Commit graph

560 commits

Author SHA1 Message Date
David Mehren
53a0c87a53
AuthService.randomString: Throw Error instead of returning null
A string with a negative length is invalid, so we should throw here
instead of complicating the type with a possible null return value.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
72b545fec5
AuthTokenDto: Make properties consistently optional
validUntil and lastUsed already have a IsOptional decorator,
this makes the properties themselves also optional

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
cfaa07806b
AuthService: Throw NotInDBError on empty DB result
This adds error handling to various functions, so they throw a
NotInDBError instead of a TypeError

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
6fd9d64ad7
Safely parse numbers from environment vars
This adds the function parseOptionalInt to help parse numbers
from environment variables

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
2da9b76a31
Config Utils: Fix type of toArrayConfig
configValue is checked for a nullish value,
the type should reflect that.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
74bc9612cc
AuthService: Remove null from toAuthTokenDto return type
toAuthTokenDto won't return null, as TS's strict mode
prevents authToken from being nullish

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
a6e245c551
RevisionsService: Throw NotInDBError on empty DB result
This adds error handling to various getters, so they throw a
NotInDBError instead of (illegally, according to the type) returning
null.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
7adbc72a5f
Merge pull request #1130 from hedgedoc/history/transaction 2021-05-02 18:15:05 +02:00
Philip Molares
f967b34018 ControllerTests: Add connection to controller tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:09:16 +02:00
Philip Molares
f731d2d455 HistoryService: Add test for setHistory
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:09:16 +02:00
Philip Molares
ea4c58c68f HistoryService: Add setHistory method
This is the transactional reimplementation of the business logic of the history controllers setHistory method (of the private api). This should prevent the problem that the history gets deleted, but a later error in the handling of the list of HistoryEntryImportDto let's the call fail.

See also: https://docs.nestjs.com/techniques/database#transactions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:09:11 +02:00
Philip Molares
353f444f30 HistoryService: Remove extra parameters from createOrUpdateHistoryEntry
As the function is now only called with a user and a note and the previous extra parameters are now added into the transactional setHistory method, this is no longer necessary.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:08:36 +02:00
Philip Molares
056ab12e67 NotesService: Extract checkNoteIdOrAlias into own method
To reuse this functionality in the history services setHistory method, it was extracted into its own exported function.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:08:34 +02:00
David Mehren
8dbca54da7
Merge pull request #1206 from hedgedoc/test/seedDB
[Project] Add seed script
2021-05-02 17:54:14 +02:00
David Mehren
2d79404c5e
Merge pull request #1162 from hedgedoc/privateApi/fixes 2021-05-02 17:39:51 +02:00
David Mehren
c05e5bde43
Merge pull request #1203 from hedgedoc/config/renderOriginDefault 2021-05-02 17:39:17 +02:00
David Mehren
5e61de9bd5
Use node12 TypeScript base config
TypeScript recommends using a base config from https://github.com/tsconfig/bases.

Using this config reduces compile times by ~30%
and the size of the dist folder by ~45%.
It also enables the recommended `esModuleInterop` option,
which necessitated some changes to imports.
See also https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#support-for-import-d-from-cjs-from-commonjs-modules-with---esmoduleinterop

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 22:55:01 +02:00
Philip Molares
55356f36a9 [Project] Add seed script
This script invokes src/seed.ts to create a sqlite DB. The DB already contains some objects to manual test with. This ensures that devs easily can spin up a test instance of HedgeDoc and don't need to fumble around with the DB file.

See https://github.com/typeorm/typeorm#creating-a-connection-to-the-database

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-29 14:31:07 +02:00
Philip Molares
265f3095e4 FrontendConfig: Fix unit test
Emulate the behaviour of the new app config: If renderOrigin is undefined instead use domain.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-27 23:33:13 +02:00
Philip Molares
8bf5aa77e3 AppConfig: Move default for rendererOrigin to config file
As we only use rendererOrigin in the frontend config service, where domain will be used if it is not defined, it makes more sense to move this default behavior to the app config directly. That makes it easier to understand what this variable contains and that it defaults to domain.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-27 23:08:22 +02:00
David Mehren
6129f21ddc
Merge pull request #1187 from hedgedoc/improvement/remove-banner-from-frontend-config 2021-04-25 21:32:16 +02:00
Tilman Vatteroth
1f626465fb
Remove banner from frontend config
NestJS adds the headers "Last Modified" and "ETag" to asset serving responses.
Therefore all the information we need for the banner are already given by the
file content or the file meta data.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-04-25 21:27:42 +02:00
Tilman Vatteroth
af106fdf50
Add serving of static assets under the relative URL '/public'
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-04-25 21:27:36 +02:00
Yannick Bungers
0bad4827bf
Merge pull request #1179 from hedgedoc/util/replaceNull 2021-04-25 21:03:45 +02:00
Philip Molares
841ad8428d Services: Use replaceNullWithEmptyString
Add the helper method replaceNullWithEmptyString to the services, where it is needed.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-24 21:22:31 +02:00
Philip Molares
75466c5202 PrivateApi: Add CORS-Header for rendererOrigin
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:34:51 +02:00
Philip Molares
526ee6e506 PrivateApi: Serve under /api/private
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:34:51 +02:00
Philip Molares
1f897636bb PublicApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:13:13 +02:00
Philip Molares
6ac267a226 PrivateApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:13:13 +02:00
Philip Molares
c29ce7eed5 MediaService: Add removeNoteFromMediaUpload method
This method replaces the associated note of a media upload with null.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:13:13 +02:00
Philip Molares
e7c9a214df MediaUpload: Make note nullable
As it is possible to delete a note without also deleting the associated media uploads this needs to changed in the media upload entity, too.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:13:10 +02:00
Philip Molares
17b442aff1 Notes: Add NoteMediaDeletionDto
This is used to specify if the media uploads should be kept or deleted, when deleting a note.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:12:46 +02:00
David Mehren
87e0ca54e1
Merge pull request #1164 from hedgedoc/fix/revision
RevisionsService: Add missing awaits
2021-04-22 22:50:44 +02:00
David Mehren
d0aa73dfb3
Merge pull request #1170 from hedgedoc/fix/fs_backend_logging
FilesystemBackend: Fix functionContext logging
2021-04-22 22:45:38 +02:00
Philip Molares
421b951a62 AppConfigMock: Use correct loglevel
Until now the app config mock used ts-loader's LogLevel instead of our own Loglevel, which is obviously wrong.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 22:23:59 +02:00
David Mehren
6aa85345d1
FilesystemBackend: Fix functionContext logging
This commit adds a few missing `functionContext` parameters in calls to
`this.logger` and fixes a copy-paste error in `ensureDirectory`

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 21:58:03 +02:00
Philip Molares
bcd434b201 RevisionsService: Add missing awaits
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 18:26:19 +02:00
Philip Molares
24ee95282d Entities: Add onDelete CASCADE to entities
To better handle deletion of entities, all necessary other entities got the option onDelete CASCADE set. So everything that does not make any sense if something else is deleted will be deleted along side of it.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-19 23:04:09 +02:00
Philip Molares
5758463b07 PrivateAPI: Add me controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-19 18:33:09 +02:00
Philip Molares
53d29c6e8a MediaService: Change deleteFile
The former deleteFile was moved to the public apis media controller and the actual deletion functionality was moved in a separate function to be called on user deletion.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-19 18:33:09 +02:00
Philip Molares
5f886b8a27 UsersService: Add unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-19 18:33:04 +02:00
Philip Molares
478e25e77c UsersService: Polish methods
Add test to createUser method to ensure an already used username triggers a AlreadyInDBError.
Add debug entry if user is deleted.
Add changeDisplayName method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 22:49:24 +02:00
Philip Molares
c65ef80dd5 UsersService: Add JSDoc to all methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 22:49:24 +02:00
Philip Molares
e591a65945 UserEntity: Make userName unique
Each username should only be given once.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 22:49:24 +02:00
Yannick Bungers
eaa5254418
Merge pull request #1039 from hedgedoc/fix/permissionsCreationAndFinding 2021-04-18 22:45:24 +02:00
David Mehren
1785190f75
Merge pull request #1135 from hedgedoc/publicApi/swaggerUpload
PublicAPI: Add file upload dialog to openapi docs
2021-04-18 22:44:01 +02:00
Philip Molares
1aa9b5f915 NotesService: Get user and group of the permission
This also fetches to user and group of permissions and not only the `canEdit` property.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 22:35:28 +02:00
Philip Molares
85ed00e2c2 NotesService: Set Permissions
Set the necessary information for the permissions to be correctly inserted into the db.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 22:35:28 +02:00
Philip Molares
029dc0d7d6 Permissions: Add cascade
This makes it possible to create permissions by setting them in the note entity and delete them when either the user or note is deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 22:35:25 +02:00
David Mehren
6699e4b0c8
Merge pull request #1131 from hedgedoc/improve/logging 2021-04-18 22:28:11 +02:00
David Mehren
32d9f21630
Merge pull request #1141 from hedgedoc/mediaBackend/webDAV 2021-04-18 22:22:28 +02:00
Philip Molares
6cc406281c MediaBackend: Add WebdavBackend
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 21:54:37 +02:00
Philip Molares
b490fe3ffc PublicAPI: Add file upload dialog to swagger api
This makes it possible to truly upload a file with swagger api documentation.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 21:02:06 +02:00
Philip Molares
6c1cda2c9a Config: Add WebDAV to media config
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 20:45:39 +02:00
Philip Molares
0ef9a338f3 UnitTests: Add appConfigMock
This is necessary as the Logger needs this config for the loglevel.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 18:50:57 +02:00
Philip Molares
a87408009d Logging: Handle calls with 'undefined' context
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 18:50:57 +02:00
Philip Molares
327206d60c Logging: Add LogLevels to ConsoleLoggerService
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 18:50:57 +02:00
Philip Molares
a039b85ff4 Utils: Add needToLog function
This functions makes it possible to make a partial order of the Loglevel enum. This simplifies the if statements in ConsoleLogger.
This is done, because the Loglevel enum already has a string backing for easy conversion from the config environmental variables and therefore can't also have a ordinal number assigned…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 18:50:55 +02:00
David Mehren
0e5ce048a3
Merge pull request #1127 from hedgedoc/history/entryRename 2021-04-17 19:23:19 +02:00
David Mehren
ff27e988a6
Merge pull request #1136 from hedgedoc/fix/getServerVersion
Utils: Fix getServerVersionFromPackageJson
2021-04-17 16:03:52 +02:00
Philip Molares
51f1da7083 Tests: Fix eslint errors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 10:14:05 +02:00
Philip Molares
434bc55bab Tests: Removed all eslint-disable lines
As we now disable what we don't need in the eslint config, we don't need this anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 10:14:05 +02:00
Philip Molares
dff5a635e0 Utils: Fix getServerVersionFromPackageJson
The cache is never null, because it defaults to undefined, and therefore this function always returns undefined.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-15 18:39:41 +02:00
Philip Molares
0269b5e87a Logging: Remove NestConsoleLoggerService
This is not necessary anymore, because we can inject ConsoleLoggerService directly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-13 23:58:17 +02:00
Philip Molares
adffd68e68 PrivateAPI: Add lastVisited to HistoryEntryImportDto
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 12:37:47 +02:00
Philip Molares
4f858c51d2 PrivateAPI: Add pinStatus to HistoryEntryImportDto
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 12:37:38 +02:00
Philip Molares
085241999b PrivateAPI: Rename HistoryEntryCreationDto to HistoryEntryImportDto
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-10 23:26:58 +02:00
Philip Molares
31b0d797f3 Logging: Add OpenAPI log messages
Let the user know where the OpenAPI docs can be found.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 17:40:44 +02:00
Philip Molares
3493a7a26f Logging: Improve mediabackend filesystem log message.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 17:38:22 +02:00
Philip Molares
4fb7623225 FileMediaBackend: Fix generated urls
All urls should be of the form `uploads/<filename>.<extension>` regardless of what the uploadDirectory is, because the backend proxies all locally uploaded files.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 00:28:13 +02:00
Philip Molares
354db0c1a2 MediaConfigMock: Change upload path
This changes the upload path in all test to 'test_uploads' to ensure no real uploads are lost.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 00:28:13 +02:00
Philip Molares
ff7fbcaf0e PrivateAPI: Add media controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-25 22:26:41 +01:00
Philip Molares
b60fa155dd PrivateAPI: Add notes controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-25 20:36:18 +01:00
Philip Molares
dd7ca87337 PrivateApi: Add config controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 20:08:13 +01:00
Philip Molares
e471342497 FrontendConfig: Add new service
This service handles the config for the frontend.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 20:08:13 +01:00
Philip Molares
c4161cec98 Config: Add rendererOrigin and maxDocumentLength to AppConfig
These are used in the /config private API call.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 20:08:13 +01:00
Philip Molares
f63d37dbf7 Config: Add identifier to all multi auth provider to AuthConfig
These are used in the /config private API call and needed to distinguish with which of the multiple auth providers a login should occur.
This also fixes the types of the multiple auth provider arrays to something that works, as `[{}]` specifics exactly on object in an array.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 20:08:13 +01:00
Philip Molares
de82b72b62 Config: Create new config mocks for tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 20:08:09 +01:00
Philip Molares
e8339e0976 Config: Add two new Subconfigs
CustomizationConfig holds all possible customization configs.
ExternalConfig holds external services that may be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:59:07 +01:00
Philip Molares
19318ae518 Config: Extend AppConfig mock
This is now more in line what you would get from the regular config code

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:59:07 +01:00
Philip Molares
381718f0eb Config: Move config mocks in own folder
To clean up the config folder, all mocks are now in it's own folder.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:59:05 +01:00
Philip Molares
942cb44e05 Utils: Extract getServerVersionFromPackageJson into own file
We need this function in at least on other part of the application so extracting it into an util file was only logical.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:58:37 +01:00
Philip Molares
37fa75fc91 PublicApi: Add GET /api/v2/notes/{note}/media
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:18:40 +01:00
Philip Molares
3ef2fce067 MediaService: Add listUploadsByNote method
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:18:40 +01:00
David Mehren
6d8780de4b
Merge pull request #1047 from hedgedoc/docs/apidocs 2021-03-21 19:07:14 +01:00
David Mehren
d3e7be491a
Merge pull request #981 from hedgedoc/privateApi/history
PrivateAPI: history
2021-03-21 19:00:21 +01:00
Philip Molares
168d85778c Docs: Add more documentation to the public api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-20 10:18:44 +01:00
Philip Molares
cb5c135cb7 Docs: Add description for common http codes
These are the descriptions for all 401, 403, 404 and 204 HTTP responses in HedgeDoc.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-20 10:18:42 +01:00
Philip Molares
3620416ed6 Docs: Add ApiProperty to all Dtos
This makes it possible for the autogenerated openapi file to contain all the dtos instead of nothing.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-19 12:08:34 +01:00
Philip Molares
7f399735f6 PrivateAPI: Add history controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-18 21:56:35 +01:00
Philip Molares
b5575bbebe MediaService: Remove allowedMimeType application/pdf
Uploading PDFs does not work with imgur and therefore HedgeDoc should not offer that.

See #533

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-15 22:41:40 +01:00
Philip Molares
9e55af1247 HistoryService: Add deleteHistory method
This method deletes all history entries of a user.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-15 21:14:56 +01:00
Yannick Bungers
7183d1fabb
Merge pull request #1021 from hedgedoc/publicApi/listMediaUpload
PublicAPI: Add GET /me/media
2021-03-15 20:26:59 +01:00
Philip Molares
c77773c247 AppConfig: Fix bug in the schema of forbiddenNoteIds
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-14 17:54:50 +01:00
Yannick Bungers
ef352a1313 Add GET /me/media
Returns all media files uploaded by the authenticated user.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-03-14 17:47:16 +01:00
David Mehren
b67ec817e6
Merge pull request #993 from hedgedoc/publicApi/me 2021-03-14 16:28:49 +01:00
David Mehren
99439af25e
Merge pull request #937 from hedgedoc/feature/forbiddenNoteIds 2021-03-14 16:06:48 +01:00
Philip Molares
d4b2dc9e4a PublicAPI: Add /me/history/:note
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-06 17:55:48 +01:00
Philip Molares
de098cf68e HistoryService: Add unit test for getEntryByNoteIdOrAlias
Also add extra test to deleteHistoryEntry

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-06 17:55:24 +01:00
Philip Molares
4034fa6495 NotesService: Add unit tests for forbidden note alias
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-06 17:49:33 +01:00
Philip Molares
9b25f401f7 NotesService: Check if note alias is forbidden
If the note alias is forbidden return a BadRequest.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-06 17:49:25 +01:00
Philip Molares
df2f14ffbf HistoryService: Add JSDocs for all methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 11:59:07 +01:00
David Mehren
8de1e4b938
Merge pull request #970 from hedgedoc/typeOrm/synchronizeToDo
AppModule: Add reminder to remove synchronize
2021-02-27 23:09:52 +01:00
Philip Molares
cbc88fd315 Errors: Add ForbiddenIdError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 23:04:52 +01:00
Philip Molares
2f028a4aae Config: Add forbiddenNoteIds to AppConfig
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 23:04:49 +01:00
Philip Molares
1042954e98 AppModule: Add reminder to remove synchronize
This auto creates schema on startup and is not intended for production use
See https://typeorm.io/#/connection-options/common-connection-options

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:58:34 +01:00
Philip Molares
2d98e2f8b4 S3Backend: Add S3 MediaBackend
Add minio dependency

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:40:56 +01:00
Philip Molares
cf6c08e3d6 MediaConfig: Change s3 config
remove region as this is specified by endPoint now
add bucket in schema and actual assignment

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:34:27 +01:00
Philip Molares
942360ea22 MediaConfig: Fix Joi schema alternatives
'...use' tries to go up one level and grab the value of 'use' there and not the same level 'use' as we want here

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:34:27 +01:00
Philip Molares
dde74f37ff AzureBackend: Add Azure MediaBackend
Add @azure/storage-blob dependency
This is the relevant part of the official azure sdk.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:18:24 +01:00
Philip Molares
eb7e6b55eb DBSchema: Add fileUrl to media_upload table
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:03:09 +01:00
Philip Molares
e2b2059bde ImgurBackend: Add Imgur MediaBackend
Add node-fetch dependency.
This was chosen as other libs we use already use node-fetch.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 21:29:14 +01:00
Philip Molares
165bb7602b MediaUploadEntity: Add fileUrl
Save the fileUrl, returned to the user on creation, in the DB.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 21:29:14 +01:00
Yannick Bungers
a92096034d
Merge pull request #936 from hedgedoc/maint/stronger_lint_checks 2021-02-27 21:24:35 +01:00
David Mehren
609b1cf3a3
Refactor server version object into own interface
This makes the type of getServerVersionFromPackageJson() way easier
to read.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 21:21:41 +01:00
David Mehren
235d7efa19
Refactor config utils to use functions instead of consts
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 17:45:44 +01:00
David Mehren
9fcc3c6cee
Enforce explicit function return types
This re-enables the `@typescript-eslint/explicit-module-boundary-types`
check and also enables the
`@typescript-eslint/explicit-function-return-type` check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 17:41:32 +01:00
David Mehren
73db821649
FilesystemBackend: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
0a23538389
NotesController: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
38b787fe25
MeController: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
b22d641406
ConsoleLoggerService: Fix ESLint errors
We now use @types/cli-color to provide type information

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
a0ffa3be04
NoteEntity: Fix ESLint errors
We now use @types/shortid to provide type information

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
2c841ae578
Fix ESLint errors in main.ts
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
1cc86a728a
Fix various ESLint errors in services
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
8c3bf66469
Fix various ESLint errors in unit tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
c5fb87de05
Fix various ESLint errors in configs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
b37b2d1047
HistoryService: toHistoryEntryDto does not need to be async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
d8d105ed75
NotesService: toNotePermissionsDto does not need to be async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
b5281991ef
AuthService: randomString does not need to by async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
ba4825a99f
Add explicit Request type
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
b78c94c3a1
Use Req decorator instead of Request
This avoids a clash with the Request type from express

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
2b14ad92cd
Don't await non-Promises
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
Philip Molares
7f9c310e58 MediaBackendInterface: Correct JSDoc of deleteFile
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 12:24:02 +01:00
Philip Molares
062104f64b FilesystemBackend: Remove getFileURL
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 11:38:50 +01:00
Philip Molares
d83e0004b7 MediaBackendInterface: Remove getFileURL
closes #957

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 00:28:17 +01:00
David Mehren
3626ce9dff
ESLint: Enable @typescript-eslint/naming-convention rule
This check enforces consistent variable naming.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-26 12:10:53 +01:00
David Mehren
6ffeb2e9c9
ESLint: Enable @typescript-eslint/return-await rule
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).

Fixes #838

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-26 12:10:51 +01:00
David Mehren
6a6dc7ea21
ESLint: Re-enable @typescript-eslint/no-explicit-any rule
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-26 12:10:05 +01:00
Yannick Bungers
75be4611d3
Merge pull request #953 from hedgedoc/mediaBackendErrors 2021-02-25 22:23:11 +01:00
Philip Molares
31f7c76697 MediaController: Handle MediaBackendErrors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-25 13:59:32 +01:00
Philip Molares
8365132a39 FilesystemBackend: Throw MediaBackendError where appropriate
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-25 13:52:50 +01:00
Philip Molares
bee2333f77 MediaService: Add MediaBackendError
This get's thrown when the backend can't perform the required action.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-25 13:51:54 +01:00
Philip Molares
ca064526a7 ConsoleLogger: Add typing to localeStringOptions
This is necessary as typescript is unable to determine that `year` in this object is of type "numeric" and not string.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-24 10:30:20 +01:00
David Mehren
0dd1f80db4
Merge pull request #948 from hedgedoc/fix/unusedImports
PermissionsModule: Remove unused imports
2021-02-23 21:09:26 +01:00
David Mehren
3fabf2596a
Merge pull request #943 from hedgedoc/refactor/getNoteContent 2021-02-23 21:05:25 +01:00
Philip Molares
0e6cc0b971 PermissionsModule: Remove unused imports
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-23 19:13:41 +01:00
Yannick Bungers
b7e188cec2 Rename viewcount to viewCount for compliance
Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-22 23:36:44 +01:00
Yannick Bungers
e081bd196b Rename getNoteContentByNote to getNoteContent
Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-22 22:34:18 +01:00
Yannick Bungers
15a1a138ee Remove unused getNoteContentByIdOrAlias
Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-22 22:32:00 +01:00
Philip Molares
5f49cb8d48 NotesService: Replace noteByIdOrAlias with note as parameter
As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 19:51:27 +01:00
Philip Molares
c9b05b3c44 NotesController: Handle new errors
Handle the AlreadyInDB and PermissionsUpdateInconsistent errors and correctly show them to the api user as BadRequest errors.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 19:51:27 +01:00
Philip Molares
93d859647d NotesService: Add unit tests
Fixed toUserDto method of UsersService: If a user has no email an empty string should be returned (like with the photoUrl) instead of null.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 19:51:24 +01:00
Philip Molares
4332b039d6 NotesService: Finished hardcoded functions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 19:45:16 +01:00
Philip Molares
8b29e32e45 Errors: Add AlreadyInDB and PermissionsUpdateInconsistent error
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 16:54:08 +01:00
Philip Molares
34087561e7 GroupsService: Create new GroupsService
This service is necessary as we plan to have functions to create and manipulate groups in the future.
The GroupInfoDto was moved from the file note-permissions.dto.ts to mimic the UserInfoDto.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 16:52:18 +01:00
Philip Molares
577811be29 NotePermissions: Remove default constructors
As discussed in #835 we don't want to have default constructors and prefer .create methods.
Because the created NoteGroupPermission and NoteUserPermission are not saved to the DB by themselves, but are saved via a change to the Note using a Pick<Class, attributes>-style return type is not helpful here as every single time the .create functions are called a full object is required.
The mock calls in the PermissionService test are not needed and break the .create calls so they got removed.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 11:38:50 +01:00
Philip Molares
353384435e NotesService: Add JsDoc strings to all functions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 11:28:19 +01:00
Philip Molares
336117cef5 NotesService: Rename getCurrentContent to getNoteContentByNote
The new name should better explain what this functions does.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-19 13:36:01 +01:00
Philip Molares
1aa821460f NotesController: Catch NotInDBErrors from permission checks
The permission check also tries to get the note and a non existing note needs to be handled there too.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-18 22:25:55 +01:00
Yannick Bungers
0fc9c11a41 Add test for permission service
Many tests are generated and not static like in other files.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-18 22:25:55 +01:00
Yannick Bungers
0ea7991e36 Add guest permission mock and checking
mocked by attribute of permission service

Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-18 22:25:55 +01:00
Yannick Bungers
a694d71fff Add permission checks for notes routes
Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-18 22:25:55 +01:00
Yannick Bungers
f40ed5db2a Add permissions Service
Checks if the given user has sufficient rights on the given resource.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-18 22:25:55 +01:00
Yannick Bungers
f8e07f6940 Add relation between User and Group
This represents the users which are members of this group

Signed-off-by: Yannick Bungers <git@innay.de>
2021-02-18 22:25:52 +01:00
David Mehren
669688c12f
Merge pull request #847 from hedgedoc/test/authServiceUnitRewrite
Tests: Rewrote AuthService unit test
2021-02-16 22:29:14 +01:00
Philip Molares
680ca4188f Tests: Rewrote AuthService unit test
The unit test now uses per test mocking of the necessary functions instead of one mock in the beforeEach call.
Also some tests got expanded to cover more error cases.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 22:25:37 +01:00
David Mehren
2367e3c31b
Merge pull request #912 from hedgedoc/feature/serverUploads
StaticServe: Fix serving images under uploads/
2021-02-16 21:50:35 +01:00
David Mehren
77f00d961a
Merge pull request #916 from hedgedoc/feature/prefixPublicApi
PublicApi: Add correct prefix
2021-02-16 21:49:54 +01:00
Philip Molares
e6c1cc7810 MediaService: Add unit tests
The file test.zip is used to fail the saveFile test with 'MIME Type not supported'

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 21:12:23 +01:00
Philip Molares
3120d2dfb9 MediaService: Add JS-Docs to media service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 20:25:33 +01:00
Philip Molares
05ac7dc4ae StaticServe: Fix serving images under uploads/
This did not work until now, because path and prefix were swapped.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 20:22:49 +01:00
Philip Molares
73113dc361 PublicApi: Add correct prefix
Using nest-router for this purpose as it is a rather easy addition to our structure. As we don't add the Router to any e2e tests we don't need to change them.

fixes #523

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 20:19:45 +01:00
David Mehren
8b62b7d93c
Add missing logging context at various places
Our custom logger supports providing the name of the function that
calls the logger, this commit adds this context string where it
was previously missing.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-05 22:30:22 +01:00
Philip Molares
88ed1ec8ba Docs: Add api tags to group controller
For a better structure of the autogenerated apidoc website tags are used. Each Controller get it's own tag and will be put in a separate section.

See https://docs.nestjs.com/openapi/operations#tags

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-05 14:13:34 +01:00
Philip Molares
1becc9b3d2 Tests: Fix Mock Auth
This makes it possible to create the user before the mock auth guard does it's magic. This is necessary for some test, where we need the user object before the api is called.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-04 21:50:19 +01:00
Philip Molares
10ef4fcee1 History: Add unit and e2e test
Add unit tests for history service
Adapt relevant me e2e tests to work

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-04 21:50:19 +01:00
Philip Molares
7f1afc30c9 History: Add history service and usage
Add history service to allow for CRUD operations.
Use history service in controllers to:
  1. Allow manipulating of history entries
  2. Guaranty the correct existence of history entries

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-04 21:50:19 +01:00
Philip Molares
b76fa91a3c History: Add HistoryEntry
With this the backend now can hold a history entry.
Also included in this commit are some minor changes to tests and services so they can still work.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-04 21:50:14 +01:00
Yannick Bungers
c2b6c6fe49 Reformat code by yarn format
Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-31 00:12:00 +01:00
Philip Molares
a7f35aaeec tests: Fix tests as part of the DTO Refactor
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-31 00:11:58 +01:00
Yannick Bungers
b07d6d478c Refactoring of controllers and service interfaces
DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers

Signed-off-by: Yannick Bungers <git@innay.de>
2021-01-30 00:15:05 +01:00
Philip Molares
08b3dd5db9 auth: Fix undefined secret error
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:24:19 +01:00
Philip Molares
ba517b3cfe auth: Fix UnauthorizedException throwing
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 22:00:47 +01:00
Philip Molares
5a727d530b auth: Fix secret length
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 21:32:54 +01:00
David Mehren
b49c802c79
Merge pull request #776 from hedgedoc/fix/UnauthorizedException
auth: Fix handling of internal server errors
2021-01-29 20:52:36 +01:00
Philip Molares
84915b61ac auth: Fix handling of internal server errors
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 20:33:56 +01:00
Philip Molares
2f17291079 config: Fix inconsistent env vars
This should make the translation from env var name to config name and vice versa more consistent.

Fixes #751

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-28 23:28:16 +01:00
David Mehren
3ba64f15f1
Swagger: Split public and private API
Fixes #759

Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-27 20:02:25 +01:00
Philip Molares
563f862846 auth: Encode secret in base64url
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-27 00:23:43 +01:00
Philip Molares
7aeb77b262 auth: Fix base64url transformation
The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-26 10:56:45 +01:00
David Mehren
3dc223847d
HistoryEntryDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
3f16a398d2
HistoryEntryUpdateDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
5f71e779ef
NoteDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
be2dc0e4d6
NoteAuthorshipDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
84143eec7d
RevisionMetadataDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:39 +01:00
David Mehren
43194500e9
RevisionDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
e4f0c5c064
NoteMetadata DTOs: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
a83a7c7a66
NotePermission DTOs: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
David Mehren
d3acd3d2db
UserInfoDto: Add doc comments
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-25 22:48:38 +01:00
Philip Molares
bfe14dad8d auth: Run removeInvalidTokens 5s after startup
This should prevent problem with the AuthToken purge on Sundays, as the service is either running on sunday or will be restarted there after.

Also move base64url comment to right function

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00