homelab/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-06-23 04:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,070 Commits 64 Branches 56 Tags
develop
Commit Graph

2274 Commits

Author SHA1 Message Date
renovate[bot] 9dc1178f08 chore(deps): update dependency oxfmt to v0.49.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-05-14 00:06:20 +02:00
Erik Michelson 89e441597d refactor(commons): frontmatter validator uses zod and allows custom options 
The frontmatter validator was still the one left place that used Joi instead
of the now widely used zod in HedgeDoc. Since zod can do validation, coercion
and providing types based on the schema, the code could be drastically reduced
compared to the old frontmatter validator.

At the same time, the validator is now less strict. Custom fields are still
allowed for people that want to add their own frontmatter tags which are
unrelated to HedgeDoc. Furthermore, we now allow the complete set of
RevealOptions for the slideOptions key instead of only a few handpicked
ones.

Fixes #5946

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-05-13 21:05:08 +02:00
Erik Michelson ea9e0bdbd1 fix(backend): type and linting fixes found by oxlint type-aware check 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson 6b1f7cee49 fix(deps): update lockfile for oxlint v1.63.0 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson faaea84a73 chore(lint): enable TypeScript linting in frontend 
oxlint now includes support for TypeScript-aware linting by using
the oxlint-tsgolint package. While this increases the chance of
finding bugs early, it requires a few changes to the TypeScript
configuration, especially the explicit declaration of CSS imports
and changing the moduleResolution to bundler mode.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-09 13:05:59 +02:00
Erik Michelson 475231b39a feat(oidc): add backchannel logout
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-05-02 11:35:33 +02:00
Erik Michelson 7ade60aab7 chore(deps): replace cookie and cookie-signature with fastify-cookie 
We already used fastify-cookie in other places. Technically, fastify-cookie
uses the same cookie library under the hood as well. However,
we should stick to the framework defaults in order to avoid
future breaking.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-04-09 21:19:28 +02:00
renovate[bot] bb3db041fd fix(deps): update dependency @azure/storage-blob to v12.31.0
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-24 12:57:11 +01:00
renovate[bot] c52b83ae58 fix(deps): update dependency dompurify to v3.3.2 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-24 12:55:24 +01:00
renovate[bot] 8d77266a91 fix(deps): update dependency @nestjs/platform-fastify to v11.1.16 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-24 12:54:55 +01:00
renovate[bot] 8d606b3b4b fix(deps): update dependency @dicebear/core to v9.4.1 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-24 12:54:04 +01:00
renovate[bot] d99c311f3b fix(deps): update dependency yjs to v13.6.29
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-sqlite (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS 24 (push) Has been cancelled
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:36:14 +01:00
renovate[bot] a1ced25475 fix(deps): update dependency mermaid to v11.12.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:35:15 +01:00
renovate[bot] 23832684b4 fix(deps): update nestjs packages 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:33:40 +01:00
renovate[bot] 85498bacf8 chore(deps): update testing-library 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:33:02 +01:00
renovate[bot] c7006482c9 fix(deps): update dependency keyv to v5.6.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:31:15 +01:00
renovate[bot] b9498adca1 fix(deps): update dependency react-infinite-scroll-component to v6.1.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:20:19 +01:00
renovate[bot] 68cb90ef7b fix(deps): update dependency minio to v8.0.7 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:19:32 +01:00
renovate[bot] 1f6eeecaaa fix(deps): update dependency @dicebear/identicon to v9.4.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 01:33:51 +01:00
renovate[bot] 536d782ff2 fix(deps): update dependency i18next-browser-languagedetector to v8.2.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 01:33:38 +01:00
renovate[bot] b758343fad fix(deps): update dependency mysql2 to v3.18.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 01:32:25 +01:00
renovate[bot] 687d3b9bf4 fix(deps): update dependency @dicebear/core to v9.4.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 01:27:22 +01:00
renovate[bot] e5833cf04b fix(deps): update dependency ws to v8.19.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:43:22 +01:00
renovate[bot] 11195f0186 fix(deps): update dependency pg to v8.19.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:42:36 +01:00
renovate[bot] af360d8f48 chore(deps): update dependency @tsconfig/node24 to v24.0.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:41:30 +01:00
renovate[bot] 3c04f16e39 chore(deps): update dependency @lezer/common to v1.5.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:40:34 +01:00
renovate[bot] 858c872934 fix(deps): update dependency nest-knexjs to v0.0.34 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:38:32 +01:00
renovate[bot] e2d1e3e28c fix(deps): update dependency sass to v1.97.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:29:37 +01:00
renovate[bot] a81add03dc chore(deps): update dependency markdownlint-cli2 to v0.21.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:29:07 +01:00
renovate[bot] ad020357a2 chore(deps): update dependency turbo to v2.8.13 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:28:00 +01:00
renovate[bot] e6d432ce6b fix(deps): update dependency abcjs to v6.6.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:23:03 +01:00
renovate[bot] 0db43b10c9 fix(deps): update dependency emoji-picker-element to v1.29.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:20:46 +01:00
renovate[bot] 35056110ef fix(deps): update dependency @orama/orama to v3.1.18 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 00:00:51 +01:00
renovate[bot] 15f1807808 fix(deps): update dependency better-sqlite3 to v12.6.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-03 23:59:11 +01:00
renovate[bot] 3aad984644 fix(deps): update dependency katex to v0.16.33 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-03 23:58:29 +01:00
renovate[bot] 4995f1bfa3 fix(deps): update dependency @nestjs/platform-fastify to v11.1.14 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-03 15:34:07 +01:00
Erik Michelson a99f99d6ac feat(security): add rate limiting 
This adds rate-limiting using the @fastify/rate-limit module with sane
default values, configuration options, the possibility to disable limits
and differentiation between logged-in users and unauthenticated requests.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 22:13:07 +01:00
Erik Michelson 66d052d611 feat(security): add CSRF protection to private API endpoints 
This adds a new endpoint /api/private/csrf/token which serves a CSRF-token that
is stored in the user's session. Following requests with POST, PUT, PATCH or DELETE
request methods, need to provide this token in the CSRF-Token header. Since this
is not possible to do via HTML forms or other cross-site effects, this prevents
cross-site attacks. The frontend loads the CSRF token on app initialization and
stores it in the redux. It keeps using the token for up to one hour and then
updates the stored token from the API endpoint again.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 21:36:52 +01:00
Erik Michelson ac2255579f refactor(backend): switch from express to fastify 
Fastify is a more modern web framework than express. Although it
shares almost the same API it has a way better performance and
supports more modern features. Several modules like csurf for
CSRF-protection aren't maintained for express anymore but there
is a Fastify replacement.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-02-04 21:36:52 +01:00
Philip Molares c2300c09ea chore: remove @types/diff 
As diff brings it own types now we don't need @types/diff not anymore

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-22 00:39:47 +01:00
renovate[bot] e252c40e3d fix(deps): update dependency diff to v8 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-22 00:39:47 +01:00
renovate[bot] a023f4a3cc fix(deps): update i18next 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-21 19:17:40 +01:00
Erik Michelson 5b0f3a1c55 chore(format): migrate from prettier to oxfmt 
oxfmt is a project from the OXC toolchain, similar to OXLint.
It is based on the Rust-built 'oxidation compiler' and has
increased performance compared to Prettier which is built
in plain JS.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson a880864b2c chore(lint): replace ESLint with OXLint for performance 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-14 19:46:27 +01:00
Erik Michelson 941cf87c86 chore(deps): upgrade better-sqlite3 to v12 
This is required since better-sqlite3 added support
for Node 24 since version 12.0.0

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 18:34:31 +01:00
Philip Molares e087a9b336 chore: update node to 24.12.0 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2026-01-12 18:34:31 +01:00
Erik Michelson 68e78afa6b fix(realtime): use correct Buffer/ArrayBuffer/Uint8Array conversion 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 17:32:03 +01:00
Erik Michelson bde357c8a0 chore(deps): update @types/node to 20.19.28 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-12 17:32:03 +01:00
renovate[bot] f3cb59aa2b chore(deps): update dependency typescript to v5.9.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-12 17:32:03 +01:00
Erik Michelson 87257ac3dd feat(explore): add frontend explore page 
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2026-01-11 20:21:00 +01:00