hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-20 14:12:10 -04:00

Author	SHA1	Message	Date
Philip Molares	c2d759da53	auth: Add token limit of 200 This is a very high ceiling unlikely to hinder legitimate usage, but should prevent possible attack vectors Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	c96edb31a5	tokens: Add token creation Fix token deletion Update plantuml docs Add token validUntil and lastUsed fields Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	28abc37e2c	auth: fixes unit and e2e tests adds MockAuthGuard which always return user 'hardcoded' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:08 +01:00
Philip Molares	0a3247492a	auth: Add cron to clean old tokens Rename AuthToken.identifier to label Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:04 +01:00
Philip Molares	cc2fcac532	auth: Remove userName parameter of removeToken function As suggested by @innaytool Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	f68caab6e8	auth: Integrate suggestions by @davidmehren Add number type alias TimestampMillis Remove solved ToDos Change AuthToken and AuthTokenDto to use Date Rename authService unit tests Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	265195e305	auth: Split randomBase64UrlString in two functions add test for BufferToBase64Url and toAuthTokenDto Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	84ec528d14	auth: Add tests for AuthService Move AuthTokens to auth folder Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	599fe57ec6	tokens: Add token creation Fix token deletion Update plantuml docs Add token validUntil and lastUsed fields Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	fd70b2d121	auth: fixes unit and e2e tests adds MockAuthGuard which always return user 'hardcoded' Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	74fd7abfb2	openapi: adds auth to all public api routes See: https://docs.nestjs.com/openapi/security Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:30:02 +01:00
Philip Molares	8d89614a4d	auth: adds token-auth to public api adds auth service adds auth module adds token-auth strategy adds token-auth to all public api calls Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:59 +01:00
Philip Molares	9a65a9bd29	private: Add until to token creation Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:53 +01:00
Philip Molares	e8cdbdd677	private: removes collision check for tokens this seems very unnecessary as the chance of this is 1 / 2^512 Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:53 +01:00
Philip Molares	0a1c3426c0	private: fixed token generation bugs Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:53 +01:00
Philip Molares	5e6e5d0e5f	private: save token hashed Auth tokens are now saved in hashed form. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	37a9f6526b	auth: hash auth token Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	15ca030b67	auth: add hash function the hash function uses bcrypt with 2^16 iterations. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	025f24122c	private: adds tokens controller adds private api adds AuthTokenDto and AuthTokenWithSecretDto adds necessary methods in the users service adds RandomnessError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	a4522d7230	auth: hash auth token Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them. Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Philip Molares	cbf6ac912a	private: adds tokens controller adds private api adds AuthTokenDto and AuthTokenWithSecretDto adds necessary methods in the users service adds RandomnessError Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-25 21:29:52 +01:00
Yannick Bungers	17ceb9c31f	Removed special table name in Note object and changed table names in plantuml file Signed-off-by: Yannick Bungers <git@innay.de>	2021-01-23 22:26:49 +01:00
Philip Molares	454a883f17	config: Improve error messages Add labels to most Joi objects Convert all auth variable insert names to upper case to prevent inconsistent naming of the variables Rewrite auth errors to correctly point out the problematic variable Add tests for the config utils functions Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-21 21:35:59 +01:00
Philip Molares	9c3d329bc9	tests: Removed unnecessary import of appConfigMock As suggested by an review of David Mehren Co-authored by: David Mehren <git@herrmehren.de> Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-19 12:45:36 +01:00
Philip Molares	2c4098dc55	config: splits config in multiple files splits the big appConfig in multiple configs adds media.config.mock.ts Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 21:19:45 +01:00
Philip Molares	4f6d15439c	config: removes unnecessary options removes options that we don't need from the config removes linkify-header-style.enum.ts Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-17 21:19:45 +01:00
Yannick Bungers	0d95c29df2	Merge pull request #709 from hedgedoc/fix/api-notes-metadata	2021-01-15 22:47:52 +01:00
Philip Molares	929795637a	Extend config with various options from 1.x Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-13 22:09:07 +01:00
David Mehren	ce65f2c51a	Add config to tests in various places Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	9f170bca4c	FilesystemBackend: Use scoped appConfig Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	75b6d3cc2b	MediaService: Get media backend from configuration Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	0e7845e38f	Get port and upload path from config Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2021-01-13 21:45:23 +01:00
David Mehren	cbd4684785	Load config to global scope Otherwise every module would have to parse the config again Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-13 21:45:23 +01:00
David Mehren	c55f7060be	Add proof of concept config system Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2021-01-13 21:45:21 +01:00
David Mehren	6301a264dd	NotesService: `updateNoteByIdOrAlias` should return the new note Fixes #702 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:31:56 +01:00
David Mehren	4a1bec8eec	Move note permission route under metadata Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:25:28 +01:00
David Mehren	65c76d0998	NotesService: Get note creation time from database Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:12:39 +01:00
David Mehren	32feb5ee10	NotesService: rename `getLastRevision` to `getLatestRevision` This fixes an inconsistency with `RevisionsService` Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 20:12:39 +01:00
David Mehren	644d7a278a	MarkdownBody: Register swagger metadata As explained in https://github.com/nestjs/swagger/issues/32#issuecomment-716169471, it's possible to register swagger metadata in custom decorators by providing an array of `enhancers`. We now add metadata with the `MarkdownBody` decorator: The request needs a `body` with content-type `text/markdown`. Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-10 19:21:19 +01:00
David Mehren	141dc349e3	NotesController: Do not crash on nonexistent notes This commit adds proper error handling and returns 404 when a note does not exist. Previously, we leaked the `NotInDBError` and sent a 500 status code. Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-09 22:58:16 +01:00
David Mehren	f81e67a3a1	Format with Prettier 2 Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-06 23:49:45 +01:00
Tilman Vatteroth	0c56466dc1	Change year in copyright to 2021 Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>	2021-01-06 22:10:19 +01:00
David Mehren	f0835f5b62	Fix prettier errors Signed-off-by: David Mehren <git@herrmehren.de>	2021-01-06 13:05:15 +01:00
Philip Molares	6896daa62a	added reuse information Signed-off-by: Philip Molares <philip.molares@udo.edu>	2021-01-05 22:12:38 +01:00
David Mehren	61e6020c6b	Fix tests Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:46 +02:00
David Mehren	85ee6780ad	Remove `PUT /notes/{note}/metadata` and corresponding service code Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:45 +02:00
David Mehren	6a1da64cf6	Remove NoteUtils class, as the planned parsing logic is not needed anymore Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:45 +02:00
David Mehren	b2085efb1d	Add missing TagRepository provider in unit tests Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:44 +02:00
David Mehren	c1886ff1dc	NotesController: Add `PUT :noteIdOrAlias/metadata` route Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:44 +02:00
David Mehren	3726b27849	NotesService: Implement `updateNoteMetadata` Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>	2020-10-24 22:21:43 +02:00

1 2 3 4 5

208 commits