NestJS does not support content-types other than application/json.
Therefore we need to directly access the request object to get the raw body content.
Signed-off-by: David Mehren <git@herrmehren.de>
This entity implements the Session interface from connect-typeorm, which we will later use to store session data from express-session.
Signed-off-by: David Mehren <git@herrmehren.de>
NestJS can automatically generate an OpenAPI spec by analyzing controllers and used DTOs.
This commit enables this feature. The API docs are served under /apidoc.
Signed-off-by: David Mehren <git@herrmehren.de>
Instead of using sequelize-cli and ensure migrations by shellscript,
this patch automates database migrations properly to the umzug library.
The sequelize CLI becomes a dev dependencies as it's still useful for
generating migrations.
This should eliminate the need for crude generating of database config
files and alike. Instead we utilize the pre-configured sequelize
connection that CodiMD will use anyway.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This is a forward-port of d6ce60c.
The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.
Signed-off-by: David Mehren <dmehren1@gmail.com>
It should be possible to run a backend build without the need to start
the application and without the need to fiddle around with PATH or
fiddling with `node_modules`. Therefore this patch splits the build
command into `build-frontend` and `build-backend`, which will allow
those builds to be done independent and have a separate command `build`
which will provide the combination of both of them.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
`mock-require` does not work with TypeScript, as the compiled JS expects a sub-object: `import { config } from Config` compiles to `const config_1 = require("./config")`, but the config object is now in `config_1.config`, *not* in `config_1` directly.
Therefore `mock-require` was replaced with `ts-mock-imports`, which also simplifies the code a bit.
Signed-off-by: David Mehren <dmehren1@gmail.com>
- added @types/passport
- added @types/archiver
- types all req and res arguments
- renamed unused argument next to _
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.
The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.
Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>