Merge pull request #2222 from opengovsg/release-1.76.0

* fix: package.json & package-lock.json to reduce vulnerabilities (#2207) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 * feat: allow zip files and block password-protected files (#2203) * feat: admin api v1 - create url (#2213) * feat: api v2 endpoint and update admin auth middleware * chore: add and handle external user creation * chore: rename admin api env variable * chore: api v2 unit testing * chore: add integration tests * chore: update test api key string * chore: update unauthorized user error * chore: undo conditional user creation * chore: update admin email env var parsing * chore: port to admin api v1 and update unit and integration tests * chore: remove external user type and add domain validation error msg * chore: remainder port from v2 to admin v1 * chore: add missing return in external v1 * fix: ownership transfer condition and tests * chore: move api structure and update tests * chore: update readme * chore: add email domain validation to schema * chore: fix error type for generic errors * chore: undo types from external v1 * 1.76.0 --------- Co-authored-by: halfwhole <41856541+halfwhole@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io>
opengovsg · May 30, 2023 · ef1df0e · ef1df0e
2 parents 119ccd6 + 489dc64
commit ef1df0e
Show file tree

Hide file tree

Showing 28 changed files with 1,097 additions and 136 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,8 +4,17 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+#### [v1.76.0](https://github.com/opengovsg/GoGovSG/compare/v1.75.0...v1.76.0)
+
+- feat: admin api v1 - create url [`#2213`](https://github.com/opengovsg/GoGovSG/pull/2213)
+- feat: allow zip files and block password-protected files [`#2203`](https://github.com/opengovsg/GoGovSG/pull/2203)
+- fix: package.json & package-lock.json to reduce vulnerabilities [`#2207`](https://github.com/opengovsg/GoGovSG/pull/2207)
+- [develop] 1.75.0 [`#2201`](https://github.com/opengovsg/GoGovSG/pull/2201)
+
 #### [v1.75.0](https://github.com/opengovsg/GoGovSG/compare/v1.74.0...v1.75.0)
 
+> 13 April 2023
+
 - chore: redirect user to existing link in directory [`#2181`](https://github.com/opengovsg/GoGovSG/pull/2181)
 - feat: add verify Message button to headers [`#2199`](https://github.com/opengovsg/GoGovSG/pull/2199)
 - feat: announcement modal image for memos [`#2198`](https://github.com/opengovsg/GoGovSG/pull/2198)

diff --git a/README.md b/README.md
@@ -144,8 +144,8 @@ After these have been set up, set the environment variables according to the tab
 |JOB_POLL_ATTEMPTS|No|Number of attempts for long polling of job status before timeout of 408 is returned. Defaults to 12|
 |JOB_POLL_INTERVAL|No|Interval of time between attempts for long polling of job status in ms. Defaults to 5000ms (5s)|
 |API_LINK_RANDOM_STR_LENGTH|No|String length of randomly generated shortUrl in API created links. Defaults to 8|
-|FF_EXTERNAL_API|No|Boolean, feature flag for enabling the external API. Defaults to false|
-|ADMIN_API_EMAIL|No|Email with admin API access. Defaults to none.|
+|FF_EXTERNAL_API|No|Boolean, feature flag for enabling the external and admin API. Defaults to false|
+|ADMIN_API_EMAILS|No|Emails with admin API access, separated by commas without spaces. Defaults to none.|
 
 #### Serverless functions for link migration
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -65,7 +65,7 @@ services:
       - API_LINK_RANDOM_STR_LENGTH=8
       - API_KEY_SALT=$$2b$$10$$9rBKuE4Gb5ravnvP4xjoPu
       - FF_EXTERNAL_API=true
-      - ADMIN_API_EMAIL
+      - ADMIN_API_EMAILS=integration-test-admin@open.gov.sg
     volumes:
       - ./public:/usr/src/gogovsg/public
       - ./src:/usr/src/gogovsg/src