As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This is used to give identities a type and to easily get the identity any auth method would need.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The functions now expect a `Note` object instead of a noteId to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
As we now have a GetNotePipe, we can easily get rid of this function.
All clients can directly provide a `Note` instance
and use `getEntryByNote`.
Signed-off-by: David Mehren <git@herrmehren.de>
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
The function now expects a `Note` object instead of a noteId to
make it more consistent with `updateHistoryEntryTimestamp`.
Signed-off-by: David Mehren <git@herrmehren.de>
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.
Signed-off-by: David Mehren <git@herrmehren.de>
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.
Signed-off-by: David Mehren <git@herrmehren.de>
`getNoteMetadata` does not use a method that
can throw a `PermissionsUpdateInconsistentError`.
The try/catch-block seems to be a copy-paste error.
Signed-off-by: David Mehren <git@herrmehren.de>
This replaces repeated calls to `noteService.getNoteByIdOrAlias`
and associated error handling with the `GetNotePipe`
in the `Param` decorator.
Signed-off-by: David Mehren <git@herrmehren.de>
This pipe transforms a note ID or alias to a Note object
by loading it from the database.
It also performs error handling
Signed-off-by: David Mehren <git@herrmehren.de>
This introduces the `RequestUser` decorator
to extract the `User` from a request.
It reduces code duplication across the public API
and allows us to drop the override of the `Request` type from express.
Signed-off-by: David Mehren <git@herrmehren.de>
After Authorship was renamed to Edit, the DTO should follow.
The file is also moved to the revisions folder, where the entity
already is.
Signed-off-by: David Mehren <git@herrmehren.de>
As we now have a separate Author entity, which holds information
about an author (the color), the Authorship name became confusing.
Edit seems to be a better name, as the entity saves information
about a change in a note.
Signed-off-by: David Mehren <git@herrmehren.de>
This reimplements logic to get all Users that ever edited a note
and fixes the empty `editedBy` property of `toNoteMetadataDto`
introduced in 81cc092e.
Signed-off-by: David Mehren <git@herrmehren.de>
This commit replaces the user property with a author property,
in accordance with the DB schema updated in 0d6c3002.
It also adjusts the NoteService accordingly.
Signed-off-by: David Mehren <git@herrmehren.de>
The DB schema was updated in 0d6c3002,
this adds the new author property to
the Session and User entities.
Signed-off-by: David Mehren <git@herrmehren.de>
Before this commit, `Note.create()` did not return a complete object,
as the `publicId` property was missing.
This adds the generation of the property to the `create` method and
moves the actual generation code from the `NotesService`
to a utility method.
Signed-off-by: David Mehren <git@herrmehren.de>
This field is a randomly generated 128-bit value encoded with base32-encode using the crockford variant and converted to lowercase.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This was done because it was only a wrapper for a nodejs function to check if the given parameter is a positive number.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This is a 1.x relict and isn't used anymore in 2.x. All 1.x shortids will be converted to aliases on migration of 1.x to 2.x.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As all tokens are valid for a maximum of 2 years, the
validUntil attribute is always populated.
This updates the database schema and the DTO to reflect that.
Fixes#1256
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
TypeORM columns with `nullable: true` can be `null` at runtime.
This commit ensures that the types of the corresponding properties reflect that.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds error handling to getEntryByNote, so it throws a
NotInDBError instead of (illegally, according to the type) returning
null.
Signed-off-by: David Mehren <git@herrmehren.de>
Some properties already have a IsOptional decorator,
this makes the properties themselves also optional
Signed-off-by: David Mehren <git@herrmehren.de>
A string with a negative length is invalid, so we should throw here
instead of complicating the type with a possible null return value.
Signed-off-by: David Mehren <git@herrmehren.de>
validUntil and lastUsed already have a IsOptional decorator,
this makes the properties themselves also optional
Signed-off-by: David Mehren <git@herrmehren.de>
This adds error handling to various getters, so they throw a
NotInDBError instead of (illegally, according to the type) returning
null.
Signed-off-by: David Mehren <git@herrmehren.de>
This is the transactional reimplementation of the business logic of the history controllers setHistory method (of the private api). This should prevent the problem that the history gets deleted, but a later error in the handling of the list of HistoryEntryImportDto let's the call fail.
See also: https://docs.nestjs.com/techniques/database#transactions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the function is now only called with a user and a note and the previous extra parameters are now added into the transactional setHistory method, this is no longer necessary.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To reuse this functionality in the history services setHistory method, it was extracted into its own exported function.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This script invokes src/seed.ts to create a sqlite DB. The DB already contains some objects to manual test with. This ensures that devs easily can spin up a test instance of HedgeDoc and don't need to fumble around with the DB file.
See https://github.com/typeorm/typeorm#creating-a-connection-to-the-database
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As we only use rendererOrigin in the frontend config service, where domain will be used if it is not defined, it makes more sense to move this default behavior to the app config directly. That makes it easier to understand what this variable contains and that it defaults to domain.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
NestJS adds the headers "Last Modified" and "ETag" to asset serving responses.
Therefore all the information we need for the banner are already given by the
file content or the file meta data.
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As it is possible to delete a note without also deleting the associated media uploads this needs to changed in the media upload entity, too.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit adds a few missing `functionContext` parameters in calls to
`this.logger` and fixes a copy-paste error in `ensureDirectory`
Signed-off-by: David Mehren <git@herrmehren.de>
Until now the app config mock used ts-loader's LogLevel instead of our own Loglevel, which is obviously wrong.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To better handle deletion of entities, all necessary other entities got the option onDelete CASCADE set. So everything that does not make any sense if something else is deleted will be deleted along side of it.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
