Yannick Bungers
c20e20b30a
refactor: exclude create permission from note permission check
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
fad5e1e22e
test: add private api tests for checkPermissionOnNote and checkMediaDeletePermission
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
001a49329c
refactor: extract permission checking from controllers and guard
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
485f7cd338
feat: Add guest file uploads and add deletion for note owners
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
0f464dedfe
fix: clean up decorators in the public notes.controller.ts
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Yannick Bungers
d369132519
fix: add CompleteRequest type to have better type checks for HTTP-Request attribute injection.
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 20:45:15 +02:00
Tilman Vatteroth
0263c09ce1
fix(deps): migrate zxcvbn
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-07 19:37:41 +02:00
Tilman Vatteroth
e02221acd2
fix: don't create user permissions for owner
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 22:34:24 +02:00
Tilman Vatteroth
a5e12b9ad0
fix(backend): fix extraction body values in permission controllers
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-05-04 14:54:37 +02:00
Avinash
bb7a6a74f7
refactor(backend): create mock function for noteRepo and eventemiter
...
Signed-off-by: Avinash <avinash.kumar.cs92@gmail.com>
2023-04-16 20:55:26 +02:00
Tilman Vatteroth
0950e036b0
refactor(s3-backend): use URL object to construct complete URL instead of string template
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
b6db47a9c2
test(s3-backend): add unit test
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
e8d4fc692d
fix(s3-backend): remove redundant parameter
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
baaa41b1e5
fix(media config): expect HD_MEDIA_BACKEND_S3_ENDPOINT to be an uri
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
3c2f59c382
fix(s3-backend): force endpoint to be a uri
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
2016874a3d
fix(s3-backend): let minio lib handle the port fallback
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Tilman Vatteroth
a72f695124
fix(s3-backend): correct endpoint
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-16 18:41:03 +02:00
Philip Molares
2fc89a7de5
feat: don't let read-only users send their cursors or selections
...
This was done as it may be used to distract or annoy other users either intentionally or unintentionally.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Philip Molares
c2f41118b6
feat: check permissions in realtime code and frontend
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-06 22:54:50 +02:00
Tilman Vatteroth
6fb58d56c2
fix: add missing tests for realtime-user-status-adapter
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
2a2d3756ad
refactor: test code of realtime
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-04-04 18:29:20 +02:00
Tilman Vatteroth
15374acb93
fix(backend): throw error if key in param decorator is not defined
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-31 15:43:28 +02:00
Tilman Vatteroth
598fc8ee11
feat(realtime): synchronize and show realtime activity state
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-29 01:16:43 +02:00
Tilman Vatteroth
8fc59aad82
refactor: make permission service less complex
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-26 20:21:13 +02:00
Tilman Vatteroth
0f8effd318
fix: use correct body parameter for permission controller
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-26 20:21:13 +02:00
David Mehren
f7f052fca1
refactor: use separate env vars for frontend/backend port
...
As we moved to a combined .env file for simplicity, frontend and backend need to be configured with separate variables.
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-26 15:53:49 +02:00
Erik Michelson
ca9836d691
enhancement(auth): better error message handling
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-03-26 15:43:39 +02:00
Tilman Vatteroth
24b7514e25
feat: submit own style index on realtime user state set
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-25 13:11:40 +01:00
David Mehren
382e70bf7b
fix: replace Equals constructor
...
TypeORMs Equals constructor is still broken, so this commit removes all remaining usages.
See https://github.com/hedgedoc/hedgedoc/issues/2467
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-25 12:43:27 +01:00
Tilman Vatteroth
088f2905a5
fix(backend): Fix type errors in query builder mock
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-25 12:43:27 +01:00
David Mehren
162a8e8816
docs: Move 'User Profiles & Authentication' to design docs
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-24 20:06:11 +01:00
Philip Molares
e01628cfb0
fix(backend): fix permission routes in NotesController
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-03-24 18:47:23 +01:00
Tilman Vatteroth
a826677225
refactor: save ydoc state in the database, so it can be restored easier
...
By storing the ydoc state in the database we can reconnect lost clients easier
and enable offline editing because we continue using the crdt data that has been
used by the client before the connection loss.
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-24 16:03:55 +01:00
Tilman Vatteroth
3a06f84af1
refactor: reimplement realtime-communication
...
This commit refactors a lot of things that are not easy to separate.
It replaces the binary protocol of y-protocols with json.
It introduces event based message processing.
It implements our own code mirror plugins for synchronisation of content and remote cursors
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-24 14:06:03 +01:00
Tilman Vatteroth
229d4a4a1d
fix: change sessionstate type to prevent unset values
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-03-19 22:45:44 +01:00
David Mehren
7233f862f2
test(auth-service): add mock for find
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
ebb8b10804
fix(public/notes-controller): extract canEdit parameter from body
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
068517a73b
fix(public/notes-controller): bind setUserPermission to an URL
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
ada90ed30b
fix: map PermissionError to HTTP Forbidden
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
921cffb76f
fix(auth-service): typeorm query in getTokensbyUser
...
TypeORM does not support WHERE queries for relation-colums directly.
This replaces the Equal() constructor with a manual comparison of the IDs.
See https://github.com/typeorm/typeorm/issues/2707
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
7012f807b8
test: fix URLs in mock config
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-19 20:56:18 +01:00
David Mehren
9e78776412
refactor(notes-service): use default-access-level & cleanup createNote
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-12 20:42:10 +01:00
David Mehren
cdc9ebd352
refactor(default-access-level): rename from default-access-permission
...
Signed-off-by: David Mehren <git@herrmehren.de>
2023-02-12 20:42:10 +01:00
Tilman Vatteroth
caa53e3556
feat: add patch to add generic types to eventemitter2
...
EventEmitter2 has types, but they're very basic and not very type safe.
I created this patch, because my improved types haven't been merged into the official package.
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-09 21:58:41 +01:00
Tilman Vatteroth
11c2f57e4b
fix(commons): extract name of markdown content yjs channel into the commons package
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-09 15:43:59 +01:00
Yannick Bungers
7f8371fec2
Remove redundant password strength check
...
Signed-off-by: Yannick Bungers <git@innay.de>
2023-02-06 08:46:56 +01:00
Tilman Vatteroth
5e1fdbe81d
fix(config): Replace HD_DOMAIN and HD_EDITOR_BASE_URL with HD_BASE_URL
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 22:32:31 +01:00
Tilman Vatteroth
7b2d541cac
fix(backend): Use regex to parse version
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 21:21:08 +01:00
Tilman Vatteroth
74178b6edf
fix(backend): Remove redundant test
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Tilman Vatteroth
38bcb9affd
fix(backend): Fix open handles in backend test
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Tilman Vatteroth
d76714f2a2
fix(commons): Move "wait for other promises to finish" util to commons
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2023-02-05 18:38:32 +01:00
Erik Michelson
2225057ebe
misc(apidocs): move URL route of API docs
...
This makes the Swagger UI route more consistent to the real API routes.
Especially, the "private" prefix of the private API docs was irritating.
Additionally, this commit adds a rule to the Caddyfile for proxying the API docs to the backend.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-01-15 18:20:25 +01:00
Erik Michelson
d52fc55ef3
feat(apidocs): use real version number
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2023-01-15 18:20:25 +01:00
Philip Molares
47d1765b12
refactor(backend): don't create local user if password is too weak
...
This prevents the previous problem that the backend created a user that was then not correctly removed again
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:15:28 +01:00
Philip Molares
c39a9430a2
feat(backend): add RegistrationDisabledError
...
This error is thrown by RegistrationEnabledGuard instead of directly throwing an http error.
The new RegistrationDisabledError is mapped to the Forbidden HTTP code 403, since this better represents the actual error.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-15 18:14:01 +01:00
Erik Michelson
69d625188c
fix(tests): syntax for loop in console-logger service
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2023-01-09 20:09:56 +01:00
Tamotsu Takahashi
396050c6cf
Set the session cookie after registering
...
Fix https://github.com/hedgedoc/react-client/issues/2524
Signed-off-by: Tamotsu Takahashi <ttakah+github@gmail.com>
2023-01-08 14:31:34 +01:00
David Mehren
b311265762
fix(media-controller): throw if no file was uploaded
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-12-30 11:02:56 +01:00
Tilman Vatteroth
298b6bc205
fix(backend): migrate code to use the commons workspace
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-12-11 23:09:10 +01:00
Tilman Vatteroth
a97f7e8fd1
fix(realtime): Allow connections for guest users
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-12-11 22:21:51 +01:00
Philip Molares
d3249c6635
test: fix "creates a new revision" test
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-27 21:29:23 +01:00
Philip Molares
231a3fd6bd
feat: add note specific filename for unidiff format in revision patch
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-11-27 21:29:23 +01:00
Tilman Vatteroth
bf30cbcf48
fix(repository): Move backend code into subdirectory
...
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2022-10-30 22:46:42 +01:00