mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-24 03:57:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1579 commits 48 branches 50 tags 228 MiB
Commit graph

588 commits

Author SHA1 Message Date
Philip Molares
822c01f2c7
private: save token hashed 
Auth tokens are now saved in hashed form.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-17 14:45:16 +01:00
Philip Molares
e5545043be
auth: hash auth token 
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-17 14:38:05 +01:00
Philip Molares
667cf7e915
auth: add hash function 
the hash function uses bcrypt with 2^16 iterations.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-17 14:32:17 +01:00
Philip Molares
b589dedd2a
private: adds tokens controller 
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-16 23:53:46 +01:00
Philip Molares
e04fcb9ee9
auth: hash auth token 
Since the auth token will be stored in hashed form in the db, we need to hash each provided auth token in order to search in the db for them.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-17 15:27:13 +01:00
Philip Molares
80c7ae2fa9
private: adds tokens controller 
adds private api
adds AuthTokenDto and AuthTokenWithSecretDto
adds necessary methods in the users service
adds RandomnessError

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-16 23:53:46 +01:00
Yannick Bungers
5246f0c05d
Removed special table name in Note object 
and changed table names in plantuml file

Signed-off-by: Yannick Bungers <git@innay.de>
 2021-01-23 00:41:49 +01:00
Philip Molares
bc525633fc
config: Improve error messages 
Add labels to most Joi objects
Convert all auth variable insert names to upper case to prevent inconsistent naming of the variables
Rewrite auth errors to correctly point out the problematic variable
Add tests for the config utils functions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-19 15:47:05 +01:00
Philip Molares
4372106ef0
tests: Removed unnecessary import of appConfigMock 
As suggested by an review of David Mehren

Co-authored by: David Mehren <git@herrmehren.de>

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-19 12:45:36 +01:00
Philip Molares
072ef223e0
config: splits config in multiple files 
splits the big appConfig in multiple configs
adds media.config.mock.ts

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-15 16:57:04 +01:00
Philip Molares
d59ccaba54
config: removes unnecessary options 
removes options that we don't need from the config
removes linkify-header-style.enum.ts

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-15 16:23:56 +01:00
David Mehren
22e14fb706
NotesService: updateNoteByIdOrAlias should return the new note 
Fixes #702

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-10 20:30:45 +01:00
David Mehren
a14056dbc9
Move note permission route under metadata 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-10 20:25:28 +01:00
Philip Molares
286575315e
Extend config with various options from 1.x 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2020-12-31 22:37:37 +01:00
David Mehren
18c6694bcb
Add config to tests in various places 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-08 12:56:25 +01:00
David Mehren
e8e82076d0
FilesystemBackend: Use scoped appConfig 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-08 12:53:16 +01:00
David Mehren
67c7c4b8d1
MediaService: Get media backend from configuration 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-08 13:06:44 +01:00
David Mehren
cd37eef45e
Get port and upload path from config 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-30 22:35:57 +01:00
David Mehren
99dfa2d1fb
Load config to global scope 
Otherwise every module would have to parse the config again

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-08 12:52:30 +01:00
David Mehren
7d9e606b7d
Add proof of concept config system 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-30 22:35:12 +01:00
David Mehren
88c0794724
NotesService: Get note creation time from database 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-10 18:22:30 +01:00
David Mehren
b7cb3181c4
NotesService: rename getLastRevision to getLatestRevision 
This fixes an inconsistency with `RevisionsService`

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-10 18:20:28 +01:00
David Mehren
9b9f101577
MarkdownBody: Register swagger metadata 
As explained in https://github.com/nestjs/swagger/issues/32#issuecomment-716169471, it's possible to register swagger metadata in custom decorators by providing an array of `enhancers`.
We now add metadata with the `MarkdownBody` decorator: The request needs a `body` with content-type `text/markdown`.

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-10 19:21:00 +01:00
David Mehren
a523eadec2
NotesController: Do not crash on nonexistent notes 
This commit adds proper error handling and returns 404 when a note does not exist.
Previously, we leaked the `NotInDBError` and sent a 500 status code.

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-09 22:38:10 +01:00
David Mehren
3801b1b042
Format with Prettier 2 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-06 23:48:53 +01:00
Tilman Vatteroth
7aeaf488c4
Change year in copyright to 2021 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2021-01-06 21:36:07 +01:00
David Mehren
890e9c942b
Fix prettier errors 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-05 23:11:31 +01:00
Philip Molares
dc63c76f43
added reuse information 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2021-01-05 22:12:38 +01:00
David Mehren
c95c68541c
Fix tests 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-24 21:11:16 +02:00
David Mehren
c0527c0942
Remove PUT /notes/{note}/metadata and corresponding service code 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-24 21:11:06 +02:00
David Mehren
520046f8d4
Remove NoteUtils class, as the planned parsing logic is not needed anymore 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 17:36:01 +02:00
David Mehren
a04d5b29f9
Add missing TagRepository provider in unit tests 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 17:24:42 +02:00
David Mehren
67cd8cb0f6
NotesController: Add PUT :noteIdOrAlias/metadata route 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 15:53:30 +02:00
David Mehren
08fd070bcb
NotesService: Implement updateNoteMetadata 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 15:52:49 +02:00
David Mehren
6541cfda4e
NoteEntity: Enable eager loading and cascades for tags 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 15:37:57 +02:00
David Mehren
99ab9f04c2
NotesService: Get metadata from database 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 11:27:15 +02:00
David Mehren
7d5dddaaaf
Add note metadata properties and Tag entity. 
These were planned to be parsed at runtime from the note-content in the database, but having to run a markdown parser in the backend was found to be a bad idea. Now the frontend (that already implements the parsing logic) has to set title, description and tags.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 11:17:07 +02:00
David Mehren
ad676ce6ff
NoteMetadataDto: Rename permission to permissions 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 14:45:04 +02:00
David Mehren
713e2ada31
Update NotePermissionsUpdate DTOs to be aware of groups 
The NotePermissionsUpdateDto was not updated when group permissions were introduced.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-10-03 12:42:14 +02:00
David Mehren
ff0651e659
FilesystemBackend: Ensure uploads directory exists 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-24 12:28:52 +02:00
David Mehren
ac2646a74a
AppModule: Remove unused imports 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-24 11:49:19 +02:00
David Mehren
2b23dcc5a9
MediaService: Simplify saveFile signature 
As the `saveFile` method only really uses the files `Buffer`, this commit changes the signature so it directly gets a `Buffer` instead of a complicated `MulterFile` object. This also simplifies testing.

Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-24 11:49:01 +02:00
David Mehren
53fbe82b6a
UserEntity: Fix column types for create/update dates 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-24 11:34:49 +02:00
David Mehren
558addf83e
UsersService: Improve logging in getNoteByIdOrAlias 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-24 11:34:16 +02:00
David Mehren
15db6a9b2a
Use useStaticAssets instead of @nestjs/serve-static 
`serve-static` does not work with `createTestingModule` and is not recommended when "just" serving a few images.

See https://github.com/nestjs/serve-static/issues/240

Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-24 11:32:23 +02:00
David Mehren
490e4cac69
MediaController: Add DELETE /{filename} route 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-17 21:54:44 +02:00
David Mehren
eeb3f6f5a7
MediaService: Implement delete feature 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-17 21:54:08 +02:00
David Mehren
5262a58639
FilesystemBackend: ESLint fixes 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-17 21:53:34 +02:00
David Mehren
16dfbdd42d
UsersService: Wait for the DB to find a user 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-17 21:52:59 +02:00
David Mehren
f4c73a8f96
Use POST /media for file upload 
The old `/media/upload` subpath does not follow the convention of REST APIs.

Signed-off-by: David Mehren <git@herrmehren.de>
 2020-10-17 20:58:10 +02:00