Commit graph

6566 commits

Author SHA1 Message Date
Erik Michelson
e7d81c5cdf refactor(oidc): simplify callback statement
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Erik Michelson
f71bf7a974 enhancement(oidc): refetch discovery documents regularly
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-11-01 14:36:35 +01:00
Ivan Li
19f4baf79b feat(auth): add OIDC state parameter
Signed-off-by: Ivan Li <ivanli2048@gmail.com>
2024-10-21 17:45:43 +02:00
yamashu
8b6bedab39
refactor(test): Replace inline snapshot with file snapshot (#5830) 2024-10-08 21:13:27 +00:00
renovate[bot]
66822c3bbc chore(deps): update codemirror
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-27 02:32:34 +00:00
renovate[bot]
b33700874f chore(deps): update dependency @dicebear/converter to v9.2.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 17:20:07 +00:00
renovate[bot]
3a1ad565cb chore(deps): update dependency @darraghor/eslint-plugin-nestjs-typed to v5.0.25
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:51:19 +00:00
renovate[bot]
0217f68fc7 chore(deps): update actions/upload-artifact digest to 3eadd8b
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:50:09 +00:00
renovate[bot]
3958fdab71 chore(deps): update actions/setup-node action to v4.0.4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 16:49:18 +00:00
Erik Michelson
b44f395852 fix(tests): fix tests and linting
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-26 18:39:37 +02:00
renovate[bot]
4250f4458b fix(deps): update dependency ws to v8.18.0 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-26 18:39:37 +02:00
yamashu
4fce422bdb
feat(backend revision): add clean-up note revisions job (#5349) 2024-09-26 17:24:24 +02:00
yamashush
b80552bb29 Drop X (Twitter) from readme
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
2024-09-26 16:44:08 +02:00
Philip Molares
81a9058347 chore: increase version of all relevant files
We release Alpha v3 of HedgeDoc 2.0 and need to make sure that all
version are changed accordingly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-18 21:30:14 +02:00
renovate[bot]
ddc5f07faa chore(deps): update node.js to 2d07db0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-18 19:01:05 +00:00
Philip Molares
1795183122 fix(translation): change the placeholder text
The url the placeholder text linked to is not accurate anymore
and needed to be changed. Also the "Happy hacking" part seemed
outdated so we changed it to "Let the ideas grow" in accordance
with the new slogan of HedgeDoc

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-18 20:06:13 +02:00
Erik Michelson
2c6717e1ee refactor(api-token): drop passport, rename to ApiToken
We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.

The previous name PublicAuthToken was a bit misleading, since PublicAuth
 could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 19:14:32 +02:00
Erik Michelson
1c73e99b0a enhancement(note-deletion): allow to keep uploads
This adds support for keeping the uploads attached to a note when
deleting the same note. This is done by a simple checkbox that can be
clicked in the DeletionModal.

To do this, some parts of the note deletion had to be refactored,
especially in the case of the history page. Both the note deletion and
history removal methods used the same modal, which isn't applicable now
anymore. Additionally, there was a bug that the modal checked for
ownership in the frontend before allowing the note deletion. However, in
the context of the history page, the ownership couldn't be evaluated
since the backend API didn't include that information. This is now fixed
as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:37:39 +02:00
Erik Michelson
ebf8e3a759 fix(permissions): show guest avatar when note owner is anonymous
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:44 +02:00
Erik Michelson
62dfe4df72 fix(avatars): show correct profile picture of users
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:44 +02:00
Erik Michelson
7195c1bdc0 fix(styles): use correct dark-mode selector in css
The dark-mode selector changed from the class "dark" attached to the
body element to a data-attribute with some react-bootstrap upgrade.
This commit reflects this change in our custom css.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:11:02 +02:00
Erik Michelson
603ad8088c enhancement(auth/oidc): allow manual defining end_session_endpoint URL
For non-OIDC compliant OAuth2 providers it was only possible to define
the authorize, token and userinfo URLs but not the end_session_endpoint.
This commit adds that functionality.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
53409825d4 fix(config/auth): error message mappings for manual OIDC attributes
Error messages for manual OIDC attributes such as overriding the scope
resulted in wrong error messages when misconfigured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
88cfd6a974 fix(auth/oidc): clean-up oidcIdToken session variable
When the OIDC login flow for a new user is cancelled, the oidcIdToken
session variable should be cleared as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
c4c5cbd5d0 fix(auth/oidc): string "undefined" for missing userinfo response fields
The userinfo response endpoint from the OIDC provider should not be
trusted to return what we expect. Fields could be undefined. In that
case HedgeDoc would have written "undefined" into the fields for
profile picture or email address.
This fix checks for fields being undefined and returns a default value
in that case.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 18:03:22 +02:00
Erik Michelson
e8793271a0 enhancement(caddy): expose :8080 by default, trust private proxies
This commit changes the caddyfile to not directly rely on the
HD_BASE_URL environment variable, but instead default to port 8080 as
used in our package.json scripts and docs.
The caddy domain can optionally be overridden using the CADDY_HOST env
variable.
Furthermore, this change adds a section to trust reverse-proxies in
front of Caddy if they are in a private range IP address network.
Both these changes are required to be able to expose a local development
setup with another domain than localhost to a co-developer. With
this change it works without having Caddy trying to generate TLS
certificates for that domain nor HedgeDoc erroring about a origin
mismatch, that occurs as Caddy doesn't forward specific headers
otherwise.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 17:56:25 +02:00
Erik Michelson
f40aa020c4 chore(gitignore): ignore rathole proxy config with secrets
Since we use rathole while developing to share a local dev environment
with a co-developer, the client config with the secrets should not be
accidentally committed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-18 17:56:25 +02:00
renovate[bot]
a86012be21 fix(deps): update dependency next to v14.2.10 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-18 08:42:35 +00:00
Emmanuel Ferdman
3e0d84f031 fix(docker): update docker documentation reference
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2024-09-17 01:35:45 +02:00
Erik Michelson
3e17edf95d fix(types): typecast ldap options due to wrong types in ldapjs
The provided types by ldapauth-fork are re-exported from ldapjs. ldapjs
is unmaintained by now but since their last update, the
ConnectionOptions type seems to not contain the mandatory parameter
`url` anymore. Therefore this typecast is needed.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
Erik Michelson
3261929a2a fix(types): move and remove unused types
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-13 13:56:02 +02:00
renovate[bot]
7b66965014 fix(deps): update dependency ldapauth-fork to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-13 13:56:02 +02:00
Erik Michelson
21dcf0eb49 fix(tests): minio upload type is not exported anymore
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 16:55:41 +02:00
renovate[bot]
57cba653e3 fix(deps): update dependency minio to v8
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-12 16:55:41 +02:00
Erik Michelson
62eb4b6d2b fix(packages): backend was missing uuid package
Due to failing docker builds it was brought to our attention,
that the backend relied on the uuid package without declaring
it as dependency. This worked in all development and build
scenarios as the frontend declares uuid as dependency already
and top-level `yarn install` installs all dependencies from all
workspaces. However as the docker build only runs for either
the backend or the frontend, this failed.
This commit adds the dependency to the backend as well.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 15:45:14 +02:00
Erik Michelson
157a0fe278 refactor(media): store filenames, use pre-signed s3/azure URLs, UUIDs
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
4132833b5d refactor(api-docs): move api docs to /api/doc/
The API documentation belongs strictly to the API itself.
Due to the usage of version-prefixed API endpoints, there is no conflict
with existing or future endpoints.
The reason behind this is that we already have enough exceptions in the
routing (default everything to react-frontend, exceptions for backend)
and it is hard to keep it synchronized throughout all relevant places.
This came to attention as the dev setup didn't proxy the API docs to the
backend.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-12 14:49:17 +02:00
Erik Michelson
7f665fae4b feat(auth): refactor auth, add oidc
Thanks to all HedgeDoc team members for the time discussing,
helping with weird Nest issues, providing feedback
and suggestions!

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-11 21:29:49 +02:00
Philip Molares
1609f3e01f fix(frontend): first heading will be cleared
If all headings are deleted the note title will be deleted and not be kept to the last value.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-11 20:46:38 +02:00
Philip Molares
02a5f62d27 fix: frontmatter headline
If one wrote a frontmatter the incomplete ending dashes where interpreted as a headline and therefore the last line in the frontmatter was handled as the first heading of the document.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-09-11 20:46:38 +02:00
renovate[bot]
61fc33fc73 chore(deps): update yarn to v4.4.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2024-09-02 16:38:54 +02:00
renovate[bot]
b5c15c5c2d fix(deps): update dependency mermaid to v11
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 11:18:10 +02:00
renovate[bot]
9427a946b5 fix(deps): update dependency @react-hook/resize-observer to v2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:57:26 +02:00
renovate[bot]
d430af4bc1 chore(deps): update testing-library
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:46:45 +02:00
renovate[bot]
528f4dade1 fix(deps): update dependency raw-body to v3
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:36:06 +02:00
Erik Michelson
73d9c3231b refactor(backend): rename auth to public-auth-token
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-09-02 10:33:08 +02:00
renovate[bot]
52fe7f55de fix(deps): update dependency rimraf to v6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:28:52 +02:00
renovate[bot]
2ff657a745 fix(deps): update dependency markdown-it-anchor to v9
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:21:15 +02:00
renovate[bot]
0b95e59417 fix(deps): update i18next
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 10:13:55 +02:00
renovate[bot]
5d1113ad0a fix(deps): update dependency uuid to v10
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-01 19:36:12 +02:00