sinvo/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2026-05-07 06:23:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Philipinho
2025-08-14 08:58:23 -07:00
parent 5012a68d85
commit ace00a0b0a
43 changed files with 2552 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/server/src/common/events/event.contants.ts
+1 -1
View File
@@ -1,3 +1,3 @@
export enum EventName {
COLLAB_PAGE_UPDATED = 'collab.page.updated',
}
}
apps/server/src/common/helpers/nanoid.utils.ts
+1 -1
View File
@@ -5,4 +5,4 @@ export const nanoIdGen = customAlphabet(alphabet, 10);
const slugIdAlphabet =
'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
export const generateSlugId = customAlphabet(slugIdAlphabet, 10);
export const generateSlugId = customAlphabet(slugIdAlphabet, 10);
apps/server/src/common/helpers/types/permission.ts
+6
View File
@@ -10,6 +10,12 @@ export enum SpaceRole {
READER = 'reader', // can only read pages in space
}
export enum PageRole {
WRITER = 'writer', // can read and write pages in space
READER = 'reader', // can only read pages in space
RESTRICTED = 'restricted', // cannot access page
}
export enum SpaceVisibility {
OPEN = 'open', // any workspace member can see that it exists and join.
PRIVATE = 'private', // only added space users can see
apps/server/src/common/logger/internal-log-filter.ts
+9 -2
View File
@@ -14,11 +14,18 @@ export class InternalLogFilter extends ConsoleLogger {
super();
const isProduction = process.env.NODE_ENV === 'production';
const isDebugMode = process.env.DEBUG_MODE === 'true';
if (isProduction && !isDebugMode) {
this.allowedLogLevels = ['log', 'error', 'fatal'];
} else {
this.allowedLogLevels = ['log', 'debug', 'verbose', 'warn', 'error', 'fatal'];
this.allowedLogLevels = [
'log',
'debug',
'verbose',
'warn',
'error',
'fatal',
];
}
}
apps/server/src/core/auth/services/token.service.ts
+1 -4
View File
@@ -77,10 +77,7 @@ export class TokenService {
return this.jwtService.sign(payload, { expiresIn: '1h' });
}
async generateMfaToken(
user: User,
workspaceId: string,
): Promise<string> {
async generateMfaToken(user: User, workspaceId: string): Promise<string> {
if (user.deactivatedAt || user.deletedAt) {
throw new ForbiddenException();
}
apps/server/src/core/casl/abilities/page-ability.factory.ts
+168
View File
@@ -0,0 +1,168 @@
import { Injectable, Logger, NotFoundException } from '@nestjs/common';
import {
AbilityBuilder,
createMongoAbility,
MongoAbility,
} from '@casl/ability';
import { PageRole, SpaceRole } from '../../../common/helpers/types/permission';
import { User } from '@docmost/db/types/entity.types';
import {
PagePermissionRepo,
PageMemberRole,
} from '@docmost/db/repos/page/page-permission-repo.service';
import { PageRepo } from '@docmost/db/repos/page/page.repo';
import {
PageCaslAction,
IPageAbility,
PageCaslSubject,
} from '../interfaces/page-ability.type';
import { findHighestUserSpaceRole } from '@docmost/db/repos/Space/utils';
import { UserSpaceRole } from '@docmost/db/repos/space/types';
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
@Injectable()
export default class PageAbilityFactory {
private readonly logger = new Logger(PageAbilityFactory.name);
constructor(
private readonly pagePermissionRepo: PagePermissionRepo,
private readonly pageRepo: PageRepo,
private readonly spaceMemberRepo: SpaceMemberRepo,
) {}
async createForUser(user: User, pageId: string) {
//user.id = '0197750c-a70c-73a6-83ad-65a193433f5c';
// This opens the possibility to share pages with individual users from other Spaces
/*
//TODO: we might account for space permission here too.
// we could just do it all here. no need to call two abilities.
const userSpaceRoles = await this.spaceMemberRepo.getUserSpaceRoles(
user.id,
spaceId,
);
*/
// const userPageRole = findHighestUserPageRole(userPageRoles);
// if no role abort
// Check page-level permissions first if pageId provided
const permission = await this.pagePermissionRepo.getUserPagePermission({
pageId: pageId,
userId: user.id,
});
// does it pick one? what if the user has permissions via groups? what roles takes precedence?
if (!permission) {
//TODO: it means we should use the space level permission
// need deeper understanding here though
// call the space factory?
}
this.logger.log('permissions', permission);
if (permission) {
// make sure the permission is for this page
// or cascaded/inherited from a parent page
/*this.logger.debug('role', permission.role, 'cascade', permission.cascade);
if (permission.pageId !== pageId && !permission.cascade) {
this.logger.debug('no permission');
// No explicit access and not inheriting - deny
return new AbilityBuilder<MongoAbility<IPageAbility>>(
createMongoAbility,
).build();
}*/
}
// if no permission should we use space permission here?
// if non, skip for default to take precedence
switch (permission.role) {
case PageRole.WRITER:
return buildPageWriterAbility();
case PageRole.READER:
return buildPageReaderAbility();
case PageRole.RESTRICTED:
return buildPageRestrictedAbility();
default:
throw new NotFoundException('Page permissions not found');
}
}
private buildAbilityForRole(role: string) {
switch (role) {
case PageRole.WRITER:
return buildPageWriterAbility();
case PageRole.READER:
return buildPageReaderAbility();
case PageRole.RESTRICTED:
return buildPageRestrictedAbility();
default:
return new AbilityBuilder<MongoAbility<IPageAbility>>(
createMongoAbility,
).build();
}
}
}
function buildPageWriterAbility() {
const { can, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
createMongoAbility,
);
can(PageCaslAction.Read, PageCaslSubject.Settings);
can(PageCaslAction.Read, PageCaslSubject.Member);
can(PageCaslAction.Manage, PageCaslSubject.Page);
can(PageCaslAction.Manage, PageCaslSubject.Share);
return build();
}
function buildPageReaderAbility() {
const { can, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
createMongoAbility,
);
can(PageCaslAction.Read, PageCaslSubject.Settings);
can(PageCaslAction.Read, PageCaslSubject.Member);
can(PageCaslAction.Read, PageCaslSubject.Page);
can(PageCaslAction.Read, PageCaslSubject.Share);
return build();
}
function buildPageRestrictedAbility() {
const { cannot, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
createMongoAbility,
);
cannot(PageCaslAction.Read, PageCaslSubject.Settings);
cannot(PageCaslAction.Read, PageCaslSubject.Member);
cannot(PageCaslAction.Read, PageCaslSubject.Page);
cannot(PageCaslAction.Read, PageCaslSubject.Share);
return build();
}
export interface UserPageRole {
userId: string;
role: string;
}
export function findHighestUserPageRole(userPageRoles: UserPageRole[]) {
//TODO: perhaps, we want the lowest here?
if (!userPageRoles) {
return undefined;
}
const roleOrder: { [key in PageRole]: number } = {
[PageRole.WRITER]: 3,
[PageRole.READER]: 2,
[PageRole.RESTRICTED]: 1,
};
let highestRole: string;
for (const userPageRole of userPageRoles) {
const currentRole = userPageRole.role;
if (!highestRole || roleOrder[currentRole] > roleOrder[highestRole]) {
highestRole = currentRole;
}
}
return highestRole;
}
apps/server/src/core/casl/casl.module.ts
+3 -2
View File
@@ -1,10 +1,11 @@
import { Global, Module } from '@nestjs/common';
import SpaceAbilityFactory from './abilities/space-ability.factory';
import WorkspaceAbilityFactory from './abilities/workspace-ability.factory';
import PageAbilityFactory from './abilities/page-ability.factory';
@Global()
@Module({
providers: [WorkspaceAbilityFactory, SpaceAbilityFactory],
exports: [WorkspaceAbilityFactory, SpaceAbilityFactory],
providers: [WorkspaceAbilityFactory, SpaceAbilityFactory, PageAbilityFactory],
exports: [WorkspaceAbilityFactory, SpaceAbilityFactory, PageAbilityFactory],
})
export class CaslModule {}
apps/server/src/core/casl/interfaces/page-ability.type.ts
+19
View File
@@ -0,0 +1,19 @@
export enum PageCaslAction {
Manage = 'manage',
Create = 'create',
Read = 'read',
Edit = 'edit',
Delete = 'delete',
}
export enum PageCaslSubject {
Settings = 'settings',
Member = 'member',
Page = 'page',
Share = 'share',
}
export type IPageAbility =
| [PageCaslAction, PageCaslSubject.Settings]
| [PageCaslAction, PageCaslSubject.Member]
| [PageCaslAction, PageCaslSubject.Page]
| [PageCaslAction, PageCaslSubject.Share];
apps/server/src/core/group/dto/create-group.dto.ts
+1 -1
View File
@@ -7,7 +7,7 @@ import {
MaxLength,
MinLength,
} from 'class-validator';
import {Transform, TransformFnParams} from "class-transformer";
import { Transform, TransformFnParams } from 'class-transformer';
export class CreateGroupDto {
@MinLength(2)
apps/server/src/core/page/dto/add-page-members.dto.ts
+34
View File
@@ -0,0 +1,34 @@
import {
ArrayMaxSize,
IsArray,
IsBoolean,
IsEnum,
IsOptional,
IsUUID,
} from 'class-validator';
import { PageIdDto } from './page.dto';
import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
export class AddPageMembersDto extends PageIdDto {
@IsEnum(PageMemberRole)
role: string;
// optional
@IsArray()
@ArrayMaxSize(25, {
message: 'userIds must be an array with no more than 25 elements',
})
@IsUUID('all', { each: true })
userIds: string[];
@IsOptional()
@IsArray()
@ArrayMaxSize(25, {
message: 'groupIds must be an array with no more than 25 elements',
})
@IsUUID('all', { each: true })
groupIds: string[];
@IsBoolean()
@IsOptional()
cascade?: boolean; // Apply to all child pages
}
apps/server/src/core/page/dto/deleted-page.dto.ts
+1 -1
View File
@@ -4,4 +4,4 @@ export class DeletedPageDto {
@IsNotEmpty()
@IsString()
spaceId: string;
}
}
apps/server/src/core/page/dto/duplicate-page.dto.ts
+4 -4
View File
@@ -17,8 +17,8 @@ export type CopyPageMapEntry = {
};
export type ICopyPageAttachment = {
newPageId: string,
oldPageId: string,
oldAttachmentId: string,
newAttachmentId: string,
newPageId: string;
oldPageId: string;
oldAttachmentId: string;
newAttachmentId: string;
};
apps/server/src/core/page/dto/get-page-members.dto.ts
+22
View File
@@ -0,0 +1,22 @@
import { IsOptional, IsNumber, IsString, Min, Max } from 'class-validator';
import { PageIdDto } from './page.dto';
import { Type } from 'class-transformer';
export class GetPageMembersDto extends PageIdDto {
@IsOptional()
@Type(() => Number)
@IsNumber()
@Min(1)
page?: number = 1;
@IsOptional()
@Type(() => Number)
@IsNumber()
@Min(1)
@Max(100)
limit?: number = 20;
@IsOptional()
@IsString()
query?: string;
}
apps/server/src/core/page/dto/remove-page-member.dto.ts
+7
View File
@@ -0,0 +1,7 @@
import { IsUUID } from 'class-validator';
import { PageIdDto } from './page.dto';
export class RemovePageMemberDto extends PageIdDto {
@IsUUID()
memberId: string;
}
apps/server/src/core/page/dto/update-page-member-role.dto.ts
+11
View File
@@ -0,0 +1,11 @@
import { IsEnum, IsUUID } from 'class-validator';
import { PageIdDto } from './page.dto';
import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
export class UpdatePageMemberRoleDto extends PageIdDto {
@IsUUID()
memberId: string;
@IsEnum(PageMemberRole)
role: string;
}
apps/server/src/core/page/dto/update-page-permission.dto.ts
+21
View File
@@ -0,0 +1,21 @@
import { IsBoolean, IsEnum, IsOptional, IsUUID } from 'class-validator';
import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
export class UpdatePagePermissionDto {
@IsUUID()
pageId: string;
@IsUUID()
@IsOptional()
userId?: string;
@IsUUID()
@IsOptional()
groupId?: string;
@IsEnum(PageMemberRole)
role: string;
@IsBoolean()
cascade: boolean; // Apply to all child pages
}
apps/server/src/core/page/page.controller.ts
+188 -2
View File
@@ -32,9 +32,24 @@ import {
} from '../casl/interfaces/space-ability.type';
import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
import { PageRepo } from '@docmost/db/repos/page/page.repo';
import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
import { RecentPageDto } from './dto/recent-page.dto';
import { DuplicatePageDto } from './dto/duplicate-page.dto';
import { DeletedPageDto } from './dto/deleted-page.dto';
import { AddPageMembersDto } from './dto/add-page-members.dto';
import { RemovePageMemberDto } from './dto/remove-page-member.dto';
import { UpdatePageMemberRoleDto } from './dto/update-page-member-role.dto';
import { UpdatePagePermissionDto } from './dto/update-page-permission.dto';
import { GetPageMembersDto } from './dto/get-page-members.dto';
import {
PagePermissionService,
PagePermissionsResponse,
} from './services/page-member.service';
import PageAbilityFactory from '../casl/abilities/page-ability.factory';
import {
PageCaslAction,
PageCaslSubject,
} from '../casl/interfaces/page-ability.type';
@UseGuards(JwtAuthGuard)
@Controller('pages')
@@ -44,6 +59,9 @@ export class PageController {
private readonly pageRepo: PageRepo,
private readonly pageHistoryService: PageHistoryService,
private readonly spaceAbility: SpaceAbilityFactory,
private readonly pageAbility: PageAbilityFactory,
private readonly pagePermissionService: PagePermissionService,
private readonly sharedPagesRepo: SharedPagesRepo,
) {}
@HttpCode(HttpStatus.OK)
@@ -61,11 +79,21 @@ export class PageController {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
const pageAbility = await this.pageAbility.createForUser(user, page.id);
if (pageAbility.cannot(PageCaslAction.Read, PageCaslSubject.Page)) {
throw new ForbiddenException();
}
/*const ability = await this.spaceAbility.createForUser(
user,
page.spaceId,
);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}*/
return page;
}
@@ -372,4 +400,162 @@ export class PageController {
}
return this.pageService.getPageBreadCrumbs(page.id);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/restrict')
async restrictPage(@Body() dto: PageIdDto, @AuthUser() user: User) {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
// TODO: make sure they have access to the page, and can restrict
// And the page is not already restricted
// They can add and remove page restriction
// When a page restriction is removed, we remove the entries in page permissions table.
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
return this.pagePermissionService.restrictPage(user, page.id);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/add')
async addPageMembers(
@Body() dto: AddPageMembersDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
return this.pagePermissionService.addMembersToPageBatch(
dto,
user,
workspace.id,
);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/remove')
async removePageMember(
@Body() dto: RemovePageMemberDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
return this.pagePermissionService.removePageMember(dto, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/update-role')
async updatePageMemberRole(
@Body() dto: UpdatePageMemberRoleDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
return this.pagePermissionService.updatePageMemberRole(dto, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/update')
async updatePagePermissions(
@Body() dto: UpdatePagePermissionDto,
@AuthUser() user: User,
): Promise<PagePermissionsResponse> {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
return this.pagePermissionService.updatePagePermission(dto);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/info')
async getPagePermissions(
@Body() dto: PageIdDto,
@AuthUser() user: User,
): Promise<PagePermissionsResponse> {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
return this.pagePermissionService.getPagePermissions(dto.pageId);
}
@HttpCode(HttpStatus.OK)
@Post('permissions/list')
async getPageMembers(
@Body() dto: GetPageMembersDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const page = await this.pageRepo.findById(dto.pageId);
if (!page) {
throw new NotFoundException('Page not found');
}
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
throw new ForbiddenException();
}
const pagination: PaginationOptions = {
page: dto.page || 1,
limit: dto.limit || 20,
query: dto.query,
};
return this.pagePermissionService.getPageMembers(
dto.pageId,
workspace.id,
pagination,
);
}
@HttpCode(HttpStatus.OK)
@Post('shared')
async getUserSharedPages(@AuthUser() user: User) {
return this.sharedPagesRepo.getUserSharedPages(user.id);
}
}
apps/server/src/core/page/page.module.ts
+11 -3
View File
@@ -3,12 +3,20 @@ import { PageService } from './services/page.service';
import { PageController } from './page.controller';
import { PageHistoryService } from './services/page-history.service';
import { TrashCleanupService } from './services/trash-cleanup.service';
import { PagePermissionService } from './services/page-member.service';
import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
import { StorageModule } from '../../integrations/storage/storage.module';
@Module({
controllers: [PageController],
providers: [PageService, PageHistoryService, TrashCleanupService],
exports: [PageService, PageHistoryService],
imports: [StorageModule]
providers: [
PageService,
PageHistoryService,
TrashCleanupService,
PagePermissionService,
SharedPagesRepo,
],
exports: [PageService, PageHistoryService, PagePermissionService],
imports: [StorageModule],
})
export class PageModule {}
apps/server/src/core/page/services/page-member.service.ts
+648
View File
@@ -0,0 +1,648 @@
import {
BadRequestException,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
import {
PagePermissionRepo,
PageMemberRole,
} from '@docmost/db/repos/page/page-permission-repo.service';
import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
import { AddPageMembersDto } from '../dto/add-page-members.dto';
import { InjectKysely } from 'nestjs-kysely';
import { Page, PagePermission, User } from '@docmost/db/types/entity.types';
import { PageRepo } from '@docmost/db/repos/page/page.repo';
import { RemovePageMemberDto } from '../dto/remove-page-member.dto';
import { UpdatePageMemberRoleDto } from '../dto/update-page-member-role.dto';
import { UpdatePagePermissionDto } from '../dto/update-page-permission.dto';
import { UserRepo } from '@docmost/db/repos/user/user.repo';
import { GroupRepo } from '@docmost/db/repos/group/group.repo';
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
import { executeTx } from '@docmost/db/utils';
export interface IPagePermission {
id: string;
cascade: boolean;
member: {
id: string;
type: 'user' | 'group' | 'public';
email?: string;
displayName?: string;
avatarUrl?: string;
workspaceRole?: string;
name?: string;
memberCount?: number;
};
membershipRole: {
id: string;
level: string;
source: 'direct' | 'inherited';
};
grantedBy: {
id: string;
type: 'page' | 'space';
title?: string;
name?: string;
parentId?: string;
};
}
export interface PagePermissionsResponse {
page: {
id: string;
title: string;
hasCustomPermissions: boolean;
inheritPermissions: boolean;
permissions: IPagePermission[];
};
}
@Injectable()
export class PagePermissionService {
constructor(
private pageMemberRepo: PagePermissionRepo,
private pageRepo: PageRepo,
private sharedPagesRepo: SharedPagesRepo,
private userRepo: UserRepo,
private groupRepo: GroupRepo,
private spaceMemberRepo: SpaceMemberRepo,
@InjectKysely() private readonly db: KyselyDB,
) {}
async addUserToPage(
userId: string,
pageId: string,
role: string,
workspaceId: string,
trx?: KyselyTransaction,
): Promise<void> {
await this.pageMemberRepo.insertPageMember(
{
userId: userId,
pageId: pageId,
role: role,
},
trx,
);
}
async addGroupToPage(
groupId: string,
pageId: string,
role: string,
workspaceId: string,
trx?: KyselyTransaction,
): Promise<void> {
await this.pageMemberRepo.insertPageMember(
{
groupId: groupId,
pageId: pageId,
role: role,
},
trx,
);
}
async getPageMembers(
pageId: string,
workspaceId: string,
pagination: PaginationOptions,
) {
const page = await this.pageRepo.findById(pageId);
// const page = await this.pageRepo.findById(pageId, { workspaceId });
if (!page) {
throw new NotFoundException('Page not found');
}
const members = await this.pageMemberRepo.getPageMembersPaginated(
pageId,
pagination,
);
return members;
}
async restrictPage(authUser: User, pageId: string) {
// to add custom permissions to a page,
// we have to restrict the page first.
// the user is here because they can restrict this page
// TODO: make sure page is not in trash
// Not sure if normal users can see restricted pages in trash.
await this.db
.updateTable('pages')
.set({
isRestricted: true,
restrictedById: authUser.id,
})
.where('id', '=', pageId)
.execute();
}
async addMembersToPageBatch(
dto: AddPageMembersDto,
authUser: User,
workspaceId: string,
): Promise<void> {
try {
const page = await this.pageRepo.findById(dto.pageId);
//const page = await this.pageRepo.findById(dto.pageId, { workspaceId });
if (!page) {
throw new NotFoundException('Page not found');
}
// Validate role
if (!Object.values(PageMemberRole).includes(dto.role as PageMemberRole)) {
throw new BadRequestException(`Invalid role: ${dto.role}`);
}
// Enable custom permissions if adding first member
/*if (!page.hasCustomPermissions) {
await this.pageRepo.update(dto.pageId, {
hasCustomPermissions: true,
inheritPermissions: false,
});
}*/
// Make sure we have valid workspace users
const validUsersQuery = this.db
.selectFrom('users')
.select(['id', 'name'])
.where('users.id', 'in', dto.userIds)
.where('users.workspaceId', '=', workspaceId)
.where(({ not, exists, selectFrom }) =>
not(
exists(
selectFrom('pagePermissions')
.select('id')
.whereRef('pagePermissions.userId', '=', 'users.id')
.where('pagePermissions.pageId', '=', dto.pageId),
),
),
);
const validGroupsQuery = this.db
.selectFrom('groups')
.select(['id', 'name'])
.where('groups.id', 'in', dto.groupIds)
.where('groups.workspaceId', '=', workspaceId)
.where(({ not, exists, selectFrom }) =>
not(
exists(
selectFrom('pagePermissions')
.select('id')
.whereRef('pagePermissions.groupId', '=', 'groups.id')
.where('pagePermissions.pageId', '=', dto.pageId),
),
),
);
let validUsers = [],
validGroups = [];
if (dto.userIds && dto.userIds.length > 0) {
validUsers = await validUsersQuery.execute();
}
if (dto.groupIds && dto.groupIds.length > 0) {
validGroups = await validGroupsQuery.execute();
}
const usersToAdd = [];
for (const user of validUsers) {
usersToAdd.push({
pageId: dto.pageId,
userId: user.id,
role: dto.role,
addedById: authUser.id,
});
// Track orphaned page access if user doesn't have parent access
if (page.parentPageId && dto.role !== PageMemberRole.NONE) {
const hasParentAccess = await this.checkParentAccess(
user.id,
page.parentPageId,
);
if (!hasParentAccess) {
await this.sharedPagesRepo.addSharedPage(user.id, dto.pageId);
}
}
}
const groupsToAdd = [];
for (const group of validGroups) {
groupsToAdd.push({
pageId: dto.pageId,
groupId: group.id,
role: dto.role,
addedById: authUser.id,
});
}
const membersToAdd = [...usersToAdd, ...groupsToAdd];
if (membersToAdd.length > 0) {
await this.db
.insertInto('pagePermissions')
.values(membersToAdd)
.execute();
}
// Apply to child pages if requested
if (dto.cascade) {
await this.cascadeToChildren(dto.pageId, membersToAdd);
}
} catch (error) {
if (
error instanceof NotFoundException ||
error instanceof BadRequestException
) {
throw error;
}
throw new BadRequestException(
'Failed to add members to page. Please try again.',
);
}
}
async removePageMember(
dto: RemovePageMemberDto,
workspaceId: string,
): Promise<void> {
const member = await this.db
.selectFrom('pagePermissions')
.innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
.select(['pagePermissions.id', 'pagePermissions.userId'])
.where('pagePermissions.id', '=', dto.memberId)
.where('pagePermissions.pageId', '=', dto.pageId)
.where('pages.workspaceId', '=', workspaceId)
.executeTakeFirst();
if (!member) {
throw new NotFoundException('Page member not found');
}
// Check if this is the last admin
const adminCount = await this.pageMemberRepo.roleCountByPageId(
PageMemberRole.ADMIN,
dto.pageId,
);
if (adminCount === 1) {
const memberToRemove = await this.pageMemberRepo.getPageMemberByTypeId(
dto.pageId,
{ userId: member.userId },
);
if (memberToRemove?.role === PageMemberRole.ADMIN) {
throw new BadRequestException('Cannot remove the last admin from page');
}
}
await this.pageMemberRepo.removePageMemberById(dto.memberId, dto.pageId);
// Remove from shared pages if it was tracked
if (member.userId) {
await this.sharedPagesRepo.removeSharedPage(member.userId, dto.pageId);
}
}
async updatePageMemberRole(
dto: UpdatePageMemberRoleDto,
workspaceId: string,
): Promise<void> {
const member = await this.db
.selectFrom('pagePermissions')
.innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
.select(['pagePermissions.id', 'pagePermissions.role'])
.where('pagePermissions.id', '=', dto.memberId)
.where('pagePermissions.pageId', '=', dto.pageId)
.where('pages.workspaceId', '=', workspaceId)
.executeTakeFirst();
if (!member) {
throw new NotFoundException('Page member not found');
}
if (
member.role === PageMemberRole.ADMIN &&
dto.role !== PageMemberRole.ADMIN
) {
const adminCount = await this.pageMemberRepo.roleCountByPageId(
PageMemberRole.ADMIN,
dto.pageId,
);
if (adminCount === 1) {
throw new BadRequestException('Cannot change role of the last admin');
}
}
await this.pageMemberRepo.updatePageMember(
{ role: dto.role },
dto.memberId,
dto.pageId,
);
}
async updatePagePermission(
dto: UpdatePagePermissionDto,
): Promise<PagePermissionsResponse> {
const { pageId, userId, groupId, role, cascade } = dto;
try {
// Validate inputs
if (!userId && !groupId) {
throw new BadRequestException(
'Either userId or groupId must be provided',
);
}
if (userId && groupId) {
throw new BadRequestException('Cannot provide both userId and groupId');
}
if (!Object.values(PageMemberRole).includes(role as PageMemberRole)) {
throw new BadRequestException(`Invalid role: ${role}`);
}
await executeTx(this.db, async (trx) => {
// Update the role
if (userId) {
await this.pageMemberRepo.upsertPageMember(
{
pageId,
userId,
role,
},
trx,
);
} else if (groupId) {
await this.pageMemberRepo.upsertPageMember(
{
pageId,
groupId,
role,
},
trx,
);
}
// Mark page as having custom permissions
/* await this.pageRepo.update(
pageId,
{
hasCustomPermissions: true,
inheritPermissions: false,
},
trx,
);*/
// Cascade to children if requested
if (cascade) {
const descendants = await this.pageRepo.getAllDescendants(
pageId,
trx,
);
for (const childId of descendants) {
if (userId) {
await this.pageMemberRepo.upsertPageMember(
{
pageId: childId,
userId,
role,
},
trx,
);
} else if (groupId) {
await this.pageMemberRepo.upsertPageMember(
{
pageId: childId,
groupId,
role,
},
trx,
);
}
}
}
});
// Return comprehensive permission data
return this.getPagePermissions(pageId);
} catch (error) {
if (error instanceof BadRequestException) {
throw error;
}
throw new BadRequestException(
'Failed to update page permissions. Please try again.',
);
}
}
async getPagePermissions(pageId: string): Promise<PagePermissionsResponse> {
const page = await this.pageRepo.findById(pageId, { includeSpace: true });
if (!page) {
throw new NotFoundException('Page not found');
}
const permissions: IPagePermission[] = [];
// 1. Get direct page members
const directMembers = await this.pageMemberRepo.getPageMembers(pageId);
// Batch fetch all users and groups
const userIds = directMembers.filter((m) => m.userId).map((m) => m.userId);
const groupIds = directMembers
.filter((m) => m.groupId)
.map((m) => m.groupId);
const [users, groups] = await Promise.all([
userIds.length > 0
? this.db
.selectFrom('users')
.selectAll()
.where('id', 'in', userIds)
.execute()
: Promise.resolve([]),
groupIds.length > 0
? this.db
.selectFrom('groups')
.selectAll()
.where('id', 'in', groupIds)
.execute()
: Promise.resolve([]),
]);
const userMap = new Map(users.map((u) => [u.id, u] as const));
const groupMap = new Map(groups.map((g) => [g.id, g] as const));
// Build permissions with batch-fetched data
for (const member of directMembers) {
let memberData: any = null;
if (member.userId) {
const user = userMap.get(member.userId);
if (user) {
memberData = {
id: user.id,
type: 'user' as const,
email: user.email,
displayName: user.name,
avatarUrl: user.avatarUrl,
workspaceRole: user.role,
};
}
} else if (member.groupId) {
const group = groupMap.get(member.groupId);
if (group) {
memberData = {
id: group.id,
type: 'group' as const,
name: group.name,
memberCount: await this.db
.selectFrom('groupUsers')
.select((eb) => eb.fn.count('userId').as('count'))
.where('groupId', '=', group.id)
.executeTakeFirst()
.then((result) => Number(result?.count || 0)),
};
}
}
if (memberData) {
permissions.push({
id: member.id,
cascade: true, // Page permissions cascade by default
member: memberData,
membershipRole: {
id: member.id,
level: member.role,
source: 'direct',
},
grantedBy: {
id: pageId,
type: 'page',
title: page.title,
},
});
}
}
// 2. Get inherited space members (if page inherits)
if (page) {
//if (page.inheritPermissions || !page.hasCustomPermissions) {
const spaceMembers = await this.spaceMemberRepo.getSpaceMembersPaginated(
page.spaceId,
{ page: 1, limit: 100 },
);
for (const spaceMember of spaceMembers.items as any[]) {
// Skip if user has direct page permission
const hasDirect = directMembers.some(
(dm) =>
(dm.userId === spaceMember.id && spaceMember.type === 'user') ||
(dm.groupId === spaceMember.id && spaceMember.type === 'group'),
);
if (!hasDirect) {
permissions.push({
id: `space-${spaceMember.id}`,
cascade: false, // Space permissions don't cascade to page children
member: {
id: spaceMember.id,
type: spaceMember.type as 'user' | 'group',
email: spaceMember.email,
displayName: spaceMember.name,
avatarUrl: spaceMember.avatarUrl,
name: spaceMember.name,
memberCount: Number(spaceMember.memberCount || 0),
},
membershipRole: {
id: `space-role-${spaceMember.id}`,
level: spaceMember.role,
source: 'inherited',
},
grantedBy: {
id: page.spaceId,
type: 'space',
name: (page as any).space?.name,
},
});
}
}
}
return {
page: {
id: page.id,
title: page.title,
hasCustomPermissions: true,
inheritPermissions: false,
permissions,
},
};
}
private async checkParentAccess(
userId: string,
parentPageId: string | null,
): Promise<boolean> {
if (!parentPageId) return true; // Root pages always accessible
const parentAccess = await this.pageMemberRepo.resolveUserPageAccess(
userId,
parentPageId,
);
return parentAccess !== null && parentAccess !== PageMemberRole.NONE;
}
private async cascadeToChildren(
pageId: string,
membersToAdd: any[],
): Promise<void> {
const descendants = await this.pageRepo.getAllDescendants(pageId);
if (descendants.length === 0) return;
// Separate user and group members for proper conflict handling
const userMembers = membersToAdd.filter((m) => m.userId);
const groupMembers = membersToAdd.filter((m) => m.groupId);
for (const childId of descendants) {
// Handle user members with proper conflict resolution
if (userMembers.length > 0) {
const childUserMembers = userMembers.map((m) => ({
...m,
pageId: childId,
}));
await this.db
.insertInto('pagePermissions')
.values(childUserMembers)
.onConflict((oc) =>
oc.columns(['pageId', 'userId']).doUpdateSet({
role: (eb) => eb.ref('excluded.role'),
updatedAt: new Date(),
}),
)
.execute();
}
// Handle group members separately
if (groupMembers.length > 0) {
const childGroupMembers = groupMembers.map((m) => ({
...m,
pageId: childId,
}));
await this.db
.insertInto('pagePermissions')
.values(childGroupMembers)
.onConflict((oc) =>
oc.columns(['pageId', 'groupId']).doUpdateSet({
role: (eb) => eb.ref('excluded.role'),
updatedAt: new Date(),
}),
)
.execute();
}
}
}
}
apps/server/src/core/space/dto/create-space.dto.ts
+1 -1
View File
@@ -5,7 +5,7 @@ import {
MaxLength,
MinLength,
} from 'class-validator';
import {Transform, TransformFnParams} from "class-transformer";
import { Transform, TransformFnParams } from 'class-transformer';
export class CreateSpaceDto {
@MinLength(2)
apps/server/src/core/user/user.service.ts
+3 -1
View File
@@ -70,7 +70,9 @@ export class UserService {
);
if (!isPasswordMatch) {
throw new BadRequestException('You must provide the correct password to change your email');
throw new BadRequestException(
'You must provide the correct password to change your email',
);
}
if (await this.userRepo.findByEmail(updateUserDto.email, workspace.id)) {
apps/server/src/database/database.module.ts
+5 -2
View File
@@ -25,6 +25,7 @@ import { MigrationService } from '@docmost/db/services/migration.service';
import { UserTokenRepo } from './repos/user-token/user-token.repo';
import { BacklinkRepo } from '@docmost/db/repos/backlink/backlink.repo';
import { ShareRepo } from '@docmost/db/repos/share/share.repo';
import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission-repo.service';
// https://github.com/brianc/node-postgres/issues/811
types.setTypeParser(types.builtins.INT8, (val) => Number(val));
@@ -75,7 +76,8 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
AttachmentRepo,
UserTokenRepo,
BacklinkRepo,
ShareRepo
ShareRepo,
PagePermissionRepo,
],
exports: [
WorkspaceRepo,
@@ -90,7 +92,8 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
AttachmentRepo,
UserTokenRepo,
BacklinkRepo,
ShareRepo
ShareRepo,
PagePermissionRepo,
],
})
export class DatabaseModule
apps/server/src/database/migrations/20250327T145832-add-contributorIds-to-pages.ts
+1 -1
View File
@@ -3,7 +3,7 @@ import { type Kysely, sql } from 'kysely';
export async function up(db: Kysely<any>): Promise<void> {
await db.schema
.alterTable('pages')
.addColumn('contributor_ids', sql`uuid[]`, (col) => col.defaultTo("{}"))
.addColumn('contributor_ids', sql`uuid[]`, (col) => col.defaultTo('{}'))
.execute();
}
apps/server/src/database/migrations/20250812T000805-add-page-permissions.ts
+102
View File
@@ -0,0 +1,102 @@
import { Kysely, sql } from 'kysely';
export async function up(db: Kysely<any>): Promise<void> {
await db.schema
.createTable('page_permissions')
.addColumn('id', 'uuid', (col) =>
col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
)
.addColumn('user_id', 'uuid', (col) =>
col.references('users.id').onDelete('cascade'),
)
.addColumn('group_id', 'uuid', (col) =>
col.references('groups.id').onDelete('cascade'),
)
.addColumn('page_id', 'uuid', (col) =>
col.notNull().references('pages.id').onDelete('cascade'),
)
.addColumn('role', 'varchar', (col) => col.notNull())
.addColumn('cascade', 'boolean', (col) => col.defaultTo(true).notNull()) // children can inherit
.addColumn('added_by_id', 'uuid', (col) =>
col.references('users.id').onDelete('set null'),
)
.addColumn('created_at', 'timestamptz', (col) =>
col.notNull().defaultTo(sql`now()`),
)
.addColumn('updated_at', 'timestamptz', (col) =>
col.notNull().defaultTo(sql`now()`),
)
.addColumn('deleted_at', 'timestamptz')
.addUniqueConstraint('unique_page_user', ['page_id', 'user_id'])
.addUniqueConstraint('unique_page_group', ['page_id', 'group_id'])
.addCheckConstraint(
'allow_either_user_id_or_group_id_check',
sql`(user_id IS NOT NULL AND group_id IS NULL) OR (user_id IS NULL AND group_id IS NOT NULL)`,
)
.execute();
await db.schema
.alterTable('pages')
.addColumn('is_restricted', 'boolean', (col) =>
col.defaultTo(false).notNull(),
)
.addColumn('restricted_by_id', 'uuid', (col) =>
col.references('users.id').onDelete('set null'),
)
.execute();
// Add indexes for performance
await db.schema
.createIndex('idx_page_permissions_page_id')
.on('page_permissions')
.column('page_id')
.execute();
await db.schema
.createIndex('idx_page_permissions_user_id')
.on('page_permissions')
.column('user_id')
.execute();
await db.schema
.createIndex('idx_page_permissions_group_id')
.on('page_permissions')
.column('group_id')
.execute();
// Create user_shared_pages table for tracking orphaned page access
await db.schema
.createTable('user_shared_pages')
.addColumn('user_id', 'uuid', (col) =>
col.notNull().references('users.id').onDelete('cascade'),
)
.addColumn('page_id', 'uuid', (col) =>
col.notNull().references('pages.id').onDelete('cascade'),
)
.addColumn('shared_at', 'timestamptz', (col) =>
col.notNull().defaultTo(sql`now()`),
)
.addPrimaryKeyConstraint('user_shared_pages_pkey', ['user_id', 'page_id'])
.execute();
await db.schema
.createIndex('idx_user_shared_pages_user_id')
.on('user_shared_pages')
.column('user_id')
.execute();
await db.schema
.createIndex('idx_user_shared_pages_shared_at')
.on('user_shared_pages')
.column('shared_at')
.execute();
}
export async function down(db: Kysely<any>): Promise<void> {
await db.schema.alterTable('pages').dropColumn('is_restricted').execute();
await db.schema.alterTable('pages').dropColumn('restricted_by_id').execute();
await db.schema.dropTable('user_shared_pages').execute();
await db.schema.dropTable('page_permissions').execute();
}
apps/server/src/database/pagination/pagination-options.ts
+1 -1
View File
@@ -22,5 +22,5 @@ export class PaginationOptions {
@IsOptional()
@IsString()
query: string;
query?: string;
}
apps/server/src/database/repos/comment/comment.repo.ts
+4 -1
View File
@@ -105,7 +105,10 @@ export class CommentRepo {
return Number(result?.count) > 0;
}
async hasChildrenFromOtherUsers(commentId: string, userId: string): Promise<boolean> {
async hasChildrenFromOtherUsers(
commentId: string,
userId: string,
): Promise<boolean> {
const result = await this.db
.selectFrom('comments')
.select((eb) => eb.fn.count('id').as('count'))
apps/server/src/database/repos/group/group-user.repo.ts
+5 -1
View File
@@ -57,7 +57,11 @@ export class GroupUserRepo {
if (pagination.query) {
query = query.where((eb) =>
eb(sql`f_unaccent(users.name)`, 'ilike', sql`f_unaccent(${'%' + pagination.query + '%'})`),
eb(
sql`f_unaccent(users.name)`,
'ilike',
sql`f_unaccent(${'%' + pagination.query + '%'})`,
),
);
}
apps/server/src/database/repos/group/group.repo.ts
+5 -1
View File
@@ -114,7 +114,11 @@ export class GroupRepo {
if (pagination.query) {
query = query.where((eb) =>
eb(sql`f_unaccent(name)`, 'ilike', sql`f_unaccent(${'%' + pagination.query + '%'})`).or(
eb(
sql`f_unaccent(name)`,
'ilike',
sql`f_unaccent(${'%' + pagination.query + '%'})`,
).or(
sql`f_unaccent(description)`,
'ilike',
sql`f_unaccent(${'%' + pagination.query + '%'})`,
apps/server/src/database/repos/page/page-permission-repo.service.ts
+1041
View File
File diff suppressed because it is too large Load Diff
apps/server/src/database/repos/page/page.repo.ts
+60 -18
View File
@@ -22,24 +22,6 @@ export class PageRepo {
private spaceMemberRepo: SpaceMemberRepo,
) {}
withHasChildren(eb: ExpressionBuilder<DB, 'pages'>) {
return eb
.selectFrom('pages as child')
.select((eb) =>
eb
.case()
.when(eb.fn.countAll(), '>', 0)
.then(true)
.else(false)
.end()
.as('count'),
)
.whereRef('child.parentPageId', '=', 'pages.id')
.where('child.deletedAt', 'is', null)
.limit(1)
.as('hasChildren');
}
private baseFields: Array<keyof Page> = [
'id',
'slugId',
@@ -379,6 +361,24 @@ export class PageRepo {
).as('contributors');
}
withHasChildren(eb: ExpressionBuilder<DB, 'pages'>) {
return eb
.selectFrom('pages as child')
.select((eb) =>
eb
.case()
.when(eb.fn.countAll(), '>', 0)
.then(true)
.else(false)
.end()
.as('count'),
)
.whereRef('child.parentPageId', '=', 'pages.id')
.where('child.deletedAt', 'is', null)
.limit(1)
.as('hasChildren');
}
async getPageAndDescendants(
parentPageId: string,
opts: { includeContent: boolean },
@@ -420,4 +420,46 @@ export class PageRepo {
.selectAll()
.execute();
}
async update(
pageId: string,
updatablePage: UpdatablePage,
trx?: KyselyTransaction,
): Promise<void> {
const db = dbOrTx(this.db, trx);
await db
.updateTable('pages')
.set({ ...updatablePage, updatedAt: new Date() })
.where('id', '=', pageId)
.execute();
}
async getAllDescendants(
pageId: string,
trx?: KyselyTransaction,
): Promise<string[]> {
const db = dbOrTx(this.db, trx);
// Recursive CTE to get all descendants
const descendants = await db
.withRecursive('page_tree', (qb) =>
qb
.selectFrom('pages')
.select(['id', 'parentPageId'])
.where('parentPageId', '=', pageId)
.where('deletedAt', 'is', null)
.unionAll((eb) =>
eb
.selectFrom('pages as p')
.innerJoin('page_tree as pt', 'p.parentPageId', 'pt.id')
.select(['p.id', 'p.parentPageId'])
.where('p.deletedAt', 'is', null),
),
)
.selectFrom('page_tree')
.select('id')
.execute();
return descendants.map((d) => d.id);
}
}
apps/server/src/database/repos/page/shared-pages.repo.ts
+58
View File
@@ -0,0 +1,58 @@
import { Injectable } from '@nestjs/common';
import { InjectKysely } from 'nestjs-kysely';
import { KyselyDB } from '../../types/kysely.types';
import { Page } from '../../types/entity.types';
import { PageMemberRole } from './page-permission-repo.service';
@Injectable()
export class SharedPagesRepo {
constructor(@InjectKysely() private readonly db: KyselyDB) {}
async addSharedPage(userId: string, pageId: string): Promise<void> {
await this.db
.insertInto('userSharedPages')
.values({
userId,
pageId,
sharedAt: new Date(),
})
.onConflict((oc) => oc.columns(['userId', 'pageId']).doNothing())
.execute();
}
async removeSharedPage(userId: string, pageId: string): Promise<void> {
await this.db
.deleteFrom('userSharedPages')
.where('userId', '=', userId)
.where('pageId', '=', pageId)
.execute();
}
async getUserSharedPages(userId: string): Promise<Page[]> {
return await this.db
.selectFrom('userSharedPages as usp')
.innerJoin('pages as p', 'p.id', 'usp.pageId')
.innerJoin('pagePermissions as pm', (join) =>
join
.onRef('pm.pageId', '=', 'p.id')
.on('pm.userId', '=', userId)
.on('pm.role', '!=', PageMemberRole.NONE),
)
.selectAll('p')
.where('usp.userId', '=', userId)
.where('p.deletedAt', 'is', null)
.orderBy('usp.sharedAt', 'desc')
.execute();
}
async isPageSharedWithUser(userId: string, pageId: string): Promise<boolean> {
const result = await this.db
.selectFrom('userSharedPages')
.select('userId')
.where('userId', '=', userId)
.where('pageId', '=', pageId)
.executeTakeFirst();
return !!result;
}
}
apps/server/src/database/repos/space/space.repo.ts
+5 -1
View File
@@ -110,7 +110,11 @@ export class SpaceRepo {
if (pagination.query) {
query = query.where((eb) =>
eb(sql`f_unaccent(name)`, 'ilike', sql`f_unaccent(${'%' + pagination.query + '%'})`).or(
eb(
sql`f_unaccent(name)`,
'ilike',
sql`f_unaccent(${'%' + pagination.query + '%'})`,
).or(
sql`f_unaccent(description)`,
'ilike',
sql`f_unaccent(${'%' + pagination.query + '%'})`,
apps/server/src/database/types/db.d.ts
Vendored
+42 -8
View File
@@ -3,15 +3,18 @@
* Please do not edit it manually.
*/
import type { ColumnType } from "kysely";
import type { ColumnType } from 'kysely';
export type AuthProviderType = "google" | "oidc" | "saml";
export type Generated<T> =
T extends ColumnType<infer S, infer I, infer U>
? ColumnType<S, I | undefined, U>
: ColumnType<T, T | undefined, T>;
export type Generated<T> = T extends ColumnType<infer S, infer I, infer U>
? ColumnType<S, I | undefined, U>
: ColumnType<T, T | undefined, T>;
export type Int8 = ColumnType<string, bigint | number | string, bigint | number | string>;
export type Int8 = ColumnType<
string,
bigint | number | string,
bigint | number | string
>;
export type Json = JsonValue;
@@ -62,13 +65,21 @@ export interface AuthProviders {
deletedAt: Timestamp | null;
id: Generated<string>;
isEnabled: Generated<boolean>;
ldapBaseDn: string | null;
ldapBindDn: string | null;
ldapBindPassword: string | null;
ldapTlsCaCert: string | null;
ldapTlsEnabled: Generated<boolean | null>;
ldapUrl: string | null;
ldapUserAttributes: Json | null;
ldapUserSearchFilter: string | null;
name: string;
oidcClientId: string | null;
oidcClientSecret: string | null;
oidcIssuer: string | null;
samlCertificate: string | null;
samlUrl: string | null;
type: AuthProviderType;
type: string;
updatedAt: Generated<Timestamp>;
workspaceId: string;
}
@@ -186,6 +197,19 @@ export interface PageHistory {
workspaceId: string;
}
export interface PagePermissions {
addedById: string | null;
cascade: Generated<boolean>;
createdAt: Generated<Timestamp>;
deletedAt: Timestamp | null;
groupId: string | null;
id: Generated<string>;
pageId: string;
role: string;
updatedAt: Generated<Timestamp>;
userId: string | null;
}
export interface Pages {
content: Json | null;
contributorIds: Generated<string[] | null>;
@@ -197,9 +221,11 @@ export interface Pages {
icon: string | null;
id: Generated<string>;
isLocked: Generated<boolean>;
isRestricted: Generated<boolean>;
lastUpdatedById: string | null;
parentPageId: string | null;
position: string | null;
restrictedById: string | null;
slugId: string;
spaceId: string;
textContent: string | null;
@@ -284,6 +310,12 @@ export interface Users {
workspaceId: string | null;
}
export interface UserSharedPages {
pageId: string;
sharedAt: Generated<Timestamp>;
userId: string;
}
export interface UserTokens {
createdAt: Generated<Timestamp>;
expiresAt: Timestamp | null;
@@ -342,12 +374,14 @@ export interface DB {
groups: Groups;
groupUsers: GroupUsers;
pageHistory: PageHistory;
pagePermissions: PagePermissions;
pages: Pages;
shares: Shares;
spaceMembers: SpaceMembers;
spaces: Spaces;
userMfa: UserMfa;
users: Users;
userSharedPages: UserSharedPages;
userTokens: UserTokens;
workspaceInvitations: WorkspaceInvitations;
workspaces: Workspaces;
apps/server/src/database/types/entity.types.ts
+11
View File
@@ -4,8 +4,10 @@ import {
Comments,
Groups,
Pages,
PagePermissions,
Spaces,
Users,
UserSharedPages,
Workspaces,
PageHistory as History,
GroupUsers,
@@ -48,6 +50,15 @@ export type SpaceMember = Selectable<SpaceMembers>;
export type InsertableSpaceMember = Insertable<SpaceMembers>;
export type UpdatableSpaceMember = Updateable<Omit<SpaceMembers, 'id'>>;
// PageMember
export type PagePermission = Selectable<PagePermissions>;
export type InsertablePagePermission = Insertable<PagePermissions>;
export type UpdatablePagePermission = Updateable<Omit<PagePermissions, 'id'>>;
// UserSharedPage
export type UserSharedPage = Selectable<UserSharedPages>;
export type InsertableUserSharedPage = Insertable<UserSharedPages>;
// Group
export type ExtendedGroup = Groups & { memberCount: number };
apps/server/src/ee
+1 -1
Submodule apps/server/src/ee updated: 72bdb639cf...fbc01d808f
apps/server/src/integrations/export/dto/export-dto.ts
+1 -1
View File
@@ -41,4 +41,4 @@ export class ExportSpaceDto {
@IsOptional()
@IsBoolean()
includeAttachments?: boolean;
}
}
apps/server/src/integrations/export/export.service.ts
+1 -1
View File
@@ -107,7 +107,7 @@ export class ExportService {
const page = await this.pageRepo.findById(pageId, {
includeContent: true,
});
if (page){
if (page) {
pages = [page];
}
}
apps/server/src/integrations/export/turndown-utils.ts
+8 -4
View File
@@ -69,17 +69,21 @@ function taskList(turndownService: TurndownService) {
'input[type="checkbox"]',
) as HTMLInputElement;
const isChecked = checkbox.checked;
// Process content like regular list items
content = content
.replace(/^\n+/, '') // remove leading newlines
.replace(/\n+$/, '\n') // replace trailing newlines with just a single one
.replace(/\n/gm, '\n '); // indent nested content with 2 spaces
// Create the checkbox prefix
const prefix = `- ${isChecked ? '[x]' : '[ ]'} `;
return prefix + content + (node.nextSibling && !/\n$/.test(content) ? '\n' : '');
return (
prefix +
content +
(node.nextSibling && !/\n$/.test(content) ? '\n' : '')
);
},
});
}
apps/server/src/integrations/import/dto/file-task-dto.ts
+1 -1
View File
@@ -15,4 +15,4 @@ export type ImportPageNode = {
parentPageId: string | null;
fileExtension: string;
filePath: string;
};
};
apps/server/src/integrations/import/services/import-attachment.service.ts
+33 -31
View File
@@ -85,16 +85,18 @@ export class ImportAttachmentService {
const apiFilePath = `/api/files/${attachmentId}/${fileNameWithExt}`;
attachmentTasks.push(() => this.uploadWithRetry({
abs,
storageFilePath,
attachmentId,
fileNameWithExt,
ext,
pageId,
fileTask,
uploadStats,
}));
attachmentTasks.push(() =>
this.uploadWithRetry({
abs,
storageFilePath,
attachmentId,
fileNameWithExt,
ext,
pageId,
fileTask,
uploadStats,
}),
);
return {
attachmentId,
@@ -290,26 +292,26 @@ export class ImportAttachmentService {
// wait for all uploads & DB inserts
uploadStats.total = attachmentTasks.length;
if (uploadStats.total > 0) {
this.logger.debug(`Starting upload of ${uploadStats.total} attachments...`);
this.logger.debug(
`Starting upload of ${uploadStats.total} attachments...`,
);
try {
await Promise.all(
attachmentTasks.map(task => limit(task))
);
await Promise.all(attachmentTasks.map((task) => limit(task)));
} catch (err) {
this.logger.error('Import attachment upload error', err);
}
this.logger.debug(
`Upload completed: ${uploadStats.completed}/${uploadStats.total} successful, ${uploadStats.failed} failed`
`Upload completed: ${uploadStats.completed}/${uploadStats.total} successful, ${uploadStats.failed} failed`,
);
if (uploadStats.failed > 0) {
this.logger.warn(
`Failed to upload ${uploadStats.failed} files:`,
uploadStats.failedFiles
uploadStats.failedFiles,
);
}
}
@@ -344,7 +346,7 @@ export class ImportAttachmentService {
} = opts;
let lastError: Error;
for (let attempt = 1; attempt <= this.MAX_RETRIES; attempt++) {
try {
const fileStream = createReadStream(abs);
@@ -367,35 +369,35 @@ export class ImportAttachmentService {
spaceId: fileTask.spaceId,
})
.execute();
uploadStats.completed++;
if (uploadStats.completed % 10 === 0) {
this.logger.debug(
`Upload progress: ${uploadStats.completed}/${uploadStats.total}`
`Upload progress: ${uploadStats.completed}/${uploadStats.total}`,
);
}
return;
} catch (error) {
lastError = error as Error;
this.logger.warn(
`Upload attempt ${attempt}/${this.MAX_RETRIES} failed for ${fileNameWithExt}: ${error instanceof Error ? error.message : String(error)}`
`Upload attempt ${attempt}/${this.MAX_RETRIES} failed for ${fileNameWithExt}: ${error instanceof Error ? error.message : String(error)}`,
);
if (attempt < this.MAX_RETRIES) {
await new Promise(resolve =>
setTimeout(resolve, this.RETRY_DELAY * attempt)
await new Promise((resolve) =>
setTimeout(resolve, this.RETRY_DELAY * attempt),
);
}
}
}
uploadStats.failed++;
uploadStats.failedFiles.push(fileNameWithExt);
this.logger.error(
`Failed to upload ${fileNameWithExt} after ${this.MAX_RETRIES} attempts:`,
lastError
lastError,
);
}
}
apps/server/src/integrations/queue/constants/queue.interface.ts
+2 -3
View File
@@ -1,5 +1,4 @@
import { MentionNode } from "../../../common/helpers/prosemirror/utils";
import { MentionNode } from '../../../common/helpers/prosemirror/utils';
export interface IPageBacklinkJob {
pageId: string;
@@ -9,4 +8,4 @@ export interface IPageBacklinkJob {
export interface IStripeSeatsSyncJob {
workspaceId: string;
}
}
apps/server/src/integrations/storage/drivers/local.driver.ts
+1 -1
View File
@@ -42,7 +42,7 @@ export class LocalDriver implements StorageDriver {
try {
const fromFullPath = this._fullPath(fromFilePath);
const toFullPath = this._fullPath(toFilePath);
if (await this.exists(fromFilePath)) {
await fs.copy(fromFullPath, toFullPath);
}
apps/server/src/integrations/storage/providers/storage.provider.ts
+4 -3
View File
@@ -40,8 +40,8 @@ export const storageDriverConfigProvider = {
},
};
case StorageOption.S3:
{ const s3Config = {
case StorageOption.S3: {
const s3Config = {
driver,
config: {
region: environmentService.getAwsS3Region(),
@@ -68,7 +68,8 @@ export const storageDriverConfigProvider = {
};
}
return s3Config; }
return s3Config;
}
default:
throw new Error(`Unknown storage driver: ${driver}`);