Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6722938ae6 | ||
|
|
9f720388ef | ||
|
|
e7b3c48ff4 | ||
|
|
0dfd4d014d | ||
|
|
ce0dc976a8 | ||
|
|
61418a1d8d | ||
|
|
1159d972a8 | ||
|
|
b6d1720fe6 | ||
|
|
dc30f4f3c9 |
15
CHANGELOG.md
15
CHANGELOG.md
@@ -1,3 +1,18 @@
|
||||
## [1.10.2](https://github.com/stonith404/pingvin-share/compare/v1.10.1...v1.10.2) (2025-03-07)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* don't throw error if group claim is missing ([e7b3c48](https://github.com/stonith404/pingvin-share/commit/e7b3c48ff48bd7cfb206c32ea97862b757057573))
|
||||
|
||||
## [1.10.1](https://github.com/stonith404/pingvin-share/compare/v1.10.0...v1.10.1) (2025-02-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* admin property can't be set if OAuth2 user email doesn't match actual user's email ([1159d97](https://github.com/stonith404/pingvin-share/commit/1159d972a8c32a0d6bf53d161c2fc09e6f8dfb28))
|
||||
* type error when trying to run the seed command ([b6d1720](https://github.com/stonith404/pingvin-share/commit/b6d1720fe637497ad624c6cdc40058b1b0f0c74c))
|
||||
|
||||
## [1.10.0](https://github.com/stonith404/pingvin-share/compare/v1.9.1...v1.10.0) (2025-02-28)
|
||||
|
||||
|
||||
|
||||
@@ -50,11 +50,12 @@ COPY --from=backend-builder /opt/app/node_modules ./node_modules
|
||||
COPY --from=backend-builder /opt/app/dist ./dist
|
||||
COPY --from=backend-builder /opt/app/prisma ./prisma
|
||||
COPY --from=backend-builder /opt/app/package.json ./
|
||||
COPY --from=backend-builder /opt/app/tsconfig.json ./
|
||||
|
||||
WORKDIR /opt/app
|
||||
|
||||
COPY ./reverse-proxy /opt/app/reverse-proxy
|
||||
COPY ./scripts ./scripts
|
||||
COPY ./scripts/docker ./scripts/docker
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
|
||||
1282
backend/package-lock.json
generated
1282
backend/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "pingvin-share-backend",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"scripts": {
|
||||
"build": "nest build",
|
||||
"dev": "cross-env NODE_ENV=development nest start --watch",
|
||||
@@ -13,7 +13,7 @@
|
||||
"seed": "ts-node prisma/seed/config.seed.ts"
|
||||
},
|
||||
"dependencies": {
|
||||
"@aws-sdk/client-s3": "^3.679.0",
|
||||
"@aws-sdk/client-s3": "^3.758.0",
|
||||
"@nestjs/cache-manager": "^2.2.2",
|
||||
"@nestjs/common": "^10.4.3",
|
||||
"@nestjs/config": "^3.2.3",
|
||||
@@ -24,7 +24,7 @@
|
||||
"@nestjs/schedule": "^4.1.1",
|
||||
"@nestjs/swagger": "^7.4.2",
|
||||
"@nestjs/throttler": "^6.2.1",
|
||||
"@prisma/client": "^5.19.1",
|
||||
"@prisma/client": "^6.4.1",
|
||||
"@types/jmespath": "^0.15.2",
|
||||
"archiver": "^7.0.1",
|
||||
"argon2": "^0.41.1",
|
||||
@@ -79,7 +79,7 @@
|
||||
"eslint-plugin-prettier": "^5.2.1",
|
||||
"newman": "^6.2.1",
|
||||
"prettier": "^3.3.3",
|
||||
"prisma": "^5.19.1",
|
||||
"prisma": "^6.4.1",
|
||||
"source-map-support": "^0.5.21",
|
||||
"ts-loader": "^9.5.1",
|
||||
"tsconfig-paths": "4.2.0",
|
||||
|
||||
@@ -142,7 +142,7 @@ export class ConfigService extends EventEmitter {
|
||||
const response: Config[] = [];
|
||||
|
||||
for (const variable of data) {
|
||||
response.push(await this.update(variable.key, variable.value));
|
||||
response.push(await this.update(variable.key, variable.value));
|
||||
}
|
||||
|
||||
return response;
|
||||
|
||||
@@ -63,7 +63,7 @@ export class OAuthService {
|
||||
},
|
||||
});
|
||||
if (oauthUser) {
|
||||
await this.updateIsAdmin(user);
|
||||
await this.updateIsAdmin(oauthUser.userId, user.isAdmin);
|
||||
const updatedUser = await this.prisma.user.findFirst({
|
||||
where: {
|
||||
id: oauthUser.userId,
|
||||
@@ -170,7 +170,7 @@ export class OAuthService {
|
||||
userId: existingUser.id,
|
||||
},
|
||||
});
|
||||
await this.updateIsAdmin(user);
|
||||
await this.updateIsAdmin(existingUser.id, user.isAdmin);
|
||||
return this.auth.generateToken(existingUser, { idToken: user.idToken });
|
||||
}
|
||||
|
||||
@@ -196,15 +196,14 @@ export class OAuthService {
|
||||
return result;
|
||||
}
|
||||
|
||||
private async updateIsAdmin(user: OAuthSignInDto) {
|
||||
if ("isAdmin" in user)
|
||||
await this.prisma.user.update({
|
||||
where: {
|
||||
email: user.email,
|
||||
},
|
||||
data: {
|
||||
isAdmin: user.isAdmin,
|
||||
},
|
||||
});
|
||||
private async updateIsAdmin(userId: string, isAdmin?: boolean) {
|
||||
await this.prisma.user.update({
|
||||
where: {
|
||||
id: userId,
|
||||
},
|
||||
data: {
|
||||
isAdmin: isAdmin === true,
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -147,38 +147,33 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
|
||||
|
||||
if (roleConfig?.path) {
|
||||
// A path to read roles from the token is configured
|
||||
let roles: string[] | null;
|
||||
let roles: string[] = [];
|
||||
try {
|
||||
roles = jmespath.search(idTokenData, roleConfig.path);
|
||||
} catch (e) {
|
||||
roles = null;
|
||||
}
|
||||
if (Array.isArray(roles)) {
|
||||
// Roles are found in the token
|
||||
if (
|
||||
roleConfig.generalAccess &&
|
||||
!roles.includes(roleConfig.generalAccess)
|
||||
) {
|
||||
// Role for general access is configured and the user does not have it
|
||||
this.logger.error(
|
||||
`User roles ${roles} do not include ${roleConfig.generalAccess}`,
|
||||
);
|
||||
throw new ErrorPageException("user_not_allowed");
|
||||
}
|
||||
if (roleConfig.adminAccess) {
|
||||
// Role for admin access is configured
|
||||
isAdmin = roles.includes(roleConfig.adminAccess);
|
||||
}
|
||||
} else {
|
||||
this.logger.error(
|
||||
this.logger.warn(
|
||||
`Roles not found at path ${roleConfig.path} in ID Token ${JSON.stringify(
|
||||
idTokenData,
|
||||
undefined,
|
||||
2,
|
||||
)}`,
|
||||
);
|
||||
}
|
||||
|
||||
if (
|
||||
roleConfig.generalAccess &&
|
||||
!roles.includes(roleConfig.generalAccess)
|
||||
) {
|
||||
// Role for general access is configured and the user does not have it
|
||||
this.logger.error(
|
||||
`User roles ${roles} do not include ${roleConfig.generalAccess}`,
|
||||
);
|
||||
throw new ErrorPageException("user_not_allowed");
|
||||
}
|
||||
if (roleConfig.adminAccess) {
|
||||
// Role for admin access is configured
|
||||
isAdmin = roles.includes(roleConfig.adminAccess);
|
||||
}
|
||||
}
|
||||
|
||||
if (!username) {
|
||||
|
||||
4
frontend/package-lock.json
generated
4
frontend/package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "pingvin-share-frontend",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "pingvin-share-frontend",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"dependencies": {
|
||||
"@emotion/react": "^11.13.3",
|
||||
"@emotion/server": "^11.11.0",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "pingvin-share-frontend",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"scripts": {
|
||||
"dev": "next dev",
|
||||
"build": "next build",
|
||||
|
||||
@@ -506,7 +506,7 @@ export default {
|
||||
"admin.config.smtp.port.description": "Port of the SMTP server",
|
||||
"admin.config.smtp.email": "Email",
|
||||
"admin.config.smtp.email.description":
|
||||
"Email address from wich the emails get sent",
|
||||
"Email address from which the emails get sent",
|
||||
"admin.config.smtp.username": "Username",
|
||||
"admin.config.smtp.username.description": "Username of the SMTP server",
|
||||
"admin.config.smtp.password": "Password",
|
||||
|
||||
@@ -413,7 +413,7 @@ const Account = () => {
|
||||
onConfirm: async () => {
|
||||
await userService
|
||||
.removeCurrentUser()
|
||||
.then(()=> window.location.reload())
|
||||
.then(() => window.location.reload())
|
||||
.catch(toast.axiosError);
|
||||
},
|
||||
})
|
||||
|
||||
@@ -54,19 +54,22 @@ const Admin = () => {
|
||||
]);
|
||||
|
||||
useEffect(() => {
|
||||
configService.isNewReleaseAvailable().then((isNewReleaseAvailable) => {
|
||||
if (isNewReleaseAvailable) {
|
||||
setManagementOptions([
|
||||
...managementOptions,
|
||||
{
|
||||
title: "Update",
|
||||
icon: TbRefresh,
|
||||
route:
|
||||
"https://github.com/stonith404/pingvin-share/releases/latest",
|
||||
},
|
||||
]);
|
||||
}
|
||||
}).catch();
|
||||
configService
|
||||
.isNewReleaseAvailable()
|
||||
.then((isNewReleaseAvailable) => {
|
||||
if (isNewReleaseAvailable) {
|
||||
setManagementOptions([
|
||||
...managementOptions,
|
||||
{
|
||||
title: "Update",
|
||||
icon: TbRefresh,
|
||||
route:
|
||||
"https://github.com/stonith404/pingvin-share/releases/latest",
|
||||
},
|
||||
]);
|
||||
}
|
||||
})
|
||||
.catch();
|
||||
}, []);
|
||||
|
||||
return (
|
||||
|
||||
4
package-lock.json
generated
4
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "pingvin-share",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "pingvin-share",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"devDependencies": {
|
||||
"conventional-changelog-cli": "^3.0.0"
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "pingvin-share",
|
||||
"version": "1.10.0",
|
||||
"version": "1.10.2",
|
||||
"scripts": {
|
||||
"format": "cd frontend && npm run format && cd ../backend && npm run format",
|
||||
"lint": "cd frontend && npm run lint && cd ../backend && npm run lint",
|
||||
|
||||
Reference in New Issue
Block a user