homelab/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-06-22 20:00:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,070 Commits 62 Branches 56 Tags
develop
Commit Graph

312 Commits

Author SHA1 Message Date
Erik Michelson 89e441597d refactor(commons): frontmatter validator uses zod and allows custom options 
The frontmatter validator was still the one left place that used Joi instead
of the now widely used zod in HedgeDoc. Since zod can do validation, coercion
and providing types based on the schema, the code could be drastically reduced
compared to the old frontmatter validator.

At the same time, the validator is now less strict. Custom fields are still
allowed for people that want to add their own frontmatter tags which are
unrelated to HedgeDoc. Furthermore, we now allow the complete set of
RevealOptions for the slideOptions key instead of only a few handpicked
ones.

Fixes #5946

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-05-13 21:05:08 +02:00
Erik Michelson 420925f490 fix(lint): fixes for html-to-react and commons packages 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson 78062bb75c chore(lint): enable type-aware linting 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson 475231b39a feat(oidc): add backchannel logout
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-02 11:35:33 +02:00
Philip Molares 5eb15e43d8 feat(username): allow mixed case usernames 
Usernames should be saved as is, but in the search we should use like

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-03-24 12:49:12 +01:00
Erik Michelson 29f60f1d9b fix(aliases): verify alias regex in frontend and backend 
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-03-24 12:49:12 +01:00
renovate[bot] d99c311f3b fix(deps): update dependency yjs to v13.6.29
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:36:14 +01:00
renovate[bot] e5833cf04b fix(deps): update dependency ws to v8.19.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:43:22 +01:00
Erik Michelson 66d052d611 feat(security): add CSRF protection to private API endpoints 
This adds a new endpoint /api/private/csrf/token which serves a CSRF-token that
is stored in the user's session. Following requests with POST, PUT, PATCH or DELETE
request methods, need to provide this token in the CSRF-Token header. Since this
is not possible to do via HTML forms or other cross-site effects, this prevents
cross-site attacks. The frontend loads the CSRF token on app initialization and
stores it in the redux. It keeps using the token for up to one hour and then
updates the stored token from the API endpoint again.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 21:36:52 +01:00
Philip Molares 0ef59950a6 feat(realtime): add alias update message 
This allows us to communicate to the clients that everybody should update their aliases.

This route allows us to get all aliases of a note

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-22 00:39:20 +01:00
Philip Molares eef4d9ed87 feat(private): add alias/:alias 
This route allows us to get all aliases of a note

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-22 00:39:20 +01:00
Philip Molares 305f0afc5a feat(realtime): add permissions updated message 
This allows us to communicate to the clients that everybody should update their note permissions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-22 00:39:20 +01:00
Philip Molares b70f5e5919 feat: add auth constants 
This adds constants for
- MIN_USERNAME_LENGTH
- MAX_USERNAME_LENGTH
- MIN_PASSWORD_LENGTH

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-14 21:48:08 +01:00
Erik Michelson 5574d23889 chore(format): reformat using oxfmt 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson 5b0f3a1c55 chore(format): migrate from prettier to oxfmt 
oxfmt is a project from the OXC toolchain, similar to OXLint.
It is based on the Rust-built 'oxidation compiler' and has
increased performance compared to Prettier which is built
in plain JS.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson a880864b2c chore(lint): replace ESLint with OXLint for performance 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson 51407598d9 fix(test): remove warning about isolatedModules in ts-jest diagnostics 
This warning spams the output and currently is not critical to us.
Setting `isolatedModules: true` in the tsconfig.json as suggested breaks
the module resolution and imports.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 18:34:31 +01:00
renovate[bot] f3cb59aa2b chore(deps): update dependency typescript to v5.9.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-12 17:32:03 +01:00
Philip Molares a4c590230e feat(permissions): publiclyVisible flag for note listing on explore 
This field should allow the user to allow pages to be found
easily on the public explore page without exposing all pages directly.

Co-authored-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-11 20:21:00 +01:00
Philip Molares 6e663aa600 test(explore): add unit tests 
Co-authored-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-11 20:21:00 +01:00
Erik Michelson 1e9fc8d081 feat(explore): pin and unpin notes 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-11 20:21:00 +01:00
Erik Michelson 0f2c301b4c feat(explore): add section for recently visited notes 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-11 20:21:00 +01:00
Erik Michelson 4e033863ff feat(explore): add backend logic for the explore page 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-11 20:21:00 +01:00
renovate[bot] 574551373e chore(deps): update yarn to v4.12.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:48:09 +01:00
renovate[bot] 48a7e164f1 fix(deps): update dependency yjs to v13.6.28 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 21:46:41 +01:00
renovate[bot] 2f14ad9270 fix(deps): update dependency reveal.js to v5.2.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:56:16 +01:00
renovate[bot] 69450ac4eb fix(deps): update dependency zod to v3.25.76 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 20:55:25 +01:00
Philip Molares 792fbc4c78 fix(dto): allow no validUntil in ApiTokenCreateDto 
This allows the user to either specify a validUntil date
or take the default date of 2 years.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-17 20:27:48 +01:00
Philip Molares b0b2e85f96 fix(dto): allow '/' as a redirect in LogoutResponseSchema 
When we log out the user with a local identity we return to '/',
so this needs to be allowed.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-17 20:27:48 +01:00
Philip Molares 5cedb6ea56 refactor(mediaupload): rename noteId to noteAlias in dto 
We don't send noteIds anymore, so we should not name it as such.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-17 20:27:48 +01:00
Philip Molares bbb8fc5885 refactor: use luxon instead of built-in database types 
So we don't need to handle differences between databases as much

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-17 20:27:48 +01:00
renovate[bot] 2452c80780 chore(deps): update definitelytyped 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-12-10 19:38:47 +01:00
renovate[bot] d6f13670bf chore(deps): update dependency ts-jest to v29.4.6
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 20 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-07 00:54:39 +01:00
renovate[bot] 9f4171f488 fix(deps): update dependency yjs to v13.6.27 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-06 11:10:51 +01:00
renovate[bot] b3f64a0f88 fix(deps): update dependency ws to v8.18.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-06 10:59:51 +01:00
renovate[bot] 2ebee5db8c chore(deps): update linters 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-06 00:05:23 +01:00
renovate[bot] 7f4339366b fix(deps): update dependency js-yaml to v4.1.1 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-05 21:59:38 +01:00
Erik Michelson 351dc1c575 fix(database): ensure compatability with MySQL/MariaDB 
This includes the usage of Node Buffer instead of ArrayBuffer for binary data
as well as using timestamp strings instead of Date objects to unify the
behaviour between different databases.

Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson a122081df7 refactor(dtos): use nestjs DTOs and validate them with nestjs-zod 
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson ba01b9343e wip: refactor(dtos): use nestjs DTOs and validate them with nestjs-zod 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson 138c5d5b3d chore(commons): remove unnecessary debug log messages 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson a12eb4a98f test(backend): update e2e tests for knex database integration 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson a356505087 fix(websocket): use reason and code for close 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson 9f6ed331fd refactor(permissions): use one common PermissionLevel and fix checks 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson 0beb8f03d5 fix(realtime): use number[] for transport but ArrayBuffer for database 
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson 58a4a01fac refactor(database): run knex migrations on startup 
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson c39d2f4988 refactor: replace TypeORM with knex.js 
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-06 00:55:21 +01:00
Erik Michelson deee8e885f fix(commons): type of deep partial utility type 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-03-29 22:09:01 +01:00
Philip Molares 4b5bf870f2 feat(commons): add DTOs 
Moving the DTOs to commons so frontend and backend use the same types.
Also introducing zod for validation.

Co-authored-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-03-29 22:09:01 +01:00
Philip Molares aa87ff35b3 chore(commons): prettier 
enforce trailing commas as this is the norm in the frontend and makes diffs better readable

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-03-29 22:09:01 +01:00