Commit graph

395 commits

Author SHA1 Message Date
Renovate Bot
2f575600af
fix(deps): update nestjs packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-22 13:53:55 +00:00
Renovate Bot
519c191b42
fix(deps): update dependency @nestjs/swagger to v4.7.12
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-21 14:57:08 +00:00
Renovate Bot
a949d307d9
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-19 10:06:59 +00:00
Renovate Bot
bc6f591cac
Update dependency supertest to v6.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:45:12 +00:00
Renovate Bot
6eef37bed7
Update dependency @nestjs/swagger to v4.7.11
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:34:51 +00:00
Renovate Bot
bf3a35a44b
Update dependency @types/node to v13.13.40
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:28:54 +00:00
Renovate Bot
0a40edf8a7
Update dependency class-transformer to v0.3.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:24:49 +00:00
Renovate Bot
6018760779
Update dependency class-validator to v0.13.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-14 05:45:22 +00:00
Renovate Bot
0f2ed457d8
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 21:29:09 +00:00
David Mehren
c55f7060be
Add proof of concept config system
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2021-01-13 21:45:21 +01:00
Renovate Bot
7b89c94060
Update linters to v4.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 17:16:35 +00:00
Renovate Bot
3c324ab9c6
Update dependency typeorm to v0.2.30
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 17:07:58 +00:00
Renovate Bot
e4f2b25370
Update dependency file-type to v16.2.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:58:34 +00:00
Renovate Bot
9f38e596d4
Update dependency class-validator to v0.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:46:10 +00:00
Renovate Bot
762e2fda09
Update dependency @nestjs/swagger to v4.7.10
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:35:13 +00:00
Renovate Bot
b1101c8b0b
Update dependency @types/express to v4.17.11
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-12 22:29:20 +00:00
Renovate Bot
3254d32270
Update dependency sqlite3 to v5.0.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-08 15:41:58 +00:00
Renovate Bot
6918b7a0e5
Update definitelyTyped
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-07 09:15:51 +00:00
Renovate Bot
1f1fadf4f6
Update dependency @types/jest to v26
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 23:00:35 +00:00
Renovate Bot
4f8bb0f348
Update dependency ts-jest to v26.4.4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:57:36 +00:00
Renovate Bot
aabb4e19db
Update dependency file-type to v16
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:54:07 +00:00
Renovate Bot
25e74f4ae7
Update dependency prettier to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:44:29 +00:00
Renovate Bot
ffe2c8f557
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:25:56 +00:00
Renovate Bot
9429e8d6c5
Update dependency typescript to v4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:21:58 +00:00
Renovate Bot
6759f535c4
Update dependency jest to v26.6.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:16:28 +00:00
Renovate Bot
96fe8a39ce
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:13:17 +00:00
Renovate Bot
24de4cc477
Update dependency ts-node to v9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:51:21 +00:00
Renovate Bot
90f8dfb77a
Update dependency ts-loader to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:46:50 +00:00
Renovate Bot
07273bda1d
Update dependency supertest to v6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:40:56 +00:00
Renovate Bot
7580a7ba13
Update dependency swagger-ui-express to v4.1.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:25:55 +00:00
Renovate Bot
62be9eb442
Update dependency typeorm to v0.2.29
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:14:55 +00:00
Renovate Bot
c41124bb2e
Pin dependency class-transformer to 0.3.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:03:59 +00:00
David Mehren
a9afd5030f
Add cli-color dependency, that previously was in @nestjs/common
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 20:56:11 +01:00
Renovate Bot
3f1783dcde
Update NestJS packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 19:43:16 +00:00
Renovate Bot
50e7352467
Update dependency class-transformer to ^0.3.0 [SECURITY]
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 18:38:14 +00:00
David Mehren
cb44ebda5b
Add coverage analysis to CI workflow
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 13:05:15 +01:00
David Mehren
c6cdba4844
Add CI workflow
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 13:05:15 +01:00
Renovate Bot
86b54a9c5e
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-05 22:12:43 +00:00
David Mehren
560efc71d8
Use useStaticAssets instead of @nestjs/serve-static
`serve-static` does not work with `createTestingModule` and is not recommended when "just" serving a few images.

See https://github.com/nestjs/serve-static/issues/240

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-24 11:32:23 +02:00
David Mehren
9743018591
Use serve-static to serve uploaded files.
Add `@nestjs/serve-static` to serve uploaded media from the upload directory on the local filesystem.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-17 19:58:22 +02:00
David Mehren
7a6c06d068
Add MediaService
This service is responsible for operations regarding uploaded media. It should perform save, get and delete operations with the configured backend.
The service also checks, if the mime type of the uploaded media is allowed.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-17 19:58:22 +02:00
David Mehren
98e2bf106e
Collect coverage information for E2E tests
As proposed in https://github.com/nestjs/nest/issues/3169#issuecomment-588287478

Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-03 18:00:12 +02:00
David Mehren
b4b91acddb
NotesController: Use custom logic to access raw markdown
NestJS does not support content-types other than application/json.
Therefore we need to directly access the request object to get the raw body content.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-09-25 21:35:47 +02:00
David Mehren
81126bb864
Do not automatically fix linting problems
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-21 21:45:53 +02:00
David Mehren
db026d6a57
Add Session entity
This entity implements the Session interface from connect-typeorm, which we will later use to store session data from express-session.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:12 +02:00
David Mehren
f3d1644f95
Enable automatic OpenAPI spec generation.
NestJS can automatically generate an OpenAPI spec by analyzing controllers and used DTOs.
This commit enables this feature. The API docs are served under /apidoc.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:08 +02:00
David Mehren
56d5a2e1b1
Add NoteModule
This contains the module, a model which was adapted from the old code and two DTOs.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:07 +02:00
David Mehren
4135b7e6e4
Add TypeORM support
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
David Mehren
f4caee2ac7
Add empty NestJS application
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
Sheogorath
6c1ca5bd8d
Run database migrations automatically on startup
Instead of using sequelize-cli and ensure migrations by shellscript,
this patch automates database migrations properly to the umzug library.
The sequelize CLI becomes a dev dependencies as it's still useful for
generating migrations.

This should eliminate the need for crude generating of database config
files and alike. Instead we utilize the pre-configured sequelize
connection that CodiMD will use anyway.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-07-11 20:33:35 +02:00
David Mehren
4df1ea6a5c
Upgrade pg package to fix node version 14 compatibility
This is a forward-port of d6ce60c.

The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-07-10 18:52:15 +02:00
Dexter Chua
c112a15171 Fully dedicate our soul to yarn
Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-18 16:18:37 +08:00
Sheogorath
5ced1f3cdd
Split frontend and backend build
It should be possible to run a backend build without the need to start
the application and without the need to fiddle around with PATH or
fiddling with `node_modules`. Therefore this patch splits the build
command into `build-frontend` and `build-backend`, which will allow
those builds to be done independent and have a separate command `build`
which will provide the combination of both of them.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-06-03 11:59:03 +02:00
David Mehren
591096ce8b
Add @types/codemirror
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:47 +02:00
David Mehren
a148e4d799
Add @types for sinon
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:15 +02:00
David Mehren
ac030760ba
Fix mocha tests in TypeScript
`mock-require` does not work with TypeScript, as the compiled JS expects a sub-object: `import { config } from Config` compiles to `const config_1 = require("./config")`, but the config object is now in `config_1.config`, *not* in `config_1` directly.

Therefore `mock-require` was replaced with `ts-mock-imports`, which also simplifies the code a bit.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:15 +02:00
David Mehren
3b8c85cc9b
Migrate tests to TypeScript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:11 +02:00
David Mehren
acdd627027
Lint .ts files too
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:11:37 +02:00
David Mehren
aaff73036b
Fix remaining paths after moving everything to src
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 14:19:12 +02:00
David Mehren
ba6055a03d
Downgrade jQuery to 3.4.1
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:19 +02:00
David Mehren
73d4023155
note/actions.ts: Formatting fixes and lint exceptions
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:17 +02:00
Philip Molares
3c216795e7
added all @types for passport-strategies as devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:15 +02:00
Philip Molares
ef6632cac9
added userRouter.ts
- added @types/passport
- added @types/archiver
- types all req and res arguments
- renamed unused argument next to _

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:12 +02:00
Philip Molares
ab5a654068
added @types/minio to devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
Philip Molares
7125072fc5
moved @types to devDependencies
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
Yannick Bungers
6d256dd5b6
Added Types for csp.ts
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
David Mehren
b6ad2b2625
Add @types/lodash
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:05 +02:00
Philip Molares
f9193822a7
created letter-avatars.ts
added @types/randomcolor

Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
7cdcf627db
note.ts: ESLint fixes, add types for diff-match-patch
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
0228d00c56
Use ESLint and 'typescript-eslint' plugin.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:03 +02:00
David Mehren
1d4107fe90
Migrate models to TypeScript
Co-authored-by: David Mehren <dmehren1@gmail.com>
Co-authored-by: Yannick Bungers <git@innay.de>
Co-authored-by: Philipp Hochkamp <me@phochkamp.de>
Co-authored-by: nzbr <mail@nzbr.de>

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:01 +02:00
David Mehren
54cd556f2f
Add sequelize-typescript
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 12:36:39 +02:00
Bennet Bleßmann
d2b963f652
add resolution to resolve sub-package dependency ldapauth-fork to at least 4.3.0
Signed-off-by: Bennet Bleßmann <bb-github@t-online.de>
2020-04-21 16:07:25 +02:00
Sheogorath
a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
Erik Michelson
c976217c12
Remove mattermost integration
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-02-25 14:33:30 +01:00
David Mehren
0d788e0aec
Add typescript dependency & tsconfig.json
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-02-24 15:08:20 +01:00
Sheogorath
8ce7b28563
Release version 1.6.0
Thanks for all contributions, this community is awesome.
2020-02-18 00:17:48 +01:00
Antoine Aflalo
85e1eb4b90 Update mermaid
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
2020-02-10 17:12:31 +00:00
Sheogorath
b3d4cdbceb
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-01 12:53:15 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-23 18:11:17 +01:00
snyk-bot
5dbfb82b7f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
2019-11-16 05:35:27 +00:00
Sheogorath
01bff246b0
Merge pull request #210 from davidmehren/mathjax_fix
Fix compatibility with MathJax 2.7.6
2019-10-29 14:18:38 +01:00
Sheogorath
68ee654c16
Merge pull request #212 from davidmehren/webpack_cleanup
Remove unused webpack plugins from package.json
2019-10-29 14:17:41 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-28 01:43:22 +01:00
David Mehren
17f2a11310
Remove unused webpack plugins from package.json
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 21:54:09 +02:00
David Mehren
88b855beb2
Fix compatibility with MathJax 2.7.6
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 21:50:48 +02:00
snyk-bot
72f74b1b23 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
2019-10-10 05:32:44 +00:00
snyk-bot
511873e58a fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-09-30 05:32:48 +00:00
snyk-bot
0185add27f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-09-26 05:32:43 +00:00
Tobias Kremer
ea3c824978 Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
2019-09-06 10:42:30 +02:00
snyk-test
47d2b99582 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
2019-08-20 05:32:45 +00:00
Sheogorath
9c1665ae5b
Release version 1.5.0 2019-08-15 23:30:37 +02:00
Sheogorath
e574ae7588
Switch mysql library to mysql2
The recent sequelize upgrade introduced some other dependencies, this is
one of them. This patch replaces the old `mysql` library with `mysql2`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:53 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:48 +02:00
snyk-test
6f588826e0 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MERMAID-174698
2019-07-24 05:32:45 +00:00
Sheogorath
0d5923d61c
Update sequelize to latest version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
BoHong Li
63c96e7359
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-11 00:41:50 +02:00
Sheogorath
6462968e84
Merge pull request #97 from SISheogorath/fix/linting
Fix eslint warnings
2019-06-04 16:09:46 +02:00
Sheogorath
51d69d993c
Release version 1.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 01:08:45 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00