Commit graph

561 commits

Author SHA1 Message Date
Philip Molares
1fd15cc376
chore: add alias dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-07 21:54:42 +02:00
Philip Molares
366057fb8b
feat: add auth controller with internal login, registration, password change and logout
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 22:00:14 +02:00
Philip Molares
cd4ee84ec3
feat: add LoginEnabledGuard and RegistrationEnabledGuard
These guards check if the login or registration are enabled in the config. If so the guarded method is executed, if not the client will get the HTTP Error 400 Forbidden as an answer

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:31:01 +02:00
Philip Molares
46d03571c1
fix: update seed.ts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:51 +02:00
Philip Molares
5a91662865
feat: add session handling
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:36:13 +02:00
Philip Molares
1c52ad69a6
feat: add identity module
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:23 +02:00
Philip Molares
df10ed92e3
feat: add local auth strategy
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:59:12 +02:00
Philip Molares
b9cec8aeca
feat: add identity service
This service handles all the authentication of the private api.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:58:54 +02:00
Philip Molares
3cc321f353
feat: add getFirstIdentityFromUser helper function
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:46 +02:00
Philip Molares
e7eb6694a6
feat: change email auth config to local
This was done to use the same term. Also email was the old term from HedgeDoc 1 and wildly inaccurate. As we never checked any mail addresses, in fact it was more of a username than anything else.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 19:24:32 +02:00
Philip Molares
43242cccc9
feat: add session to AuthConfig
this handles the settings for the cookie session. The secret and the lifeTime of the cookie can be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 17:46:58 +02:00
Philip Molares
0ef0d1e111
feat: add local auth dtos
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:54:05 +02:00
Philip Molares
5e4eb574c5
chore: add user relation enum
this enum is used to specify which relation of the user object should be populated.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-31 13:39:36 +02:00
Philip Molares
337854c86a
feat: lazy load identities of user object
This makes it possible that we can get identities from any user object even if we didn't specify that while getting them from the orm

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 22:13:16 +02:00
Philip Molares
23e26fb830
chore: move identity entity in its own folder
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:53:20 +02:00
Philip Molares
547f2239cc
chore: move password related functions from AuthService to utils file
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:47:13 +02:00
Philip Molares
cf8f3b39ec
feat: add ProviderType enum
This is used to give identities a type and to easily get the identity any auth method would need.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-08-08 21:57:22 +02:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00
David Mehren
5ecb0c0694
RevisionsService: Refactor getFirst/LastRevision
The functions now expect a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:45:56 +02:00
David Mehren
fe26f1689c
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:28:21 +02:00
David Mehren
341e3a3e5a
HistoryService: Remove getEntryByNoteIdOrAlias
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:57:35 +02:00
David Mehren
d2b60a316f
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:42:46 +02:00
David Mehren
839877dbc5
HistoryService: Refactor updateHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:38:10 +02:00
David Mehren
3396d3e47d
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:19:53 +02:00
David Mehren
470f09d8fe
Private API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:33:02 +02:00
David Mehren
ed8fd3939c
Public API: Remove superfluous try/catch
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:32:45 +02:00
David Mehren
83869aaa48
Public API: Use GetNotePipe
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:28:14 +02:00
David Mehren
73be10e606
Implement GetNotePipe
This pipe transforms a note ID or alias to a Note object
by loading it from the database.
It also performs error handling

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:18:54 +02:00
David Mehren
b480adc807
Public API: Introduce RequestUser decorator
This introduces the `RequestUser` decorator
to extract the `User` from a request.

It reduces code duplication across the public API
and allows us to drop the override of the `Request` type from express.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-28 19:03:15 +02:00
Yannick Bungers
3b5ccddfcc
Fix copy paste error in auth toAuthTokenDto test
Add an hour difference between createdAt and validUntil to better detect
these errors.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-03 19:15:42 +02:00
David Mehren
9450f500d6
Cleanup some imports
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:57:00 +02:00
David Mehren
5ed2fae44e
Enforce import order with prettier
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
Philip Molares
c31da7ec33
test(generatePublicId): test if with a given random buffer a correct encoding is generated
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-15 21:17:07 +02:00
Philip Molares
ef5dfebb53
fix(publicId): generate 128-bit instead of 128-byte value
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-14 08:45:48 +02:00
David Mehren
28a1628722
Switch to new buffered logger
NestJS 8 allows the logs to buffer on startup, so that all logs run
through our custom logger.

See also https://docs.nestjs.com/techniques/logger#dependency-injection

Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-15 20:21:42 +02:00
David Mehren
43f887b4c1
EditDto: Clarify that the username can be null
If the edit was made by a anonymous user, we don't have a username.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 22:04:59 +02:00
David Mehren
1b1e232476
Rename NoteAuthorshipDto to EditDto
After Authorship was renamed to Edit, the DTO should follow.
The file is also moved to the revisions folder, where the entity
already is.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 22:02:32 +02:00
David Mehren
b2d37abf6c
Rename Authorship entity to Edit
As we now have a separate Author entity, which holds information
about an author (the color), the Authorship name became confusing.
Edit seems to be a better name, as the entity saves information
about a change in a note.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 21:46:41 +02:00
David Mehren
5846ca75a9
NotesService: Implement getAuthorUsers
This reimplements logic to get all Users that ever edited a note
and fixes the empty `editedBy` property of `toNoteMetadataDto`
introduced in 81cc092e.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-24 21:58:44 +02:00
David Mehren
6abcb686ca
Seed: Generate multiple notes and authorships
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 21:09:15 +02:00
David Mehren
f6d430c23f
Adjust tests to new Session and Author entities
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-17 22:28:35 +02:00
David Mehren
3d07c5e443
AuthorshipEntity: Adjust to DB schema
This commit replaces the user property with a author property,
in accordance with the DB schema updated in 0d6c3002.

It also adjusts the NoteService accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 22:12:25 +02:00
David Mehren
8040f47d00
Add Author property to Session & User
The DB schema was updated in 0d6c3002,
this adds the new author property to
the Session and User entities.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:39:33 +02:00
David Mehren
1dc6db24a9
AuthorEntity: Add create method
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 22:12:00 +02:00
David Mehren
4e14053f8f
AuthorEntity: Add missing properties
This adds the missing properties according to the DB PlantUML schema

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:11:48 +02:00
David Mehren
59a4c72299
UsersModule: Add Session to TypeORM module
This seems to have been missed in
db026d6a57, where the Session entity
was added.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:15:10 +02:00
David Mehren
283ec673cf
Remove AuthorColor entity
It will be replaced with the Author entity,
that will save the color

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-17 21:08:13 +02:00
David Mehren
9e5d95657d
Move publicID creation to Note.create
Before this commit, `Note.create()` did not return a complete object,
as the `publicId` property was missing.
This adds the generation of the property to the `create` method and
moves the actual generation code from the `NotesService`
to a utility method.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-19 21:19:08 +02:00
Philip Molares
0f58757858
chore(test): Change test to work with publicId
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:46:02 +02:00
Philip Molares
b7e52f8166
feat(notes): Use publicId in notes service
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:44:43 +02:00
Philip Molares
ce132f2432
feat(note): Add publicId field
This field is a randomly generated 128-bit value encoded with base32-encode using the crockford variant and converted to lowercase.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:43:42 +02:00
Philip Molares
875e848b80
refactor: Remove randomString function
This was done because it was only a wrapper for a nodejs function to check if the given parameter is a positive number.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:41:01 +02:00
Thomas Snowden
7087135ea4
Add API decorator to reduce clutter
Signed-off-by: Thomas Snowden <zapperchamp1@gmail.com>
2021-04-24 19:10:16 -04:00
David Mehren
eaf1852fe5
Format with Prettier 2.3
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-15 21:13:44 +02:00
Philip Molares
f739687b00
Refactor(note): Remove shortid from note
This is a 1.x relict and isn't used anymore in 2.x. All 1.x shortids will be converted to aliases on migration of 1.x to 2.x.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-11 22:37:52 +02:00
Philip Molares
f5039791ed
Linting: Fixed wrong logger contexts
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 21:53:28 +02:00
David Mehren
375cb4eae9
AuthTokenEntity: Make validUntil not nullable
As all tokens are valid for a maximum of 2 years, the
validUntil attribute is always populated.

This updates the database schema and the DTO to reflect that.

Fixes #1256

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 22:05:47 +02:00
David Mehren
6ddaa59e8c
Remove superfluous overrideProvider statements
Fixes #1254

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 21:34:43 +02:00
David Mehren
076c9c502d
Add error handling in seed.ts
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-02 18:35:38 +02:00
David Mehren
6471ba92ef
Fix nullable property types in Note DTOs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-02 18:33:07 +02:00
David Mehren
73997d4693
MediaUploadDto: Make noteId optional
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:59:40 +02:00
David Mehren
d4495a0a62
GroupsService: Remove test obsoleted by strict mode
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 21:53:05 +02:00
David Mehren
8388edcd53
UsersService: Remove test obsoleted by strict mode
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 21:52:20 +02:00
David Mehren
0944f07834
Ensure optional properties of AuthTokenDto are initialized
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 21:14:09 +02:00
David Mehren
246d053b68
Add explicit type annotations to nullable columns
TypeORM can't correctly infer the data type on properties with a `| null` type.
This commit adds explicit type annotations.

See also https://github.com/typeorm/typeorm/issues/2567#issuecomment-408599335

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 19:08:59 +02:00
David Mehren
80d8ce901b
NotesService.toNoteMetadataDto: Handle undefined updateUser
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:30:48 +02:00
David Mehren
772263317d
NotesService: Fix type errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:30:17 +02:00
David Mehren
e217b30d26
Consistently type properties as optional
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:29:12 +02:00
David Mehren
bc08493f89
GroupsService: Remove null from toGroupDto return type
toGroupDto won't return null, as TS's strict mode
prevents group from being nullish

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:28:32 +02:00
David Mehren
b962e8390a
NotesController: Double-check that req.user is defined
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:12:20 +02:00
David Mehren
0a8dd454ab
NoteEntity: Allow anonymous notes
Notes created by anonymous users don't have an owner.
This commit updates the entity accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 18:09:22 +02:00
David Mehren
bd56d17663
MediaUploadDto: Make noteId optional
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:59:40 +02:00
David Mehren
3b0bbe8b00
MediaService: Handle unexpected backend type
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:59:18 +02:00
David Mehren
22702b3390
Correctly type nullable columns
TypeORM columns with `nullable: true` can be `null` at runtime.
This commit ensures that the types of the corresponding properties reflect that.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:54:57 +02:00
David Mehren
d63f581a42
MediaController: Double-check that req.user is defined
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:44:27 +02:00
David Mehren
90038cf116
MeController: Double-check that req.user is defined
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.

In the future, we may add a custom Request type and
a custom param decorator to centralize the check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:43:16 +02:00
David Mehren
87eb099d34
UsersService: Remove null from toUserDto return type
toUserDto won't return null, as TS's strict mode
prevents user from being nullish

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:40:13 +02:00
David Mehren
a453344205
MarkdownBody: Handle error in getOwnPropertyDescriptor
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:27:15 +02:00
David Mehren
4959be739a
Handle config initialisation error on app bootstrap
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:22:01 +02:00
David Mehren
8357f3072c
HistoryService: Throw NotInDBError on empty DB result
This adds error handling to getEntryByNote, so it throws a
NotInDBError instead of (illegally, according to the type) returning
null.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:16:30 +02:00
David Mehren
1a72e3c727
FrontendConfig DTOs: Make properties consistently optional
Some properties already have a IsOptional decorator,
this makes the properties themselves also optional

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:13:54 +02:00
David Mehren
56ce66bc8b
ConsoleLoggerService: Fix type of context properties
Nullish values of functionContext and classContext are handled correctly,
so the type can be adjusted

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:10:46 +02:00
David Mehren
52bb44a561
AuthService: Fix type of toAuthTokenWithSecretDto
toAuthTokenDto does not return nor accept a nullish value anymore,
so the types can be adjusted.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:07:58 +02:00
David Mehren
327f36af94
AuthService.randomString: Throw Error instead of returning null
A string with a negative length is invalid, so we should throw here
instead of complicating the type with a possible null return value.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 16:06:59 +02:00
David Mehren
5ee9b2a7e8
AuthTokenDto: Make properties consistently optional
validUntil and lastUsed already have a IsOptional decorator,
this makes the properties themselves also optional

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 15:55:11 +02:00
David Mehren
ef8b8d985e
AuthService: Throw NotInDBError on empty DB result
This adds error handling to various functions, so they throw a
NotInDBError instead of a TypeError

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 18:27:03 +02:00
David Mehren
52f6310e91
Safely parse numbers from environment vars
This adds the function parseOptionalInt to help parse numbers
from environment variables

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 15:34:59 +02:00
David Mehren
36e721d4a9
Config Utils: Fix type of toArrayConfig
configValue is checked for a nullish value,
the type should reflect that.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 15:26:15 +02:00
David Mehren
dcc09747d2
AuthService: Remove null from toAuthTokenDto return type
toAuthTokenDto won't return null, as TS's strict mode
prevents authToken from being nullish

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 15:07:50 +02:00
David Mehren
d87980ae6d
RevisionsService: Throw NotInDBError on empty DB result
This adds error handling to various getters, so they throw a
NotInDBError instead of (illegally, according to the type) returning
null.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 15:03:44 +02:00
Philip Molares
258a38f8c0
ControllerTests: Add connection to controller tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 22:06:41 +02:00
Philip Molares
ea7b0cb9c4
HistoryService: Add test for setHistory
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 22:06:36 +02:00
Philip Molares
524ad658d8
HistoryService: Add setHistory method
This is the transactional reimplementation of the business logic of the history controllers setHistory method (of the private api). This should prevent the problem that the history gets deleted, but a later error in the handling of the list of HistoryEntryImportDto let's the call fail.

See also: https://docs.nestjs.com/techniques/database#transactions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 21:54:50 +02:00
Philip Molares
7c648e7056
HistoryService: Remove extra parameters from createOrUpdateHistoryEntry
As the function is now only called with a user and a note and the previous extra parameters are now added into the transactional setHistory method, this is no longer necessary.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 21:28:53 +02:00
Philip Molares
6b6aef284c
NotesService: Extract checkNoteIdOrAlias into own method
To reuse this functionality in the history services setHistory method, it was extracted into its own exported function.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 21:25:41 +02:00
Philip Molares
7e20bb0fef
[Project] Add seed script
This script invokes src/seed.ts to create a sqlite DB. The DB already contains some objects to manual test with. This ensures that devs easily can spin up a test instance of HedgeDoc and don't need to fumble around with the DB file.

See https://github.com/typeorm/typeorm#creating-a-connection-to-the-database

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-29 11:53:59 +02:00
Philip Molares
162f736647
PrivateApi: Add CORS-Header for rendererOrigin
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 17:36:51 +02:00
Philip Molares
bf13668548
PrivateApi: Serve under /api/private
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 17:33:42 +02:00
Philip Molares
1edc0d87c5
FrontendConfig: Fix unit test
Emulate the behaviour of the new app config: If renderOrigin is undefined instead use domain.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-27 23:33:13 +02:00
Philip Molares
662d428e3c
AppConfig: Move default for rendererOrigin to config file
As we only use rendererOrigin in the frontend config service, where domain will be used if it is not defined, it makes more sense to move this default behavior to the app config directly. That makes it easier to understand what this variable contains and that it defaults to domain.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-25 15:20:51 +02:00
David Mehren
6ee2ddead5
Use node12 TypeScript base config
TypeScript recommends using a base config from https://github.com/tsconfig/bases.

Using this config reduces compile times by ~30%
and the size of the dist folder by ~45%.
It also enables the recommended `esModuleInterop` option,
which necessitated some changes to imports.
See also https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#support-for-import-d-from-cjs-from-commonjs-modules-with---esmoduleinterop

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 22:47:18 +02:00
Tilman Vatteroth
58075f787e
Remove banner from frontend config
NestJS adds the headers "Last Modified" and "ETag" to asset serving responses.
Therefore all the information we need for the banner are already given by the
file content or the file meta data.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-04-25 14:45:04 +02:00
Tilman Vatteroth
ff06f368de
Add serving of static assets under the relative URL '/public'
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-04-25 14:41:38 +02:00
Philip Molares
6a4e0d96cf
Services: Use replaceNullWithEmptyString
Add the helper method replaceNullWithEmptyString to the services, where it is needed.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-24 21:16:06 +02:00
Philip Molares
4640735d18
PublicApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:23:12 +02:00
Philip Molares
bd4231c1c5
PrivateApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:22:34 +02:00
Philip Molares
b65297523c
MediaService: Add removeNoteFromMediaUpload method
This method replaces the associated note of a media upload with null.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:18:24 +02:00
Philip Molares
41765ac300
MediaUpload: Make note nullable
As it is possible to delete a note without also deleting the associated media uploads this needs to changed in the media upload entity, too.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:17:09 +02:00
Philip Molares
e2469eb441
Notes: Add NoteMediaDeletionDto
This is used to specify if the media uploads should be kept or deleted, when deleting a note.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:15:44 +02:00
Philip Molares
36cd0fd246
RevisionsService: Add missing awaits
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 18:26:19 +02:00
David Mehren
678f69f562
FilesystemBackend: Fix functionContext logging
This commit adds a few missing `functionContext` parameters in calls to
`this.logger` and fixes a copy-paste error in `ensureDirectory`

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 21:58:03 +02:00
Philip Molares
8a01720ef4
AppConfigMock: Use correct loglevel
Until now the app config mock used ts-loader's LogLevel instead of our own Loglevel, which is obviously wrong.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 22:23:59 +02:00
Philip Molares
e90e2a8e19
Entities: Add onDelete CASCADE to entities
To better handle deletion of entities, all necessary other entities got the option onDelete CASCADE set. So everything that does not make any sense if something else is deleted will be deleted along side of it.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-11 15:03:23 +01:00
Philip Molares
56a46f57fc
PrivateAPI: Add me controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 00:30:47 +01:00
Philip Molares
f6121b58e8
MediaService: Change deleteFile
The former deleteFile was moved to the public apis media controller and the actual deletion functionality was moved in a separate function to be called on user deletion.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-20 18:58:59 +01:00
Philip Molares
63fcca6c0d
UsersService: Add unit tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 00:30:19 +01:00
Philip Molares
b86a7c601d
UsersService: Polish methods
Add test to createUser method to ensure an already used username triggers a AlreadyInDBError.
Add debug entry if user is deleted.
Add changeDisplayName method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 00:30:03 +01:00
Philip Molares
bce0ca9d74
UsersService: Add JSDoc to all methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 00:26:57 +01:00
Philip Molares
5a9634400a
UserEntity: Make userName unique
Each username should only be given once.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 00:25:06 +01:00
Philip Molares
cbf0ce98dd
NotesService: Get user and group of the permission
This also fetches to user and group of permissions and not only the `canEdit` property.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 20:46:34 +02:00
Philip Molares
305a3f1bea
NotesService: Set Permissions
Set the necessary information for the permissions to be correctly inserted into the db.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-17 10:27:29 +01:00
Philip Molares
979154b8a5
Permissions: Add cascade
This makes it possible to create permissions by setting them in the note entity and delete them when either the user or note is deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-17 10:26:42 +01:00
Philip Molares
aa41bebbf0
PublicAPI: Add file upload dialog to swagger api
This makes it possible to truly upload a file with swagger api documentation.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-15 14:29:33 +02:00
Philip Molares
846bbeb390
UnitTests: Add appConfigMock
This is necessary as the Logger needs this config for the loglevel.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-14 00:19:09 +02:00
Philip Molares
edc62285a2
Logging: Handle calls with 'undefined' context
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-13 23:21:55 +02:00
Philip Molares
6fe10bab4c
Logging: Add LogLevels to ConsoleLoggerService
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-13 23:13:47 +02:00
Philip Molares
e9664b4aa7
Utils: Add needToLog function
This functions makes it possible to make a partial order of the Loglevel enum. This simplifies the if statements in ConsoleLogger.
This is done, because the Loglevel enum already has a string backing for easy conversion from the config environmental variables and therefore can't also have a ordinal number assigned…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 12:29:15 +02:00
Philip Molares
697ca823d5
Logging: Remove NestConsoleLoggerService
This is not necessary anymore, because we can inject ConsoleLoggerService directly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 19:08:30 +02:00
Philip Molares
8dd3a3d7dd
Logging: Add OpenAPI log messages
Let the user know where the OpenAPI docs can be found.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 17:40:44 +02:00
Philip Molares
ebc8d459fb
Logging: Improve mediabackend filesystem log message.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 17:38:22 +02:00
Philip Molares
9043e39dc6
MediaBackend: Add WebdavBackend
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 13:22:03 +02:00
Philip Molares
edf71cc177
Config: Add WebDAV to media config
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 13:19:13 +02:00
Philip Molares
c1d706b350
PrivateAPI: Add lastVisited to HistoryEntryImportDto
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 12:37:47 +02:00
Philip Molares
eeaa74b385
PrivateAPI: Add pinStatus to HistoryEntryImportDto
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-10 23:31:18 +02:00
Philip Molares
1154894876
PrivateAPI: Rename HistoryEntryCreationDto to HistoryEntryImportDto
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-10 23:26:58 +02:00
Philip Molares
fa724c2603
Utils: Fix getServerVersionFromPackageJson
The cache is never null, because it defaults to undefined, and therefore this function always returns undefined.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-15 18:15:25 +02:00
Philip Molares
9759d85fdd
Tests: Fix eslint errors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-12 18:05:27 +02:00
Philip Molares
ff44a6567e
Tests: Removed all eslint-disable lines
As we now disable what we don't need in the eslint config, we don't need this anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-12 17:06:59 +02:00
Philip Molares
1df74df65c
FileMediaBackend: Fix generated urls
All urls should be of the form `uploads/<filename>.<extension>` regardless of what the uploadDirectory is, because the backend proxies all locally uploaded files.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-31 23:01:29 +02:00
Philip Molares
e955e204c4
MediaConfigMock: Change upload path
This changes the upload path in all test to 'test_uploads' to ensure no real uploads are lost.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-31 22:58:15 +02:00
Philip Molares
1835cb7499
PrivateAPI: Add media controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-25 21:20:56 +01:00
Philip Molares
fe0c7b425f
PrivateAPI: Add notes controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-24 00:12:54 +01:00
Philip Molares
86f5498f51
PrivateApi: Add config controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:16:34 +01:00
Philip Molares
9747ea209c
FrontendConfig: Add new service
This service handles the config for the frontend.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:16:01 +01:00
Philip Molares
a7c3d06216
Config: Add rendererOrigin and maxDocumentLength to AppConfig
These are used in the /config private API call.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:00:55 +01:00
Philip Molares
22081756b0
Config: Add identifier to all multi auth provider to AuthConfig
These are used in the /config private API call and needed to distinguish with which of the multiple auth providers a login should occur.
This also fixes the types of the multiple auth provider arrays to something that works, as `[{}]` specifics exactly on object in an array.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:07:43 +01:00
Philip Molares
e3f1d1b0f4
Config: Create new config mocks for tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:12:48 +01:00
Philip Molares
64846eb641
Config: Add two new Subconfigs
CustomizationConfig holds all possible customization configs.
ExternalConfig holds external services that may be configured.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:10:16 +01:00
Philip Molares
c6e341aab9
Config: Extend AppConfig mock
This is now more in line what you would get from the regular config code

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-02 10:49:39 +01:00
Philip Molares
c1a9eee6a4
Config: Move config mocks in own folder
To clean up the config folder, all mocks are now in it's own folder.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 21:12:01 +01:00
Philip Molares
4dc18c01fb
Utils: Extract getServerVersionFromPackageJson into own file
We need this function in at least on other part of the application so extracting it into an util file was only logical.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-01 20:52:46 +01:00
Philip Molares
935d5cd548
PublicApi: Add GET /api/v2/notes/{note}/media
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-19 16:53:04 +01:00
Philip Molares
890de2dea1
MediaService: Add listUploadsByNote method
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-19 16:47:52 +01:00
Philip Molares
53f5093630
Docs: Add more documentation to the public api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-19 12:10:46 +01:00
Philip Molares
0e44f545a1
Docs: Add description for common http codes
These are the descriptions for all 401, 403, 404 and 204 HTTP responses in HedgeDoc.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-19 12:09:50 +01:00
Philip Molares
47ca8be78b
Docs: Add ApiProperty to all Dtos
This makes it possible for the autogenerated openapi file to contain all the dtos instead of nothing.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-19 12:08:34 +01:00
Philip Molares
29dbf0b657
PrivateAPI: Add history controller
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-03 15:25:11 +01:00
Philip Molares
b872694158
HistoryService: Add deleteHistory method
This method deletes all history entries of a user.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-03 15:23:45 +01:00
Philip Molares
6e29ffba65
MediaService: Remove allowedMimeType application/pdf
Uploading PDFs does not work with imgur and therefore HedgeDoc should not offer that.

See #533

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-15 22:41:40 +01:00
Yannick Bungers
f47d85b301
Add GET /me/media
Returns all media files uploaded by the authenticated user.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-03-14 17:47:16 +01:00
Philip Molares
7a7b3d3a50
AppConfig: Fix bug in the schema of forbiddenNoteIds
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-14 17:54:50 +01:00
Philip Molares
82ef4a10cb
PublicAPI: Add /me/history/:note
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 12:01:43 +01:00
Philip Molares
521ddc36c6
HistoryService: Add unit test for getEntryByNoteIdOrAlias
Also add extra test to deleteHistoryEntry

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 12:01:04 +01:00
Philip Molares
6ed686e657
HistoryService: Add JSDocs for all methods
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-05 11:59:07 +01:00
Philip Molares
54d0aa2197
NotesService: Add unit tests for forbidden note alias
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 22:23:52 +01:00
Philip Molares
c82f317ef0
NotesService: Check if note alias is forbidden
If the note alias is forbidden return a BadRequest.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 22:21:31 +01:00
Philip Molares
dbbee13913
Errors: Add ForbiddenIdError
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 22:16:50 +01:00
Philip Molares
966f5ee2fe
Config: Add forbiddenNoteIds to AppConfig
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-20 22:15:04 +01:00
Philip Molares
b2008ae734
AppModule: Add reminder to remove synchronize
This auto creates schema on startup and is not intended for production use
See https://typeorm.io/#/connection-options/common-connection-options

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 22:58:34 +01:00
Philip Molares
d6e8d9a592
S3Backend: Add S3 MediaBackend
Add minio dependency

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-23 16:14:14 +01:00
Philip Molares
d2bce6e091
MediaConfig: Change s3 config
remove region as this is specified by endPoint now
add bucket in schema and actual assignment

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-23 16:13:33 +01:00
Philip Molares
5195955eb8
MediaConfig: Fix Joi schema alternatives
'...use' tries to go up one level and grab the value of 'use' there and not the same level 'use' as we want here

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-23 15:45:59 +01:00
Philip Molares
1942df0da0
AzureBackend: Add Azure MediaBackend
Add @azure/storage-blob dependency
This is the relevant part of the official azure sdk.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-22 22:33:56 +01:00
Philip Molares
95b3c628ce
DBSchema: Add fileUrl to media_upload table
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 11:24:41 +01:00
Philip Molares
a00a093a14
ImgurBackend: Add Imgur MediaBackend
Add node-fetch dependency.
This was chosen as other libs we use already use node-fetch.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-26 16:16:00 +01:00
Philip Molares
c64ca9c012
MediaUploadEntity: Add fileUrl
Save the fileUrl, returned to the user on creation, in the DB.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-26 16:12:14 +01:00
David Mehren
3dd4bf1582
Refactor server version object into own interface
This makes the type of getServerVersionFromPackageJson() way easier
to read.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 21:21:41 +01:00
David Mehren
5987e2ed7e
Refactor config utils to use functions instead of consts
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 17:45:44 +01:00
David Mehren
b128efebff
Enforce explicit function return types
This re-enables the `@typescript-eslint/explicit-module-boundary-types`
check and also enables the
`@typescript-eslint/explicit-function-return-type` check.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 17:41:32 +01:00
David Mehren
05926c08d6
FilesystemBackend: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-26 12:24:35 +01:00
David Mehren
56d28188e7
NotesController: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 22:33:47 +01:00
David Mehren
dd424cbcee
MeController: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 22:33:29 +01:00
David Mehren
0344a8294e
ConsoleLoggerService: Fix ESLint errors
We now use @types/cli-color to provide type information

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 20:39:25 +01:00
David Mehren
f79492fe63
NoteEntity: Fix ESLint errors
We now use @types/shortid to provide type information

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 21:10:24 +01:00
David Mehren
71e2f06bbb
Fix ESLint errors in main.ts
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 21:08:08 +01:00
David Mehren
cc1ca69bc1
Fix various ESLint errors in services
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 22:35:06 +01:00
David Mehren
21403ba606
Fix various ESLint errors in unit tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 20:20:04 +01:00
David Mehren
208ff1d039
Fix various ESLint errors in configs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 20:29:39 +01:00
David Mehren
616f963b8e
HistoryService: toHistoryEntryDto does not need to be async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 21:19:48 +01:00
David Mehren
bfa5f0dfc6
NotesService: toNotePermissionsDto does not need to be async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 21:17:05 +01:00
David Mehren
def4ef145e
AuthService: randomString does not need to by async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-23 22:16:27 +01:00
David Mehren
fed3a12779
Add explicit Request type
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-23 21:48:37 +01:00
David Mehren
a5d922b5f8
Use Req decorator instead of Request
This avoids a clash with the Request type from express

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-23 21:20:01 +01:00
David Mehren
e4ba59f154
Don't await non-Promises
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-23 21:14:39 +01:00
David Mehren
e83f1e206b
ESLint: Enable @typescript-eslint/naming-convention rule
This check enforces consistent variable naming.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-20 21:15:45 +01:00
David Mehren
9485597e6f
ESLint: Enable @typescript-eslint/return-await rule
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).

Fixes #838

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-20 20:14:36 +01:00
David Mehren
2ba824d9e2
ESLint: Re-enable @typescript-eslint/no-explicit-any rule
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-24 21:59:28 +01:00
Philip Molares
0e4b65ca9d
MediaBackendInterface: Correct JSDoc of deleteFile
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 12:24:02 +01:00
Philip Molares
2c6af85f14
FilesystemBackend: Remove getFileURL
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-27 11:38:50 +01:00