Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-10-01 02:01:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,132 Commits 21 Branches 339 Tags
Commit Graph

1417 Commits

Author SHA1 Message Date
Panagiotis Papadopoulos
f672054441 feat(time_selector): use time_selector in attachment_erasure_timeout 2025-02-16 18:30:56 +01:00
Elian Doran
9299f90b85
feat(docs): internal API docs 2025-02-15 00:33:12 +02:00
Elian Doran
2fe6881d73
Merge pull request #1192 from FliegendeWurst/openapi-docs-2 
More OpenAPI docs
 2025-02-14 23:57:39 +02:00
FliegendeWurst
a115214070 Document some note, branch, tree routes 2025-02-14 09:40:38 +01:00
FliegendeWurst
0f0ebed78a Document sync push/pull 2025-02-13 23:51:42 +01:00
Elian Doran
27b825e511
Merge remote-tracking branch 'origin/develop' into feat_erasure-timeout-ui 
; Conflicts:
;	src/public/translations/ro/translation.json
 2025-02-13 22:21:38 +02:00
Elian Doran
bfd894b5eb
Merge pull request #1156 from TriliumNext/feat_custom_cookie-session-expiration 
feat: allow setting custom session cookie expiration
 2025-02-13 21:50:09 +02:00
FliegendeWurst
be4b74e791 Automated OpenAPI spec generation 2025-02-13 17:02:03 +01:00
Panagiotis Papadopoulos
201663d9ec chore(prettier): fix prettier issues 2025-02-13 09:07:25 +01:00
Panagiotis Papadopoulos
38215c46ae feat(login): make use of default maxAge by sessionParser 
cookie will use the default value set in sessionParser middleware, which is controlled by
config.Session.cookieMaxAge

if rememberMe is not set -> the value is unset and the cookie becomes a non-persistent cookie,
which the browser delete after the current session (e.g. when you close the browser)
 2025-02-13 09:04:34 +01:00
Panagiotis Papadopoulos
2a740781cb feat(session_parser): use seconds for setting maxAge and update default value to 21 days 
21 days was used in the login route previously, when "remember me" was set
 2025-02-13 08:52:05 +01:00
Panagiotis Papadopoulos
04827c0ce1 fix(session_parser): FileStore ttl should be ideally the same as session cookies maxAge 
this avoids having "unused" dead session on the filesystem
 2025-02-13 08:21:29 +01:00
Panagiotis Papadopoulos
4e23b5193d feat(session_parser): use Session.cookieMaxAge from config 2025-02-13 08:21:29 +01:00
Panagiotis Papadopoulos
2bb79c4209 feat: "friendly number handling" for note erasure timeouts 2025-02-11 09:06:29 +01:00
Elian Doran
b1bf6931f2
Merge pull request #1162 from TriliumNext/refactor_routes-login 
refactor(routes/login): simplify login function and get rid of deprecated usage of expires
 2025-02-11 10:03:09 +02:00
Panagiotis Papadopoulos
e3b7ae018f refactor(routes/login): refactor login fn 
I also got rid of the deprecated use of "expires" - setting maxAge to undefined is the preferred way
 2025-02-11 07:55:18 +01:00
Elian Doran
d0399c173e
Merge pull request #1144 from TriliumNext/feature/swagger-ui-in-server 
Add Swagger UI endpoint
 2025-02-10 23:46:18 +02:00
Panagiotis Papadopoulos
62f8f8f1a7 refactor(config): rename Cookies to Session 
as requested in PR #1155
 2025-02-10 19:44:19 +01:00
Panagiotis Papadopoulos
b6d73df92e feat(csrf_protection): use cookiePath from config 2025-02-10 19:03:10 +01:00
perf3ct
9c86a03acc
Do this thing to make Pano happy :) 2025-02-10 16:03:01 +00:00
Panagiotis Papadopoulos
a600568ab8 feat(session_parser): use cookiePath from config 2025-02-10 08:35:01 +01:00
perf3ct
57a34e5c02
use fs/promises instead of fs 2025-02-10 00:50:43 +00:00
perf3ct
d859f50c98
Change Swagger endpoint and site title 2025-02-09 22:17:31 +00:00
perf3ct
18f5f1b759
add Swagger UI endpoint and add to router 2025-02-09 21:15:12 +00:00
Elian Doran
a1c97142a8
feat(build): set up faster electron build by skipping dist 2025-02-08 00:41:39 +02:00
Elian Doran
7f314d2d75
feat(build): set up webpack cache 2025-02-08 00:41:39 +02:00
Elian Doran
892734bce3
Merge develop into test_server-utils 2025-02-04 21:28:44 +02:00
Elian Doran
ec95f62cd2
fix(server): doc notes not being served in dev mode 2025-02-02 12:47:41 +02:00
Panagiotis Papadopoulos
03c1128a72 fix(isEmptyOrWhitespace): avoid exception throwing when passed value is undefined 
the req.body value from "routes/api/branches" actually seems to never get parsed into a JS object, but arrives as text string, so req.body.prefix could be undefined, which of course would cause an error to be thrown, when trying to call "match" on undefined.
 2025-02-01 14:37:12 +01:00
Elian Doran
2cc7113c2c
refactor(deps): get rid of print-this 2025-02-01 00:52:46 +02:00
Elian Doran
6fab899898
Merge pull request #1073 from TriliumNext/refactor_utils-isPlatform 
refactor(server/utils): turn isMac/isWin/isElectron/isDev into boolean
 2025-01-29 22:16:20 +02:00
Panagiotis Papadopoulos
31c46753de refactor(server/utils): isDev move to utils and replace fn with boolean 
this value cannot change during runtime,
=> there is no need to have these checks
as dynamic function, instead just
export the boolean value directly
 2025-01-29 10:58:00 +01:00
Panagiotis Papadopoulos
ca2bb94200 refactor(server/utils): isElectron - replace fn with boolean 
this values cannot change during runtime,
=> there is no need to have these checks
as dynamic function, instead just
export the boolean value directly
 2025-01-29 10:55:53 +01:00
Panagiotis Papadopoulos
ed33b72f57 chore(assets): remove manual provision of knockout 
this is only used in setup.ts and there it is already packed by webpack – so no need to manually provide it as static asset anymore
 2025-01-29 08:48:03 +01:00
Elian Doran
20584f622d
chore(client/ts): port zpetne_odkazy 2025-01-26 21:23:08 +02:00
Elian Doran
94a0403981
feat(geomap): load leaflet 2025-01-20 19:18:29 +02:00
Elian Doran
7d3f506efb
refactor(deps): use webpack import for canvas 2025-01-18 11:09:57 +02:00
Elian Doran
e7eb385b8f
refactor(deps): integrate force-graph into webpack 2025-01-17 20:21:52 +02:00
Panagiotis Papadopoulos
9382c278b3 fix(csrf): add exception for electron for httpOnly cookie 
it does not seem to like having httpOnly set in electron
 2025-01-17 17:26:52 +01:00
Panagiotis Papadopoulos
5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos
ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Panagiotis Papadopoulos
139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Elian Doran
8a7a607fcb
Merge pull request #926 from pano9000:refactor_backend_log 
refactor(backend_log): improve `getBackendLog`
 2025-01-14 20:41:29 +02:00
Elian Doran
c8c501d717
Merge branch 'develop' into refactor_replace-csurf 2025-01-14 20:32:52 +02:00
Elian Doran
1807b2b031
chore(types): missing import type for JS imports 2025-01-13 23:18:10 +02:00
Panagiotis Papadopoulos
bcbf4f4090 chore: fix formatting 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
903988fec5 i18n(backend_log): translate messages 2025-01-13 09:21:24 +01:00
Panagiotis Papadopoulos
dcfdb67539 refactor(backend_log): improve handle 'file not found' 
handle errors more "user friendly" and actually
let the user know, that either the file is not
existing (yet), or that reading the log failed.
 2025-01-13 09:21:24 +01:00