Chasethechicken
ec4d539c99
Apply suggestions from code review
...
Use real backend by default.
Start server with NODE_ENV set to development mode.
Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Falk Rehse <neuringe1234@gmail.com>
2021-12-15 22:22:11 +01:00
Falk Rehse
30ab3e3831
Improve wording
...
Signed-off-by: Falk Rehse <neuringe1234@gmail.com>
2021-12-14 11:53:26 +01:00
Chasethechicken
9af0d85879
Remove paragraph about development setup
...
As this is documented in dev/getting-started.md
Signed-off-by: Falk Rehse <neuringe1234@gmail.com>
2021-12-14 11:38:43 +01:00
Chasethechicken
c61b4bdbf2
Add note about proxy
...
Signed-off-by: Falk Rehse <neuringe1234@gmail.com>
2021-12-14 11:37:37 +01:00
Chasethechicken
19bd892c69
Remove section about production deployments
...
As this is meant to document a development setup.
Signed-off-by: Falk Rehse <neuringe1234@gmail.com>
2021-12-14 11:37:12 +01:00
Chasethechicken
6a1704a45b
Add Docs for getting started with 2.0
...
This page describes how to set up HedgeDoc 2 for local development.
Signed-off-by: Falk Rehse <neuringe1234@gmail.com>
2021-10-31 00:56:54 +02:00
renovate[bot]
c41e4ba581
chore(deps): lock file maintenance ( #1925 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-20 02:40:27 +00:00
renovate[bot]
1c010ce3c2
chore(deps): update dependency mkdocs-material to v8.1.3 ( #1922 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-19 15:10:41 +00:00
Renovate Bot
25313c4e79
fix(deps): update dependency swagger-ui-express to v4.3.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 11:11:02 +00:00
Renovate Bot
477849b6b2
chore(deps): update linters
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 11:10:45 +00:00
renovate[bot]
52d1ad1cd3
fix(deps): update dependency passport to v0.5.2 ( #1915 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 11:09:08 +00:00
renovate[bot]
7ae368940d
chore(deps): update test packages ( #1914 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 10:46:31 +00:00
renovate[bot]
fe28317ad8
chore(deps): update nestjs packages ( #1913 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 10:33:51 +00:00
renovate[bot]
019f761dea
chore(deps): update dependency typescript to v4.5.4 ( #1912 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 08:50:08 +00:00
renovate[bot]
80b3b50a40
chore(deps): update dependency mkdocs-material to v8.1.2 ( #1911 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 05:33:39 +00:00
renovate[bot]
345c5f80d7
chore(deps): update dependency @types/node to v16.11.14 ( #1910 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-18 03:48:12 +00:00
David Mehren
708ae86444
docs: explain the choice of sha-512 for auth tokens
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-14 19:21:28 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
...
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.
SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile
Fixes https://github.com/hedgedoc/hedgedoc/issues/1881
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
renovate[bot]
f4a7a5ed2d
chore(deps): lock file maintenance ( #1901 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-13 03:19:47 +00:00
Renovate Bot
06cccf1121
chore(deps): update dependency mkdocs-material to v8.1.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 10:42:06 +00:00
Renovate Bot
c4d85d2e32
chore(deps): update linters to v5.6.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 10:42:35 +00:00
renovate[bot]
70afc5df9b
fix(deps): update dependency minio to v7.0.25 ( #1895 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 10:40:51 +00:00
renovate[bot]
abab45a8f1
chore(deps): update test packages ( #1894 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 09:25:27 +00:00
renovate[bot]
919591d093
chore(deps): update dependency typescript to v4.5.3 ( #1893 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 07:34:16 +00:00
renovate[bot]
72d334c32a
chore(deps): update dependency mkdocs-material to v8.0.5 ( #1892 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 05:00:44 +00:00
renovate[bot]
88a8a18292
chore(deps): update dependency eslint to v8.4.1 ( #1891 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 03:21:49 +00:00
renovate[bot]
5308124953
chore(deps): update dependency @types/node to v16.11.12 ( #1890 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-11 02:03:12 +00:00
David Mehren
bda58322be
fix(session-guard): correctly check for missing session
...
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-07 20:23:18 +01:00
renovate[bot]
b01346e7e5
chore(deps): lock file maintenance ( #1876 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-06 02:54:05 +00:00
David Mehren
7e6156b956
ci: setup njsscan
...
See: https://github.com/ajinabraham/njsscan-action
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-11 20:14:41 +01:00
David Mehren
977eece0d6
ci(codecov): Wait for 2 builds to be submitted
...
This should stop Codecov from complaining about low
coverage after only half the tests have finished.
See: https://docs.codecov.com/docs/notifications#section-preventing-notifications-until-after-n-builds
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-05 22:22:46 +01:00
Renovate Bot
7d8f1f3b10
fix(deps): update dependency swagger-ui-express to v4.2.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 18:08:07 +00:00
Renovate Bot
8031efce89
chore(deps): update dependency mkdocs-material to v8
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:55:24 +00:00
Renovate Bot
037ecb2fc6
fix(deps): update dependency joi to v17.5.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:54:55 +00:00
Renovate Bot
472ecca1a6
chore(deps): update linters
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:39:46 +00:00
Renovate Bot
00a77b69d6
chore(deps): update test packages
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-05 17:40:16 +00:00
Renovate Bot
ecc78b8946
chore(deps): update yarn to v3.1.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-04 13:06:20 +00:00
Renovate Bot
015fd28b33
chore(deps): update dependency prettier to v2.5.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 15:05:10 +00:00
renovate[bot]
97bc3995ad
fix(deps): update nestjs packages ( #1866 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 13:02:24 +00:00
renovate[bot]
a42632d034
fix(deps): update dependency minio to v7.0.23 ( #1865 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 10:11:24 +00:00
renovate[bot]
5591d8cccf
fix(deps): update dependency joi to v17.4.3 ( #1864 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 05:49:23 +00:00
renovate[bot]
6372ed7dfd
chore(deps): update dependency @types/node to v16.11.11 ( #1862 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-04 03:38:06 +00:00
Philip Molares
10b5b11269
feat: replace GetNotePipe with GetNoteInterceptor and RequestNote
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:33:20 +01:00
Philip Molares
5a45ff2d0b
feat: add request note decorator
...
This extracts the note inserted with the get note interceptor into the request to be used by the controller service.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:26:55 +01:00
Philip Molares
470b32ed5e
feat: refactor get note pipe to interceptor
...
This is necessary, because of the order of operations in nestjs, the validation pipe is not able to get the note as the noteIdOrAlias will be transformed by the get note pipe after the validation did run.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-30 22:20:49 +01:00
Philip Molares
0cb3b65998
test: fix note e2e test 'fails with non-existing alias'
...
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:04:47 +01:00
Philip Molares
988909eb0b
test: fix note e2e test 'fails, when user can't read note'
...
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:03:29 +01:00
Philip Molares
3e4abb561d
refactor: move permissions service calls into permissions guard
...
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:19:57 +01:00
Philip Molares
3b92226bab
feat: create permissions guard
...
This guard protects resources and let's users only access them if they hold the correct permission
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:18:23 +01:00
Philip Molares
7404ebf5ea
feat: create permission decorator
...
This gathers the permission a user needs to hold to access a resource for the PermissionsGuard.
See https://docs.nestjs.com/guards#setting-roles-per-handler
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 17:17:33 +01:00