Commit graph

1220 commits

Author SHA1 Message Date
Renovate Bot
477849b6b2
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 11:10:45 +00:00
renovate[bot]
52d1ad1cd3
fix(deps): update dependency passport to v0.5.2 (#1915)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 11:09:08 +00:00
renovate[bot]
7ae368940d
chore(deps): update test packages (#1914)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 10:46:31 +00:00
renovate[bot]
fe28317ad8
chore(deps): update nestjs packages (#1913)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 10:33:51 +00:00
renovate[bot]
019f761dea
chore(deps): update dependency typescript to v4.5.4 (#1912)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 08:50:08 +00:00
renovate[bot]
80b3b50a40
chore(deps): update dependency mkdocs-material to v8.1.2 (#1911)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 05:33:39 +00:00
renovate[bot]
345c5f80d7
chore(deps): update dependency @types/node to v16.11.14 (#1910)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 03:48:12 +00:00
David Mehren
708ae86444
docs: explain the choice of sha-512 for auth tokens
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-14 19:21:28 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
renovate[bot]
f4a7a5ed2d
chore(deps): lock file maintenance (#1901)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-13 03:19:47 +00:00
Renovate Bot
06cccf1121
chore(deps): update dependency mkdocs-material to v8.1.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 10:42:06 +00:00
Renovate Bot
c4d85d2e32
chore(deps): update linters to v5.6.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 10:42:35 +00:00
renovate[bot]
70afc5df9b
fix(deps): update dependency minio to v7.0.25 (#1895)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 10:40:51 +00:00
renovate[bot]
abab45a8f1
chore(deps): update test packages (#1894)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 09:25:27 +00:00
renovate[bot]
919591d093
chore(deps): update dependency typescript to v4.5.3 (#1893)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 07:34:16 +00:00
renovate[bot]
72d334c32a
chore(deps): update dependency mkdocs-material to v8.0.5 (#1892)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 05:00:44 +00:00
renovate[bot]
88a8a18292
chore(deps): update dependency eslint to v8.4.1 (#1891)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 03:21:49 +00:00
renovate[bot]
5308124953
chore(deps): update dependency @types/node to v16.11.12 (#1890)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 02:03:12 +00:00
David Mehren
bda58322be
fix(session-guard): correctly check for missing session
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-07 20:23:18 +01:00
renovate[bot]
b01346e7e5
chore(deps): lock file maintenance (#1876)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-06 02:54:05 +00:00
David Mehren
7e6156b956
ci: setup njsscan
See: https://github.com/ajinabraham/njsscan-action

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-11 20:14:41 +01:00
David Mehren
977eece0d6
ci(codecov): Wait for 2 builds to be submitted
This should stop Codecov from complaining about low
coverage after only half the tests have finished.

See: https://docs.codecov.com/docs/notifications#section-preventing-notifications-until-after-n-builds

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 22:22:46 +01:00
Renovate Bot
7d8f1f3b10
fix(deps): update dependency swagger-ui-express to v4.2.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 18:08:07 +00:00
Renovate Bot
8031efce89
chore(deps): update dependency mkdocs-material to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:55:24 +00:00
Renovate Bot
037ecb2fc6
fix(deps): update dependency joi to v17.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:54:55 +00:00
Renovate Bot
472ecca1a6
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:39:46 +00:00
Renovate Bot
00a77b69d6
chore(deps): update test packages
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:40:16 +00:00
Renovate Bot
ecc78b8946
chore(deps): update yarn to v3.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-04 13:06:20 +00:00
Renovate Bot
015fd28b33
chore(deps): update dependency prettier to v2.5.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 15:05:10 +00:00
renovate[bot]
97bc3995ad
fix(deps): update nestjs packages (#1866)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 13:02:24 +00:00
renovate[bot]
a42632d034
fix(deps): update dependency minio to v7.0.23 (#1865)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 10:11:24 +00:00
renovate[bot]
5591d8cccf
fix(deps): update dependency joi to v17.4.3 (#1864)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 05:49:23 +00:00
renovate[bot]
6372ed7dfd
chore(deps): update dependency @types/node to v16.11.11 (#1862)
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 03:38:06 +00:00
Philip Molares
10b5b11269
feat: replace GetNotePipe with GetNoteInterceptor and RequestNote
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:33:20 +01:00
Philip Molares
5a45ff2d0b
feat: add request note decorator
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:26:55 +01:00
Philip Molares
470b32ed5e
feat: refactor get note pipe to interceptor
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:20:49 +01:00
Philip Molares
0cb3b65998
test: fix note e2e test 'fails with non-existing alias'
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:04:47 +01:00
Philip Molares
988909eb0b
test: fix note e2e test 'fails, when user can't read note'
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:03:29 +01:00
Philip Molares
3e4abb561d
refactor: move permissions service calls into permissions guard
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:19:57 +01:00
Philip Molares
3b92226bab
feat: create permissions guard
This guard protects resources and let's users only access them if they hold the correct permission

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:18:23 +01:00
Philip Molares
7404ebf5ea
feat: create permission decorator
This gathers the permission a user needs to hold to access a resource for the PermissionsGuard.

See https://docs.nestjs.com/guards#setting-roles-per-handler

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:17:33 +01:00
Philip Molares
4a7ccc8178
feat: create permission enum
This enum makes it possible which permissions a user needs to hold to access a specific resource

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:16:12 +01:00
Philip Molares
82643cd790
chore: extract getNote code from GetNotePipe.transform
This was done so the same code could be used in the PermissionsGuard

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:12:35 +01:00
Philip Molares
7927ac2217
chore: move get-note-pipe to api utils
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:05:27 +01:00
Yannick Bungers
9093e5fabc
Add missing null in type in permissions service
The parameters of the permission checking methods were missing a null value for not set user. This is the case if user is not logged in and operating as guest.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-11-29 22:42:31 +01:00
Renovate Bot
fdddedf6b3
fix(deps): update dependency passport to v0.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-11-21 23:20:49 +00:00
Renovate Bot
02eef978b3
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-11-23 07:50:47 +00:00
Renovate Bot
c49fb069ab
fix(deps): update dependency class-transformer to v0.5.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-11-22 19:53:40 +00:00
Renovate Bot
7ff54b1c3f
chore(deps): update dependency tsconfig-paths to v3.12.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-11-21 23:20:22 +00:00
Philip Molares
e9fab8c568
test: fix test name in alias.e2e-spec.ts
This seems to be a copy/paste bug

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:06:41 +01:00