homelab/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-06-23 04:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,070 Commits 64 Branches 56 Tags
develop
Commit Graph

666 Commits

Author SHA1 Message Date
Erik Michelson 84c6ed769d fix(tests): make jest tests run again 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson ea9e0bdbd1 fix(backend): type and linting fixes found by oxlint type-aware check 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson 475231b39a feat(oidc): add backchannel logout
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-02 11:35:33 +02:00
Erik Michelson 7ade60aab7 chore(deps): replace cookie and cookie-signature with fastify-cookie 
We already used fastify-cookie in other places. Technically, fastify-cookie
uses the same cookie library under the hood as well. However,
we should stick to the framework defaults in order to avoid
future breaking.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-04-09 21:19:28 +02:00
renovate[bot] bb3db041fd fix(deps): update dependency @azure/storage-blob to v12.31.0
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-24 12:57:11 +01:00
renovate[bot] 8d77266a91 fix(deps): update dependency @nestjs/platform-fastify to v11.1.16 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-24 12:54:55 +01:00
renovate[bot] d99c311f3b fix(deps): update dependency yjs to v13.6.29
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:36:14 +01:00
renovate[bot] 23832684b4 fix(deps): update nestjs packages 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:33:40 +01:00
renovate[bot] c7006482c9 fix(deps): update dependency keyv to v5.6.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:31:15 +01:00
renovate[bot] 68cb90ef7b fix(deps): update dependency minio to v8.0.7 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:19:32 +01:00
renovate[bot] b758343fad fix(deps): update dependency mysql2 to v3.18.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 01:32:25 +01:00
renovate[bot] e5833cf04b fix(deps): update dependency ws to v8.19.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:43:22 +01:00
renovate[bot] 11195f0186 fix(deps): update dependency pg to v8.19.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:42:36 +01:00
renovate[bot] af360d8f48 chore(deps): update dependency @tsconfig/node24 to v24.0.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:41:30 +01:00
renovate[bot] 858c872934 fix(deps): update dependency nest-knexjs to v0.0.34 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:38:32 +01:00
renovate[bot] 15f1807808 fix(deps): update dependency better-sqlite3 to v12.6.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-03 23:59:11 +01:00
renovate[bot] 4995f1bfa3 fix(deps): update dependency @nestjs/platform-fastify to v11.1.14 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-03 15:34:07 +01:00
Erik Michelson a99f99d6ac feat(security): add rate limiting 
This adds rate-limiting using the @fastify/rate-limit module with sane
default values, configuration options, the possibility to disable limits
and differentiation between logged-in users and unauthenticated requests.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 22:13:07 +01:00
Erik Michelson 66d052d611 feat(security): add CSRF protection to private API endpoints 
This adds a new endpoint /api/private/csrf/token which serves a CSRF-token that
is stored in the user's session. Following requests with POST, PUT, PATCH or DELETE
request methods, need to provide this token in the CSRF-Token header. Since this
is not possible to do via HTML forms or other cross-site effects, this prevents
cross-site attacks. The frontend loads the CSRF token on app initialization and
stores it in the redux. It keeps using the token for up to one hour and then
updates the stored token from the API endpoint again.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 21:36:52 +01:00
Erik Michelson ac2255579f refactor(backend): switch from express to fastify 
Fastify is a more modern web framework than express. Although it
shares almost the same API it has a way better performance and
supports more modern features. Several modules like csurf for
CSRF-protection aren't maintained for express anymore but there
is a Fastify replacement.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 21:36:52 +01:00
Philip Molares c2300c09ea chore: remove @types/diff 
As diff brings it own types now we don't need @types/diff not anymore

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-22 00:39:47 +01:00
renovate[bot] e252c40e3d fix(deps): update dependency diff to v8 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-22 00:39:47 +01:00
Erik Michelson 5b0f3a1c55 chore(format): migrate from prettier to oxfmt 
oxfmt is a project from the OXC toolchain, similar to OXLint.
It is based on the Rust-built 'oxidation compiler' and has
increased performance compared to Prettier which is built
in plain JS.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson a880864b2c chore(lint): replace ESLint with OXLint for performance 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson 51407598d9 fix(test): remove warning about isolatedModules in ts-jest diagnostics 
This warning spams the output and currently is not critical to us.
Setting `isolatedModules: true` in the tsconfig.json as suggested breaks
the module resolution and imports.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 18:34:31 +01:00
Erik Michelson 941cf87c86 chore(deps): upgrade better-sqlite3 to v12 
This is required since better-sqlite3 added support
for Node 24 since version 12.0.0

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 18:34:31 +01:00
Philip Molares e087a9b336 chore: update node to 24.12.0 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-12 18:34:31 +01:00
Erik Michelson bde357c8a0 chore(deps): update @types/node to 20.19.28 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 17:32:03 +01:00
renovate[bot] f3cb59aa2b chore(deps): update dependency typescript to v5.9.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-12 17:32:03 +01:00
Erik Michelson f739c02fbd chore(deps): remove unused rimraf package 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-12-23 21:35:34 +01:00
Philip Molares ea4c2579de fix(backend): start and start:dev scripts 
We don't want to delete the dist folder before we start.
Furthermore, we want to have the same script semantics as
in the frontend (having start starting the built output and
start:dev starting in hot-reload mode).

Co-authored-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-12-23 21:35:34 +01:00
Erik Michelson cf878ef84c fix(build): remove invalid migration files from build 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-12-23 21:35:34 +01:00
renovate[bot] b2eec4d939 chore(deps): update dependency @trivago/prettier-plugin-sort-imports to v6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 22:28:45 +01:00
renovate[bot] 574551373e chore(deps): update yarn to v4.12.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:48:09 +01:00
renovate[bot] 48a7e164f1 fix(deps): update dependency yjs to v13.6.28 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:46:41 +01:00
renovate[bot] 9290fa01d6 fix(deps): update dependency @azure/storage-blob to v12.29.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:43:35 +01:00
renovate[bot] fd6f48611b fix(deps): update dependency keyv to v5.5.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:36:55 +01:00
renovate[bot] bacb9483fd chore(deps): replace dependency @tsconfig/node18 with @tsconfig/node20 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:33:55 +01:00
renovate[bot] 72e7780648 fix(deps): update dependency cookie to v1.1.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:29:48 +01:00
renovate[bot] 7a8ce0a618 fix(deps): update dependency better-sqlite3 to v11.10.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:29:08 +01:00
renovate[bot] 05f93ae3f9 fix(deps): update dependency nest-knexjs to v0.0.29 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:17:28 +01:00
renovate[bot] 78ca4d55e6 fix(deps): update dependency uuid to v11.1.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:55:39 +01:00
renovate[bot] 69450ac4eb fix(deps): update dependency zod to v3.25.76 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:55:25 +01:00
renovate[bot] 0b6d30422b fix(deps): update dependency rimraf to v6.1.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:41:40 +01:00
renovate[bot] f0376d3700 fix(deps): update dependency pg to v8.16.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:40:36 +01:00
renovate[bot] 12076fd168 fix(deps): update dependency mysql2 to v3.16.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:40:05 +01:00
Philip Molares a2c904009a chore: remove rimraf from e2e test runs 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-17 20:27:48 +01:00
renovate[bot] 2452c80780 chore(deps): update definitelytyped 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-10 19:38:47 +01:00
renovate[bot] 44ca060531 chore(deps): update dependency tsx to v4.21.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-07 16:51:41 +01:00
renovate[bot] d6f13670bf chore(deps): update dependency ts-jest to v29.4.6
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 20 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-07 00:54:39 +01:00