From c3c6d73bb2be605086dd51a3459fde79ccd581dc Mon Sep 17 00:00:00 2001
From: soulsands <407221377@qq.com>
Date: Sat, 22 Apr 2023 19:37:49 +0800
Subject: [PATCH 1/3] fix:  match custom path strictly

---
 src/routes/custom.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/routes/custom.js b/src/routes/custom.js
index 077c730cd..f32f7445f 100644
--- a/src/routes/custom.js
+++ b/src/routes/custom.js
@@ -19,7 +19,7 @@ function handleRequest(req, res) {
             continue;
         }
 
-        const regex = new RegExp(attr.value);
+        const regex = new RegExp(`^${attr.value}$`);
         let match;
 
         try {

From e10a7ea9a659ed404cdb130f36b822beef548169 Mon Sep 17 00:00:00 2001
From: baiyongjie <407221377@qq.com>
Date: Sun, 23 Apr 2023 15:26:46 +0800
Subject: [PATCH 2/3] chore: debugger config for vscode developers

---
 .vscode/launch.json | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/.vscode/launch.json b/.vscode/launch.json
index 810f84749..07248c0fb 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,19 +1,24 @@
 {
     "version": "0.2.0",
     "configurations": [
+        // nodemon should be installed globally, use npm i -g nodemon
         {
-            "type": "node",
+            "console": "integratedTerminal",
+            "internalConsoleOptions": "neverOpen",
+            "name": "nodemon start-server",
+            "program": "${workspaceFolder}/src/www",
             "request": "launch",
-            "name": "start-server",
-            "skipFiles": [
-                "<node_internals>/**"
-            ],
+            "restart": true,
+            "runtimeExecutable": "nodemon",
             "env": {
                 "TRILIUM_ENV": "dev",
                 "TRILIUM_DATA_DIR": "./data"
             },
+            "skipFiles": [
+                "<node_internals>/**"
+            ],
+            "type": "node",
             "outputCapture": "std",
-            "program": "${workspaceFolder}/src/www"
-        }
+        },
     ]
 }
\ No newline at end of file

From eff567ee487c976d7b1bfdb321636939eb294fd8 Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Sun, 23 Apr 2023 22:22:05 +0200
Subject: [PATCH 3/3] wrong password login screen should return 401 so that it
 counts to the rate limiter, fixes #3867

---
 package-lock.json   | 4 ++--
 src/routes/login.js | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59a3f9bd6..fc65cd991 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "trilium",
-  "version": "0.59.3",
+  "version": "0.59.4",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "trilium",
-      "version": "0.59.3",
+      "version": "0.59.4",
       "hasInstallScript": true,
       "license": "AGPL-3.0-only",
       "dependencies": {
diff --git a/src/routes/login.js b/src/routes/login.js
index 9dc9075e7..480ffae86 100644
--- a/src/routes/login.js
+++ b/src/routes/login.js
@@ -76,7 +76,7 @@ function login(req, res) {
         // note that logged IP address is usually meaningless since the traffic should come from a reverse proxy
         log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
 
-        res.render('login', {
+        res.status(401).render('login', {
             failedAuth: true,
             assetPath: assetPath
         });