* change the api of domain parsing to just parseDomain and getCookieDomain
* adds getBaseDomain as the method to get the domain after any official subdomains
Fixes#3412
Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances.
This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name
This settings is updated on the Security Tab. Here domains can be added or removed from the Team.
On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
* Allow Document to be fetched without Slug
Fixes#3423
This PR refactors the `Document.findByPk` method to not require the
`slug` portion of the urlID.
Before this function accepted two different 'formats' for the ID.
- The `uuid` ID of the Document
- The full `urlID` which looked something like
`some-document-1234567890`
However the `some-document` slug portion of this identifier wasn't
actually used when looking for a document.
We now allow searching by JUST the postfix of the `urlID`, in the above
example that is `1234567890`.
We do this via a new Regex pattern to match on that just looks for the
right looking id alone, without the prefix.
This codepath looks the same as when we find it by the full `urlID`
besides the different regex that we match on.
The issue #3423 mentions that this should apply to all the API
endpoints. I believe that this `findByPk` method is all that should be
needed for that change. But if this is incorrect, OR you would like more
test coverage on the API endpoints as a more 'end to end test' please
let me know!
* Change original regex to make the slug optional
This has the, I believe to be good, side-effect of making the same logic
apply to `Collection` as well. Since `Collection` was always doing the
same stripping of the slug before the lookup I believe it should be just
as safe to do there.
We don't have to touch the code in Collections but we add a test of this
behavior there as well.
* No reason to rename this now that we aren't doing two matches
* feat: Add user flags concept, for tracking bits on a user
* feat: Example flag usage for user invite resend abuse
* wip
* test
* fix: Set correct flag
* provide a type-ahead search input on shared document pages that allow search of child document tree
* improve keyboard navigation handling of all search views
* improve coloring on dark mode list selection states
* refactor PaginatedList component to eliminate edge cases
* Refactor worker, all emails on task system
* fix
* lint
* fix: Remove a bunch of expect-error comments in related tests
* refactor: Move work from utils.gc into tasks
* test
* Add tracing to tasks and processors
fix: DebounceProcessor triggering on all events
Event.add -> Event.schedule
* Migrations, models, commands
* ui
* Move starred hint to location state
* lint
* tsc
* refactor
* Add collection empty state in expanded sidebar
* Add empty placeholder within starred collections
* Drag and drop improves, Relative refactor
* fix: Starring untitled draft leaves empty space
* fix: Creating draft in starred collection shouldnt open main
* fix: Dupe drop cursor
* Final fixes
* fix: Canonical redirect replaces starred location state
* fix: Don't show reorder cursor at the top of collection with no permission to edit when dragging
Remove menu hover styles on mobile
Fixed duplicate hover+active behavior on editor menus
Fixed editor menus visibly scroll to the top when reopened
Fixed some minor editor spacing issues
Renamed shred routeHelpers -> urlHelpers
* feat: Added ability to click another user to observe them, mainly for fun
* language, lower debounce, prevent tooltip from hiding when toggling observation
* fix: Don't allow observing self, added banner at top of screen
* Dont edit tooltip as it's confusing between our actions and theirs
* snapshots
