Merge branch 'master' into feat/page-bulk-export

.devcontainer/postCreateCommand.sh

@@ -3,7 +3,6 @@ sudo chown -R vscode:vscode /workspace;
 # Instal additional packages
 sudo apt update
 sudo apt-get install -y --no-install-recommends \
-  git-lfs \
   iputils-ping net-tools dnsutils
 sudo apt-get clean -y
 

.gitattributes

@@ -1,2 +0,0 @@
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.woff2 filter=lfs diff=lfs merge=lfs -text

.github/workflows/reusable-app-prod.yml

@@ -23,10 +23,6 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - name: Install Git LFS
-      run: |
-        git lfs install
-
     - uses: pnpm/action-setup@v4
 
     - uses: actions/setup-node@v4
@@ -165,6 +161,8 @@ jobs:
   run-playwright:
     needs: [build-prod]
 
+    if: ${{ !inputs.skip-e2e-test && startsWith(github.head_ref, 'mergify/merge-queue/') }}
+
     runs-on: ubuntu-latest
     container:
       # Match the Playwright version

apps/app/docker/Dockerfile

@@ -13,11 +13,6 @@ WORKDIR ${optDir}
 # install tools
 RUN apt-get update && apt-get install -y ca-certificates wget curl --no-install-recommends
 
-# install git and git-lfs
-RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \
-  && apt-get update && apt-get install -y git git-lfs --no-install-recommends \
-  && git lfs install
-
 # install pnpm
 RUN wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.shrc" SHELL="$(which sh)" sh -
 ENV PNPM_HOME="/root/.local/share/pnpm"
@@ -85,13 +80,6 @@ RUN set -eux; \
 # verify that the binary works
 	gosu nobody true
 
-# Add pnpm for 'node' user
-RUN apt-get update && apt-get install -y sudo ca-certificates wget --no-install-recommends \
-  && wget -qO- https://get.pnpm.io/install.sh | ENV="$HOME/.shrc" SHELL="$(which sh)" sudo -u node sh - \
-  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false
-ENV PNPM_HOME="/home/node/.local/share/pnpm"
-ENV PATH="$PNPM_HOME:$PATH"
-
 COPY --from=builder --chown=node:node \
   ${optDir}/packages.tar.gz ${appDir}/
 
@@ -109,4 +97,4 @@ VOLUME /data
 EXPOSE 3000
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD ["pnpm run migrate && node -r dotenv-flow/config --expose_gc dist/server/app.js"]
+CMD ["npm run migrate && node -r dotenv-flow/config --expose_gc dist/server/app.js"]

apps/app/docker/codebuild/buildspec.yml

@@ -10,11 +10,6 @@ env:
 phases:
   pre_build:
     commands:
-      # install Git LFS
-      - curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.rpm.sh | bash
-      - yum install -y git-lfs
-      # fetch LFS files
-      - git-lfs pull
       # login to docker.io
       - echo ${DOCKER_REGISTRY_PASSWORD} | docker login --username wsmoogle --password-stdin
   build:

apps/app/package.json

@@ -15,7 +15,6 @@
     "server:ci": "pnpm run server --ci",
     "preserver": "cross-env NODE_ENV=production pnpm run migrate",
     "pre:styles": "vite build -c vite.styles-prebuilt.config.ts",
-    "pre:lfs": "git lfs pull",
     "migrate": "node -r dotenv-flow/config node_modules/migrate-mongo/bin/migrate-mongo up -f config/migrate-mongo-config.js",
     "//// for development": "",
     "dev": "cross-env NODE_ENV=development nodemon --exec pnpm run ts-node --inspect src/server/app.ts",
@@ -43,7 +42,8 @@
     "reg:run": "reg-suit run",
     "previtest:run:integ": "vitest run -c test-with-vite/download-mongo-binary/vitest.config.ts test-with-vite/download-mongo-binary",
     "//// misc": "",
-    "console": "cross-env NODE_ENV=development pnpm run ts-node --experimental-repl-await src/server/console.js",
+    "console": "npm run repl",
+    "repl": "cross-env NODE_ENV=development npm run ts-node src/server/repl.ts",
     "swagger2openapi:apiv3": "sh bin/swagger-jsdoc/generate-spec-apiv3.sh",
     "swagger2openapi:apiv1": "sh bin/swagger-jsdoc/generate-spec-apiv1.sh",
     "ts-node": "node -r ts-node/register/transpile-only -r tsconfig-paths/register -r dotenv-flow/config",

apps/app/src/services/renderer/recommended-whitelist.spec.ts

@@ -1,3 +1,5 @@
+import { notDeepEqual } from 'assert';
+
 import { tagNames, attributes } from './recommended-whitelist';
 
 describe('recommended-whitelist', () => {
@@ -44,4 +46,31 @@ describe('recommended-whitelist', () => {
     expect(attributes.iframe).includes('src');
   });
 
+  test('.attributes.a should allow class and className by excluding partial className specification', () => {
+    expect(attributes).not.toBeNull();
+
+    assert(attributes != null);
+
+    expect(Object.keys(attributes)).includes('a');
+    expect(attributes.a).not.toContainEqual(['className', 'data-footnote-backref']);
+  });
+
+  test('.attributes.ul should allow class and className by excluding partial className specification', () => {
+    expect(attributes).not.toBeNull();
+
+    assert(attributes != null);
+
+    expect(Object.keys(attributes)).includes('a');
+    expect(attributes.a).not.toContainEqual(['className', 'data-footnote-backref']);
+  });
+
+  test('.attributes.li should allow class and className by excluding partial className specification', () => {
+    expect(attributes).not.toBeNull();
+
+    assert(attributes != null);
+
+    expect(Object.keys(attributes)).includes('a');
+    expect(attributes.a).not.toContainEqual(['className', 'data-footnote-backref']);
+  });
+
 });

apps/app/src/services/renderer/recommended-whitelist.ts

@@ -3,6 +3,31 @@ import deepmerge from 'ts-deepmerge';
 
 type Attributes = typeof defaultSchema.attributes;
 
+type ExtractPropertyDefinition<T> = T extends Record<string, (infer U)[]>
+  ? U
+  : never;
+
+type PropertyDefinition = ExtractPropertyDefinition<NonNullable<Attributes>>;
+
+const excludeRestrictedClassAttributes = (propertyDefinitions: PropertyDefinition[]): PropertyDefinition[] => {
+  if (propertyDefinitions == null) {
+    return propertyDefinitions;
+  }
+
+  return propertyDefinitions.filter((propertyDefinition) => {
+    if (!Array.isArray(propertyDefinition)) {
+      return true;
+    }
+    return propertyDefinition[0] !== 'class' && propertyDefinition[0] !== 'className';
+  });
+};
+
+// generate relaxed schema
+const relaxedSchemaAttributes = structuredClone(defaultSchema.attributes) ?? {};
+relaxedSchemaAttributes.a = excludeRestrictedClassAttributes(relaxedSchemaAttributes.a);
+relaxedSchemaAttributes.ul = excludeRestrictedClassAttributes(relaxedSchemaAttributes.ul);
+relaxedSchemaAttributes.li = excludeRestrictedClassAttributes(relaxedSchemaAttributes.li);
+
 /**
  * reference: https://meta.stackexchange.com/questions/1777/what-html-tags-are-allowed-on-stack-exchange-sites,
  *            https://github.com/jch/html-pipeline/blob/70b6903b025c668ff3c02a6fa382031661182147/lib/html/pipeline/sanitization_filter.rb#L41
@@ -11,6 +36,7 @@ type Attributes = typeof defaultSchema.attributes;
 export const tagNames: Array<string> = [
   ...defaultSchema.tagNames ?? [],
   '-', 'bdi',
+  'button',
   'col', 'colgroup',
   'data',
   'iframe',
@@ -19,12 +45,12 @@ export const tagNames: Array<string> = [
 ];
 
 export const attributes: Attributes = deepmerge(
-  defaultSchema.attributes ?? {},
+  relaxedSchemaAttributes,
   {
     iframe: ['allow', 'referrerpolicy', 'sandbox', 'src', 'srcdoc'],
     video: ['controls', 'src', 'muted', 'preload', 'width', 'height', 'autoplay'],
     // The special value 'data*' as a property name can be used to allow all data properties.
     // see: https://github.com/syntax-tree/hast-util-sanitize/
-    '*': ['key', 'class', 'className', 'style', 'data*'],
+    '*': ['key', 'class', 'className', 'style', 'role', 'data*'],
   },
 );

apps/app/src/styles/organisms/_wiki.scss

@@ -139,8 +139,8 @@
     position: relative; // for absolute positioned .code-highlighted-title
   }
 
-  ul,
-  ol {
+  ul:not(.nav),
+  ol:not(.nav) {
     padding-left: 30px;
     margin: 20px 0;
 
@@ -268,8 +268,8 @@
       font-size: 0.9em * $ratio;
     }
 
-    ul,
-    ol {
+    ul:not(.nav),
+    ol:not(.nav) {
       padding-left: 15px;
       margin: 10px 0;
 

apps/app/turbo.json

@@ -13,12 +13,8 @@
       ],
       "outputLogs": "new-only"
     },
-    "pre:lfs": {
-      "outputs": ["resource/fonts/**"],
-      "outputLogs": "new-only"
-    },
     "build": {
-      "dependsOn": ["^build", "pre:styles", "pre:lfs"],
+      "dependsOn": ["^build", "pre:styles"],
       "outputs": [".next/**", "!.next/cache/**", "dist/**"],
       "inputs": [
         "next.config.js",
@@ -49,13 +45,13 @@
       "outputLogs": "new-only"
     },
     "dev": {
-      "dependsOn": ["^dev", "dev:migrate", "dev:pre:styles", "pre:lfs"],
+      "dependsOn": ["^dev", "dev:migrate", "dev:pre:styles"],
       "cache": false,
       "persistent": true
     },
 
     "launch-dev:ci": {
-      "dependsOn": ["^dev", "dev:migrate", "dev:pre:styles", "pre:lfs"],
+      "dependsOn": ["^dev", "dev:migrate", "dev:pre:styles"],
       "cache": false
     },