TokenAuthGuard ensures that req.user is always
defined, but thanks to strict mode we have to check again.
In the future, we may add a custom Request type and
a custom param decorator to centralize the check.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This ensures stack traces are helpful at the cost of a slightly
lower performance (one more tick in the event loop).
Fixes#838
Signed-off-by: David Mehren <git@herrmehren.de>
As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Handle the AlreadyInDB and PermissionsUpdateInconsistent errors and correctly show them to the api user as BadRequest errors.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The permission check also tries to get the note and a non existing note needs to be handled there too.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Our custom logger supports providing the name of the function that
calls the logger, this commit adds this context string where it
was previously missing.
Signed-off-by: David Mehren <git@herrmehren.de>
For a better structure of the autogenerated apidoc website tags are used. Each Controller get it's own tag and will be put in a separate section.
See https://docs.nestjs.com/openapi/operations#tags
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add history service to allow for CRUD operations.
Use history service in controllers to:
1. Allow manipulating of history entries
2. Guaranty the correct existence of history entries
Signed-off-by: Philip Molares <philip.molares@udo.edu>
DTO should only be used for sending information to and from user.
Services now have methods which return normal internal objects and
methods which convert them to DTOs. This conversion is done in the
controlers
Signed-off-by: Yannick Bungers <git@innay.de>
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit adds proper error handling and returns 404 when a note does not exist.
Previously, we leaked the `NotInDBError` and sent a 500 status code.
Signed-off-by: David Mehren <git@herrmehren.de>
which puts the markdown text directly to a variable in the route function.
Content-type of the http request is checked to be text/markdown because we dealing with markdown. Technically by now there can be any content which can be encoded. There could be features in the software which do not work properly if the text can't be parsed as markdown.
Signed-off-by: Yannick Bungers <git@innay.de>
It might be handy to have access to the original `Note` after creating one, so the creation and conversion to a `NoteDto` is now split.
Signed-off-by: David Mehren <git@herrmehren.de>
This commit also introduces the `getNoteDtoByIdOrAlias` method, that converts a `Note` entity to a `NoteDto`
Signed-off-by: David Mehren <git@herrmehren.de>
NestJS does not support content-types other than application/json.
Therefore we need to directly access the request object to get the raw body content.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds all controllers needed in the public API (at least as currently specified) and implements some routes under `/me`
Signed-off-by: David Mehren <git@herrmehren.de>
