Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-10-18 12:41:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
10,924 Commits 21 Branches 339 Tags
Commit Graph

1393 Commits

Author SHA1 Message Date
Elian Doran
a1c97142a8
feat(build): set up faster electron build by skipping dist 2025-02-08 00:41:39 +02:00
Elian Doran
7f314d2d75
feat(build): set up webpack cache 2025-02-08 00:41:39 +02:00
Elian Doran
892734bce3
Merge develop into test_server-utils 2025-02-04 21:28:44 +02:00
Elian Doran
ec95f62cd2
fix(server): doc notes not being served in dev mode 2025-02-02 12:47:41 +02:00
Panagiotis Papadopoulos
03c1128a72 fix(isEmptyOrWhitespace): avoid exception throwing when passed value is undefined 
the req.body value from "routes/api/branches" actually seems to never get parsed into a JS object, but arrives as text string, so req.body.prefix could be undefined, which of course would cause an error to be thrown, when trying to call "match" on undefined.
 2025-02-01 14:37:12 +01:00
Elian Doran
2cc7113c2c
refactor(deps): get rid of print-this 2025-02-01 00:52:46 +02:00
Elian Doran
6fab899898
Merge pull request #1073 from TriliumNext/refactor_utils-isPlatform 
refactor(server/utils): turn isMac/isWin/isElectron/isDev into boolean
 2025-01-29 22:16:20 +02:00
Panagiotis Papadopoulos
31c46753de refactor(server/utils): isDev move to utils and replace fn with boolean 
this value cannot change during runtime,
=> there is no need to have these checks
as dynamic function, instead just
export the boolean value directly
 2025-01-29 10:58:00 +01:00
Panagiotis Papadopoulos
ca2bb94200 refactor(server/utils): isElectron - replace fn with boolean 
this values cannot change during runtime,
=> there is no need to have these checks
as dynamic function, instead just
export the boolean value directly
 2025-01-29 10:55:53 +01:00
Panagiotis Papadopoulos
ed33b72f57 chore(assets): remove manual provision of knockout 
this is only used in setup.ts and there it is already packed by webpack – so no need to manually provide it as static asset anymore
 2025-01-29 08:48:03 +01:00
Elian Doran
20584f622d
chore(client/ts): port zpetne_odkazy 2025-01-26 21:23:08 +02:00
Elian Doran
94a0403981
feat(geomap): load leaflet 2025-01-20 19:18:29 +02:00
Elian Doran
7d3f506efb
refactor(deps): use webpack import for canvas 2025-01-18 11:09:57 +02:00
Elian Doran
e7eb385b8f
refactor(deps): integrate force-graph into webpack 2025-01-17 20:21:52 +02:00
Panagiotis Papadopoulos
9382c278b3 fix(csrf): add exception for electron for httpOnly cookie 
it does not seem to like having httpOnly set in electron
 2025-01-17 17:26:52 +01:00
Panagiotis Papadopoulos
5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos
ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Panagiotis Papadopoulos
139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Elian Doran
8a7a607fcb
Merge pull request #926 from pano9000:refactor_backend_log 
refactor(backend_log): improve `getBackendLog`
 2025-01-14 20:41:29 +02:00
Elian Doran
c8c501d717
Merge branch 'develop' into refactor_replace-csurf 2025-01-14 20:32:52 +02:00
Elian Doran
1807b2b031
chore(types): missing import type for JS imports 2025-01-13 23:18:10 +02:00
Panagiotis Papadopoulos
bcbf4f4090 chore: fix formatting 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
903988fec5 i18n(backend_log): translate messages 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
dcfdb67539 refactor(backend_log): improve handle 'file not found' 
handle errors more "user friendly" and actually
let the user know, that either the file is not
existing (yet), or that reading the log failed.
 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
67d858441a refactor(backend_log): include filename in log 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
c4ad84ab06 refactor(backend_log): print error to the log 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
eb4b5a44df refactor(backend_log): use path.join for log file path 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
06ebcc210e refactor(backend_log): use async readFile 
using synchronous functions on the backend
is not recommended, as it is "blocking the event loop", i.e. no other tasks get executed/processed,
while the file is being read
 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
ea621ef8e1 chore(prettier): fix code style 2025-01-12 13:30:02 +01:00
Panagiotis Papadopoulos
d1bd2d2812 refactor(routes/login): remove unused rendering of HTML 2025-01-12 13:13:59 +01:00
Panagiotis Papadopoulos
c36085e580 chore: fix TS warning by type narrowing 
`req.csrfToken` might be undefined according to `csrf-csrf`
provided types, so use type narrowing to make sure it exists,
before calling it
 2025-01-12 10:22:05 +01:00
Panagiotis Papadopoulos
d20a3bab2a fix(csrfMiddleware): use sessionSecret instead 
since `cookie-parser` is not configured with a secret,
req.secret is not set and hence is `undefined`,
which then is used as literal 'undefined' in the hashing function – making it less secure.

Instead we can use the existing sessionSecret:
the `csrf-csrf` developer confirmed in their Discord chat,
that it would be ok to use the same secret here.
 2025-01-12 10:22:05 +01:00
Panagiotis Papadopoulos
b787610717 refactor: replace csurf with csrf-csrf 
I've kept the identical same settings as before –
however they are not *ideal* from what I read.
More secure settings will need to be tested a bit more thoroughly first and will be a separate PR.
 2025-01-12 10:22:05 +01:00
Elian Doran
324696bc54
refactor(ts): enable verbatim module syntax 2025-01-09 18:36:24 +02:00
Elian Doran
4cbb529fd4
chore(prettier): fix all files 2025-01-09 18:07:02 +02:00
Panagiotis Papadopoulos
14358d1ec0 refactor(views): use ejs partial for injecting window.glob 2025-01-08 09:15:16 +01:00
Elian Doran
bf4decb4fb
fix(server): compile errors after refactoring 2025-01-04 11:52:40 +02:00
Elian Doran
33067e61e3
feat(client): add more monospace system fonts 2025-01-03 21:08:30 +02:00
Elian Doran
84a0e789f1
feat(client): add more system fonts 2025-01-03 20:59:13 +02:00
Elian Doran
d34e575488
feat(client): add support for system font 2025-01-03 20:54:14 +02:00
Elian Doran
8667c0a686
refactor(server): split font route in two functions 2025-01-03 20:31:13 +02:00
Elian Doran
b6e97c1ae9
refactor(server): typed options 2025-01-03 18:32:09 +02:00
Panagiotis Papadopoulos
afb91f82e1 refactor(sanitizeAttributeNames): directly export function 
no need to wrap the exported function in an object first
 2025-01-02 18:25:09 +01:00
Elian Doran
b321d99076
chore(code): fix editorconfig for src/public 2024-12-22 15:42:15 +02:00
Elian Doran
e7e763435e
feat(client): use shared config which also fixes production builds 2024-12-21 21:22:27 +02:00
Elian Doran
ba6c6cb77f
Merge remote-tracking branch 'origin/develop' into feature/client_typescript_port1 
; Conflicts:
;	package-lock.json
 2024-12-19 19:05:51 +02:00
Elian Doran
42a7556c55
fix(server): not running in prod due to webpack change 2024-12-19 18:16:46 +02:00
Adorian Doran
8c17be8953 client: rename the "System" theme to "Auto" 2024-12-16 22:16:26 +02:00