We don't need a library that requires as much boilerplate code as
writing the AuthGuard ourselves, especially since the token validation
was already custom code by us.
The previous name PublicAuthToken was a bit misleading, since PublicAuth
could also be interpreted as being used for the public frontend in
contrast to the API. The old name before that (AuthToken) wasn't better
since it wasn't clear what type of auth is meant. I know, this is the
second renaming of the same module in less than a month. However, I
would say the name ApiToken seems rather reasonable and understandable.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This should make all usernames of new users into lowercase. Usernames are also searched in the DB as lowercase.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit replaces the "mayWrite", "mayRead" and "checkPermissionOnNote"
functions with one that returns a sortable permission value.
This is done because many places in the code need to do actions based on the fact if
the user has no, read or write access. If done with the may-functions then the permission
data need to be looked through multiple times.
Also, the whole check code is split into more functions that are tested separately and make it easier
to understand the process.
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit refactors a lot of things that are not easy to separate.
It replaces the binary protocol of y-protocols with json.
It introduces event based message processing.
It implements our own code mirror plugins for synchronisation of content and remote cursors
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
