* change the api of domain parsing to just parseDomain and getCookieDomain
* adds getBaseDomain as the method to get the domain after any official subdomains
Fixes#3412
Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances.
This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name
This settings is updated on the Security Tab. Here domains can be added or removed from the Team.
On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
* Allow Document to be fetched without Slug
Fixes#3423
This PR refactors the `Document.findByPk` method to not require the
`slug` portion of the urlID.
Before this function accepted two different 'formats' for the ID.
- The `uuid` ID of the Document
- The full `urlID` which looked something like
`some-document-1234567890`
However the `some-document` slug portion of this identifier wasn't
actually used when looking for a document.
We now allow searching by JUST the postfix of the `urlID`, in the above
example that is `1234567890`.
We do this via a new Regex pattern to match on that just looks for the
right looking id alone, without the prefix.
This codepath looks the same as when we find it by the full `urlID`
besides the different regex that we match on.
The issue #3423 mentions that this should apply to all the API
endpoints. I believe that this `findByPk` method is all that should be
needed for that change. But if this is incorrect, OR you would like more
test coverage on the API endpoints as a more 'end to end test' please
let me know!
* Change original regex to make the slug optional
This has the, I believe to be good, side-effect of making the same logic
apply to `Collection` as well. Since `Collection` was always doing the
same stripping of the slug before the lookup I believe it should be just
as safe to do there.
We don't have to touch the code in Collections but we add a test of this
behavior there as well.
* No reason to rename this now that we aren't doing two matches
