01:05 +00:00
Philip Molares
1795183122 fix(translation): change the placeholder text
The url the placeholder text linked to is not accurate anymore
and needed to be changed. Also the "Happy hacking" part seemed
outdated so we changed it to "Let the ideas grow" in accordance
with the new slogan of HedgeDoc

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-18 20:06:13 +02:00
Erik Michelson
2c6717e1ee refactor(api-token): drop passport, rename to ApiToken
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.

The previous name PublicAuthToken was a bit misleading, since PublicAuth
 could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 19:14:32 +02:00
Erik Michelson
1c73e99b0a enhancement(note-deletion): allow to keep uploads
This adds support for keeping the uploads attached to a note when
deleting the same note. This is done by a simple checkbox that can be
clicked in the DeletionModal.

To do this, some parts of the note deletion had to be refactored,
especially in the case of the history page. Both the note deletion and
history removal methods used the same modal, which isn't applicable now
anymore. Additionally, there was a bug that the modal checked for
ownership in the frontend before allowing the note deletion. However, in
the context of the history page, the ownership couldn't be evaluated
since the backend API didn't include that information. This is now fixed
as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:37:39 +02:00
Erik Michelson
ebf8e3a759 fix(permissions): show guest avatar when note owner is anonymous
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:44 +02:00
Erik Michelson
62dfe4df72 fix(avatars): show correct profile picture of users
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:44 +02:00
Erik Michelson
7195c1bdc0 fix(styles): use correct dark-mode selector in css
The dark-mode selector changed from the class "dark" attached to the
body element to a data-attribute with some react-bootstrap upgrade.
This commit reflects this change in our custom css.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:02 +02:00
Erik Michelson
603ad8088c enhancement(auth/oidc): allow manual defining end_session_endpoint URL
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
53409825d4 fix(config/auth): error message mappings for manual OIDC attributes
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
88cfd6a974 fix(auth/oidc): clean-up oidcIdToken session variable
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
c4c5cbd5d0 fix(auth/oidc): string "undefined" for missing userinfo response fields
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
e8793271a0 enhancement(caddy): expose :8080 by default, trust private proxies
This commit changes the caddyfile to not directly rely on the
HD_BASE_URL environment variable, but instead default to port 8080 as
used in our package.json scripts and docs.
The caddy domain can optionally be overridden using the CADDY_HOST env
variable.
Furthermore, this change adds a section to trust reverse-proxies in
front of Caddy if they are in a private range IP address network.
Both these changes are required to be able to expose a local development
setup with another domain than localhost to a co-developer. With
this change it works without having Caddy trying to generate TLS
certificates for that domain nor HedgeDoc erroring about a origin
mismatch, that occurs as Caddy doesn't forward specific headers
otherwise.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 17:56:25 +02:00
Erik Michelson
f40aa020c4 chore(gitignore): ignore rathole proxy config with secrets
Since we use rathole while developing to share a local dev environment
with a co-developer, the client config with the secrets should not be
accidentally committed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 17:56:25 +02:00
renovate[bot]
a86012be21 fix(deps): update dependency next to v14.2.10 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-18 08:42:35 +00:00
Emmanuel Ferdman
3e0d84f031 fix(docker): update docker documentation reference
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2024-09-17 01:35:45 +02:00
Erik Michelson
3e17edf95d fix(types): typecast ldap options due to wrong types in ldapjs
The provided types by ldapauth-fork are re-exported from ldapjs. ldapjs
is unmaintained by now but since their last update, the
ConnectionOptions type seems to not contain the mandatory parameter
`url` anymore. Therefore this typecast is needed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
Erik Michelson
3261929a2a fix(types): move and remove unused types
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
renovate[bot]
7b66965014 fix(deps): update dependency ldapauth-fork to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-13 13:56:02 +02:00
Erik Michelson
21dcf0eb49 fix(tests): minio upload type is not exported anymore
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 16:55:41 +02:00
renovate[bot]
57cba653e3 fix(deps): update dependency minio to v8
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-12 16:55:41 +02:00
Erik Michelson
62eb4b6d2b fix(packages): backend was missing uuid package
Due to failing docker builds it was brought to our attention,
that the backend relied on the uuid package without declaring
it as dependency. This worked in all development and build
scenarios as the frontend declares uuid as dependency already
and top-level `yarn install` installs all dependencies from all
workspaces. However as the docker build only runs for either
the backend or the frontend, this failed.
This commit adds the dependency to the backend as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 15:45:14 +02:00
Erik Michelson
157a0fe278 refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
4132833b5d refactor(api-docs): move api docs to /api/doc/
The API documentation belongs strictly to the API itself.
Due to the usage of version-prefixed API endpoints, there is no conflict
with existing or future endpoints.
The reason behind this is that we already have enough exceptions in the
routing (default everything to react-frontend, exceptions for backend)
and it is hard to keep it synchronized throughout all relevant places.
This came to attention as the dev setup didn't proxy the API docs to the
backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
Philip Molares
1609f3e01f fix(frontend): first heading will be cleared
If all headings are deleted the note title will be deleted and not be kept to the last value.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-11 20:46:38 +02:00