Yannick Bungers
a1fd52d8ab
fix param description of updateNotePermissions
...
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
Yannick Bungers
f096d706c8
optimize readability of find calls
...
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
Yannick Bungers
70d7ca5475
Move permission update functions to permissions controller
...
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
Yannick Bungers
4dd2762be2
Add unit tests for new notes service methods
...
setUserPermission
removeUserPermission
setGroupPermission
removeGroupPermission
changeOwner
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
Yannick Bungers
0a3271e4a5
Add GroupsModule import to public API module
...
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
Yannick Bungers
647990022b
Add API routes for fine-grained permission manipulation
...
Signed-off-by: Yannick Bungers <git@innay.de>
fix lint
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
Yannick Bungers
20ebb41197
Add service functions for fine-grained permission API calls
...
Signed-off-by: Yannick Bungers <git@innay.de>
2022-03-13 21:33:02 +01:00
David Mehren
3e096e9cbe
fix(note-user-permission): ensure whole row gets deleted
...
By default, TypeORM wants to NULL the child-side of a
many-to-one relation, when the relation gets deleted.
This is not possible when the column is not nullable,
so the whole row needs to get deleted.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-13 21:33:02 +01:00
David Mehren
2ae8b0c44f
refactor(frontend-integration): inline-import http-proxy-middleware
...
If no dev-dependencies are installed, the unconditional
import crashes the app.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:55:07 +01:00
David Mehren
e7ca10bb66
refactor(history-entry-import-dto): rename lastVisited -> lastVisitedAt
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
2605e8894d
refactor(media-service): delete unused method
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
c16d5bb79e
fix(revision): DTOs should correctly extend BaseDto
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
09ec447069
feat(note): save createdAt in a separate column
...
To keep the createdAt date stable, even when the revisions are dropped,
this adds a separate column
to store this data separately from revisions.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
342efcd7b7
feat(note-metadata): replace primaryAlias with primaryAddress
...
The primary address is never null.
If no alias is set, the id is returned.
To still easily get the primary alias, the complete Alias DTOs
are now included in the metadata.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
64b16c831e
refactor(register-dto): rename displayname -> displayName
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
6f1bdcbaa5
feat(revision): include author details in metadata dto
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
a9f27731bd
refactor(revision): make RevisionDto extend RevisionMetadataDto
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
3ea42fb048
feat(revision): include length in dto
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
7050c9f13b
feat(revision): include edits in dto
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
50c8f39c0c
feat(note): add version attribute
...
This attribute was defined in the dev docs,
but never implemented.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
6944094b9b
fix(api/private/me): require and document displayName
...
This renames the argument in the POST /profile route to `displayName`
to be more consistent with the UserDTO.
It also adds OpenAPI docs.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
d6ea4d29fe
feat(api/private/me): include authProvider in UserInfo
...
This information is supposed to be used by the frontend
to identify the login method that was used.
The used login method is saved as a string into the session data
and extracted via a new SessionAuthProvider decorator.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
3f8e3b0589
refactor(api/public/media): return MediaUpload object instead of url
...
This ensures the POST /media API behaves in the same way as /me/media
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
8e31f3a393
refactor(api/private/media): return MediaUpload object instead of url
...
This ensures the private POST /media API behaves in the same way as /me/media
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
4f10e17d40
fix(frontend-config): iframe origins should be non-optional
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-07 13:54:43 +01:00
David Mehren
513d64493e
test: add and use a mocked DatabaseConfig
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
89297e748f
fix: TypeError in HistoryEntryImportDto
...
For reasons, during testing, reflect-metadata might not be imported.
This causes the `@Type` annotation to crash the test with a TypeError.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
f9448bb801
fix(session): limit subqueries for mariadb
...
MariaDB does not support `connect-typeorm`s subqueries,
so they need to be disabled if this dialect is used.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
552cb05d92
refactor(api/private/tokens): validate POST data with DTO
...
This adds a `AuthTokenCreateDto` which allows
to fully validate incoming JSON data.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
fd3fde9cc8
refactor(api/private/history): validate POST data with DTO
...
This adds a `HistoryEntryImportListDto` which allows
to fully validate incoming JSON data.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
a32d9e8305
fix(api/private/auth): wait for error
...
Previously, the `logout` method immediately returned and did not wait
for the possible error callback.
This wraps the call to `session.destroy` into a promise,
so the error can be properly handled.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
72c354d5f6
refactor(history-service): use NoteService to get note
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
5eab4f42d6
refactor: merge AuthTokenDTOs into one file
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
David Mehren
de952fe3b2
feat(auth-service): accept undefined validUntil param
...
The `validUntil` parameter for `createTokenForUser` may be undefined
in some usages.
As it is easy to add handling for that here, this commit implements it.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 22:24:21 +01:00
Philip Molares
35075bdb0b
test: add unit test for noteConfig
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:42:19 +01:00
Philip Molares
96747b6d68
fix: use joi positive and integer validators on HD_MAX_DOCUMENT_LENGTH
...
validate HD_MAX_DOCUMENT_LENGTH with the positive and integer validators of Joi.
See also:
- https://joi.dev/api/#numberpositive
- https://joi.dev/api/#numberinteger
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:42:19 +01:00
Philip Molares
de8bad13cf
test: add unit test for appConfig
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
Philip Molares
45df0e6edb
fix: rename parseOptionalInt to parseOptionalNumber
...
This allows us to handle the possible errors due to non-integer numbers with joi and return more precise error messages.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
Philip Molares
151e12a8a7
fix: use joi positive, integer and max validators on PORT
...
validate PORT with the positive, integer and max validators of Joi.
See also:
- https://joi.dev/api/#numberpositive
- https://joi.dev/api/#numberinteger
- https://joi.dev/api/#numbermax
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
Philip Molares
0a778d8a64
fix: use joi uri validator in appConfig
...
validate HD_DOMAIN and HD_RENDERER_ORIGIN with the uri validator of Joi. This should prevent the problem described in #2150 .
Fixes #2150
See also: https://joi.dev/api/#stringurioptions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-03-06 21:35:58 +01:00
David Mehren
7e8716ec95
fix: ensure dates are properly transformed
...
To correctly transform Date objects from ISO-strings in JSON
to instances, class-transformer requires the `@Type` annotation.
References:
https://github.com/typestack/class-transformer#%D1%81onverting-date-strings-into-date-objects
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 20:54:46 +01:00
David Mehren
59a235ebc4
fix: ensure nested objects are properly validated & transformed
...
To validate nested objects, class-transformer requires
the `@ValidateNested` annotation.
For arrays, class-transfomer requires
setting `each: true`.
To correctly transform nested objects from JSON to instances,
class-transformer requires the `@Type` annotation.
References:
https://github.com/typestack/class-validator#validating-nested-objects
https://github.com/typestack/class-validator#validating-arrays
https://github.com/typestack/class-transformer#working-with-nested-objects
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 20:54:46 +01:00
David Mehren
324536bc2d
feat(validation): send error message to client
...
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-06 20:52:52 +01:00
David Mehren
0be8e4ea55
feat(api/private): add GroupsController
...
The GroupsController can be used to fetch information about groups.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
0394679134
feat(user-info-dto): split email into separate DTO
...
The email address should only be available
in /me routes.
This commit splits the email address into a new FullUserInfoDto.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
a7edf00ebc
feat(api/private): add UsersController
...
The UsersController can be used to fetch information about users.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-03-01 20:20:18 +01:00
David Mehren
931a168e5d
fix(session-middleware): don't hardcode database ttl
...
The cookie expiration is taken from the config,
but the expiration of session data in the database was hardcoded.
This removes the hardcoded value, so TypeormStore defaults
to cookie.maxAge.
References:
https://github.com/nykula/connect-typeorm#options
https://github.com/expressjs/session#cookiemaxage
Signed-off-by: David Mehren <git@herrmehren.de>
2022-02-27 20:55:13 +01:00
Philip Molares
cf5c398933
fix: openapi decorator
...
This now correctly returns the dto if it is provided. Previously it would return () => undefined, when the dto was not defined, which crashed some internal logic in nestjs.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-27 18:40:53 +01:00
Philip Molares
86ef8f3c7f
docs: add documentation to OpenApi decorator
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
Philip Molares
89aac9d4b6
refactor: use new openapi decorator
...
Also remove fullapi decorator, because it's fully replaced by the openapi decorator.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00