Commit graph

431 commits

Author SHA1 Message Date
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
Yannick Bungers
24d79a9493
Add API doc for private media API
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 20:20:14 +02:00
Yannick Bungers
85dc2cd02d
Remove unnecessary exception handling in private notes.controller.ts
and change noteIdOrAlias to Note as parameter

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-18 21:12:33 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
f4799c5ebe
Change createTokenForUser signature
user is now used instead of username

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:59:51 +02:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
be27686610
change getTokensByUsername to getTokensByUser
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:22:08 +02:00
David Mehren
0da7d01dec
Add dev-proxy to frontend dev server
This adds a reverse proxy to the backend, that automatically
redirects requests that are not handled by the backend to the React
dev server running on port 3001.

The reverse proxy is only enabled when NODE_ENV is set to
'development'.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-23 22:36:13 +02:00
Yannick Bungers
ad190fcf22
Get user from Session instead of hardcoded value
Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-23 22:44:34 +02:00
David Mehren
39eb5ff116
Log errors in ValidationPipe
Previously, when an error was encountered while validating
the request, only an HTTP 400 status code was returned to the client.
This adds logging of the error message,
so invalid requests can be debugged.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-23 22:05:57 +02:00
David Mehren
1f2067288a
Explicitly import URL
With Yarn PnP, URL is seems to not automatically be
part of the global scope.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-06 16:32:24 +02:00
Philip Molares
9383eeb53a
fix: the seed command handles the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:56:12 +02:00
Philip Molares
90b64c73b3
test: fix service tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:53:07 +02:00
Philip Molares
b135333a51
feat: add alias controller to private and public api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:28:59 +02:00
Philip Molares
2b76d33a23
feat: add aliases to service files
This commit makes it possible to identifier notes via any alias in the note and history service.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:47:38 +02:00
Philip Molares
babd5ce393
chore: create getIdentifier utility function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:53:29 +02:00
Philip Molares
8c214820e1
chore: create getPrimaryAlias utility function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:51:47 +02:00
Philip Molares
d1b7c2a2db
feat: add alias service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:53:54 +02:00
Philip Molares
17c55195c3
feat: add list of aliases to note entity
One of the aliases can be primary for each note, but all can be used to get information from the apis.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:46:32 +02:00
Philip Molares
86d060706f
chore: add PrimaryAliasDeletionForbiddenError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:52:00 +02:00
Philip Molares
1fd15cc376
chore: add alias dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:54:42 +02:00
Philip Molares
366057fb8b
feat: add auth controller with internal login, registration, password change and logout
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 22:00:14 +02:00
Philip Molares
cd4ee84ec3
feat: add LoginEnabledGuard and RegistrationEnabledGuard
These guards check if the login or registration are enabled in the config. If so the guarded method is executed, if not the client will get the HTTP Error 400 Forbidden as an answer

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:31:01 +02:00
Philip Molares
46d03571c1
fix: update seed.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:51 +02:00
Philip Molares
5a91662865
feat: add session handling
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:36:13 +02:00
Philip Molares
1c52ad69a6
feat: add identity module
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:23 +02:00
Philip Molares
df10ed92e3
feat: add local auth strategy
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:12 +02:00
Philip Molares
b9cec8aeca
feat: add identity service
This service handles all the authentication of the private api.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:58:54 +02:00
Philip Molares
3cc321f353
feat: add getFirstIdentityFromUser helper function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:46 +02:00
Philip Molares
e7eb6694a6
feat: change email auth config to local
This was done to use the same term. Also email was the old term from HedgeDoc 1 and wildly inaccurate. As we never checked any mail addresses, in fact it was more of a username than anything else.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 19:24:32 +02:00
Philip Molares
43242cccc9
feat: add session to AuthConfig
this handles the settings for the cookie session. The secret and the lifeTime of the cookie can be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 17:46:58 +02:00
Philip Molares
0ef0d1e111
feat: add local auth dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:54:05 +02:00
Philip Molares
5e4eb574c5
chore: add user relation enum
this enum is used to specify which relation of the user object should be populated.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:36 +02:00
Philip Molares
337854c86a
feat: lazy load identities of user object
This makes it possible that we can get identities from any user object even if we didn't specify that while getting them from the orm

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 22:13:16 +02:00
Philip Molares
23e26fb830
chore: move identity entity in its own folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:53:20 +02:00
Philip Molares
547f2239cc
chore: move password related functions from AuthService to utils file
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:47:13 +02:00
Philip Molares
cf8f3b39ec
feat: add ProviderType enum
This is used to give identities a type and to easily get the identity any auth method would need.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:22 +02:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00
David Mehren
5ecb0c0694
RevisionsService: Refactor getFirst/LastRevision
The functions now expect a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:45:56 +02:00
David Mehren
fe26f1689c
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:28:21 +02:00
David Mehren
341e3a3e5a
HistoryService: Remove getEntryByNoteIdOrAlias
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:57:35 +02:00
David Mehren
d2b60a316f
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:42:46 +02:00
David Mehren
839877dbc5
HistoryService: Refactor updateHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:38:10 +02:00
David Mehren
3396d3e47d
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:19:53 +02:00
David Mehren
470f09d8fe
Private API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:33:02 +02:00
David Mehren
ed8fd3939c
Public API: Remove superfluous try/catch
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:32:45 +02:00
David Mehren
83869aaa48
Public API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:28:14 +02:00
David Mehren
73be10e606
Implement GetNotePipe
This pipe transforms a note ID or alias to a Note object
by loading it from the database.
It also performs error handling

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:18:54 +02:00
David Mehren
b480adc807
Public API: Introduce RequestUser decorator
This introduces the `RequestUser` decorator
to extract the `User` from a request.

It reduces code duplication across the public API
and allows us to drop the override of the `Request` type from express.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-28 19:03:15 +02:00