David Mehren
1a825ed199
UserInfoDto: Add doc comments
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:22:01 +01:00
David Mehren
9a77cd5565
Swagger: Enable comment parsing
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:20:54 +01:00
Renovate Bot
e643d59fc2
chore(deps): update dependency supertest to v6.1.3
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 22:02:40 +00:00
Renovate Bot
671aa005f5
fix(deps): pin dependencies
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 21:52:35 +00:00
Philip Molares
141e16c2b9
regenerated yarn.lock
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:32:17 +01:00
Philip Molares
c8da989f25
auth: Run removeInvalidTokens 5s after startup
...
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 16:29:09 +01:00
Philip Molares
ad0ab648bc
auth: Add maximum token lifetime of 2 years.
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 12:14:26 +01:00
Philip Molares
6686fa58c5
auth: Run removeInvalidTokens 5s after startup
...
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.
Also move base64url comment to right function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 18:16:08 +01:00
Philip Molares
af993407b3
auth: Add token limit of 200
...
This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 12:05:25 +01:00
Philip Molares
39d9fb5dec
tokens: Add token creation
...
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-21 19:37:43 +01:00
Philip Molares
b84d0f7cab
auth: fixes unit and e2e tests
...
adds MockAuthGuard which always return user 'hardcoded'
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-16 19:33:09 +01:00
Philip Molares
d0c5d64627
auth: adds token-auth to public api
...
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-15 18:53:09 +01:00
Philip Molares
8f008c7cc5
auth: Add cron to clean old tokens
...
Rename AuthToken.identifier to label
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-24 20:37:04 +01:00
Philip Molares
14a4872f49
auth: Remove userName parameter of removeToken function
...
As suggested by @innaytool
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-23 22:24:59 +01:00
Philip Molares
a8b46923fd
auth: Integrate suggestions by @davidmehren
...
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-23 21:24:11 +01:00
Philip Molares
e6dc8c7678
auth: Split randomBase64UrlString in two functions
...
add test for BufferToBase64Url and toAuthTokenDto
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-23 19:04:00 +01:00
Philip Molares
508ad26771
auth: Add tests for AuthService
...
Move AuthTokens to auth folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-22 15:29:10 +01:00
Philip Molares
c9751404f7
tokens: Add token creation
...
Fix token deletion
Update plantuml docs
Add token validUntil and lastUsed fields
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-21 19:37:43 +01:00
Philip Molares
cce1626c48
auth: fixes unit and e2e tests
...
adds MockAuthGuard which always return user 'hardcoded'
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-16 19:33:09 +01:00
Philip Molares
33d9c455b8
openapi: adds auth to all public api routes
...
See:
https://docs.nestjs.com/openapi/security
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-16 17:45:14 +01:00
Philip Molares
2ab950c5c3
auth: adds token-auth to public api
...
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-15 18:53:09 +01:00
Philip Molares
4784a1aea2
private: Add until to token creation
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-21 12:33:45 +01:00
Philip Molares
324ba71d24
private: removes collision check for tokens
...
this seems very unnecessary as the chance of this is 1 / 2^512
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 20:35:43 +01:00
Philip Molares
97f7128355
private: fixed token generation bugs
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 19:52:08 +01:00
Philip Molares
c232707a89
db-schema: updates plantuml
...
adds identifier and createdAt to AuthToken
renames authToken in User to authTokens
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 14:49:28 +01:00
Philip Molares
822c01f2c7
private: save token hashed
...
Auth tokens are now saved in hashed form.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 14:45:16 +01:00
Philip Molares
e5545043be
auth: hash auth token
...
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 14:38:05 +01:00
Philip Molares
667cf7e915
auth: add hash function
...
the hash function uses bcrypt with 2^16 iterations.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 14:32:17 +01:00
Philip Molares
b589dedd2a
private: adds tokens controller
...
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-16 23:53:46 +01:00
Philip Molares
e04fcb9ee9
auth: hash auth token
...
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-17 15:27:13 +01:00
Philip Molares
80c7ae2fa9
private: adds tokens controller
...
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-16 23:53:46 +01:00
Renovate Bot
1c7452d066
chore(deps): lock file maintenance
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 20:21:20 +00:00
Renovate Bot
bd6c7ee7c0
chore(deps): update linters to v4.14.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 19:38:27 +00:00
Renovate Bot
b52f50e390
chore(deps): update dependency supertest to v6.1.2
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-25 06:43:08 +00:00
Yannick Bungers
5246f0c05d
Removed special table name in Note object
...
and changed table names in plantuml file
Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-23 00:41:49 +01:00
Nicolas Dietrich
7d9344a95d
Fix link to DCO in contributing docs
...
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
2021-01-22 17:06:07 +01:00
Renovate Bot
ba48701ca9
fix(deps): update nestjs packages
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-22 13:53:55 +00:00
Philip Molares
bc525633fc
config: Improve error messages
...
Add labels to most Joi objects
Convert all auth variable insert names to upper case to prevent inconsistent naming of the variables
Rewrite auth errors to correctly point out the problematic variable
Add tests for the config utils functions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-19 15:47:05 +01:00
Renovate Bot
4afc75912a
fix(deps): update dependency @nestjs/swagger to v4.7.12
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-21 14:57:08 +00:00
Renovate Bot
69cce13ea6
Update linters
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-19 10:06:59 +00:00
Philip Molares
4372106ef0
tests: Removed unnecessary import of appConfigMock
...
As suggested by an review of David Mehren
Co-authored by: David Mehren <git@herrmehren.de>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-19 12:45:36 +01:00
Philip Molares
072ef223e0
config: splits config in multiple files
...
splits the big appConfig in multiple configs
adds media.config.mock.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-15 16:57:04 +01:00
Philip Molares
d59ccaba54
config: removes unnecessary options
...
removes options that we don't need from the config
removes linkify-header-style.enum.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-15 16:23:56 +01:00
Renovate Bot
6d655b878c
Update dependency mkdocs-material to v6.2.5
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-17 10:38:44 +00:00
Renovate Bot
ba17b53a79
Update dependency supertest to v6.1.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:45:12 +00:00
David Mehren
22e14fb706
NotesService: updateNoteByIdOrAlias
should return the new note
...
Fixes #702
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-10 20:30:45 +01:00
David Mehren
a14056dbc9
Move note permission route under metadata
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-10 20:25:28 +01:00
Renovate Bot
3c58c74401
Update dependency @nestjs/swagger to v4.7.11
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:34:51 +00:00
Renovate Bot
2180b8edc1
Update dependency @types/node to v13.13.40
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:28:54 +00:00
Renovate Bot
917a795646
Update dependency class-transformer to v0.3.2
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:24:49 +00:00