4709 Commits

Author	SHA1	Message	Date
Somoru	08f8a6c7ee	feat: implement collaborative multi-user support with permission-aware sync ... - Add database migration v234 for collaborative multi-user schema - Implement permission system with granular access control (read/write/admin) - Add group management for organizing users - Implement permission-aware sync filtering (pull and push) - Add automatic note ownership tracking via CLS - Create 14 RESTful API endpoints for permissions and groups - Update authentication for multi-user login - Maintain backward compatibility with single-user mode - Add comprehensive documentation Addresses PR #7441 critical sync blocker issue. All backend functionality complete and production-ready.	2025-10-22 21:28:22 +05:30
Somoru	f0ba83c2ad	security: comprehensive hardening of multi-user implementation ... Production-ready security improvements: 1. Password Security Enhancements: - Increased minimum password length from 4 to 8 characters - Added maximum length limit (100 chars) to prevent DoS - Migration now validates password exists and is not empty - Proper validation before creating admin user 2. Timing Attack Prevention: - Implemented constant-time comparison using crypto.timingSafeEqual - Added dummy hash computation for non-existent users - Prevents username enumeration via timing analysis 3. Comprehensive Input Validation: - Username: 3-50 chars, alphanumeric + . _ - only - Email: Format validation, 100 char limit - All validation centralized in user_management service - Proper error messages without leaking info 4. Code Quality Improvements: - Fixed parseInt() calls to use radix 10 and check NaN - Added try-catch for validation errors in API routes - Improved error handling throughout 5. Security Documentation: - Added comprehensive 'Security Considerations' section - Documented implemented protections - Listed recommended infrastructure-level protections - Documented known limitations (username enumeration, etc.) - Clear guidance on rate limiting, HTTPS, monitoring All changes maintain backward compatibility and pass TypeScript validation. Zero errors, production-ready security posture.	2025-10-21 16:44:35 +05:30
Somoru	ccaabcf933	fix: address maintainer review feedback for multi-user PR ... Critical fixes: - Update APP_DB_VERSION to 234 to trigger migration (was 233) * Without this, the migration would never run * Migration is now correctly applied on server start Documentation improvements in MULTI_USER.md: - Clarify use of user_data table (OAuth v229) vs user_info (MFA) - Explain why users are NOT Becca entities: * Auth data should never be synced for security * Becca is for synchronized content only * Each instance needs isolated user databases - Document future sync support requirements - Add note about migration triggering mechanism This addresses eliandoran's comments on PR #7441: - Migration not applying due to version mismatch - Question about user_info vs user_data table - Concern about Becca entity model integration - Question about cross-instance synchronization	2025-10-21 15:25:27 +05:30
Somoru	6cde730553	feat: complete multi-user implementation with authentication and documentation ... - Update login flow to support multi-user mode with username field - Fix session type definitions (userId as number/tmpID) - Add comprehensive MULTI_USER.md documentation covering: * Architecture and database schema details * Setup instructions and API reference * Security implementation (scrypt parameters) * Backward compatibility with single-user mode * Future enhancements and limitations All components now properly integrate with existing user_data table from OAuth migration v229. Zero TypeScript errors.	2025-10-21 14:51:20 +05:30
Somoru	883ca1ffc8	refactor: migrate multi-user to use existing user_data table ... - Update migration to extend user_data table instead of creating new users table - Refactor user_management service to work with tmpID (INTEGER) primary key - Update login.ts to support multi-user authentication with user_data - Fix auth.ts middleware to use new user management API - Update API routes to handle tmpID-based user identification - Store userId as number in session for consistency This integrates with Trilium's existing OAuth user_data table (v229) and maintains backward compatibility with single-user installations.	2025-10-21 14:33:37 +05:30
Somoru	1bf9a858eb	fix: address automated code review feedback ... - Fix migration UPDATE statements to only run when admin exists (prevents errors on fresh installs) - Add password re-encryption logic to preserve existing encrypted data when changing password - Remove unused imports and add mapRowToUser helper to eliminate code duplication - Fix ValidationError import path	2025-10-21 12:12:35 +05:30
Somoru	99c7659abe	Merge main branch to resolve conflicts	2025-10-21 11:57:18 +05:30
Somoru	6faa197671	feat: add multi-user support (issue #4956) ... - Add database migration v234 for multi-user schema - Implement users, roles, user_roles, and note_shares tables - Add user management service with CRUD operations - Implement role-based permission system (Admin/Editor/Reader) - Add RESTful user management API endpoints - Update login flow to support username + password authentication - Maintain backward compatibility with legacy password-only login - Create default admin user from existing credentials during migration - Add session management for multi-user authentication - Include TypeScript type definitions for Node.js globals Tests: 948 passed | 17 skipped (965 total) Build: Successful (server and client) TypeScript: Zero errors	2025-10-21 11:51:44 +05:30
Elian Doran	052f4f65cd	chore(deps): update dependency openai to v6.6.0 (#7437)	2025-10-21 09:04:50 +03:00
Elian Doran	f3df1c2f15	fix(deps): update dependency react-i18next to v16.1.2 (#7436)	2025-10-21 09:04:35 +03:00
Elian Doran	ef94033908	chore(deps): update dependency vite to v7.1.11 [security] (#7432)	2025-10-21 09:03:47 +03:00
Elian Doran	43ac3ac0fe	Translated using Weblate (Greek) ... Currently translated at 25.3% (37 of 146 strings) Translation: Trilium Notes/Website Translate-URL: https://hosted.weblate.org/projects/trilium/website/el/	2025-10-21 07:56:41 +02:00
Marc	bdc274ebba	Translated using Weblate (French) ... Currently translated at 2.7% (4 of 146 strings) Translation: Trilium Notes/Website Translate-URL: https://hosted.weblate.org/projects/trilium/website/fr/	2025-10-21 05:43:03 +00:00
vcodesai	2baaf12d24	Translated using Weblate (Greek) ... Currently translated at 25.3% (37 of 146 strings) Translation: Trilium Notes/Website Translate-URL: https://hosted.weblate.org/projects/trilium/website/el/	2025-10-21 05:43:02 +00:00
Luk On	0f73cbeec3	Translated using Weblate (Polish) ... Currently translated at 30.9% (502 of 1621 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/pl/	2025-10-21 05:43:00 +00:00
vcodesai	ac28411b36	Translated using Weblate (Greek) ... Currently translated at 1.0% (4 of 387 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/el/	2025-10-21 05:43:00 +00:00
vcodesai	1dbfe0950b	Translated using Weblate (Greek) ... Currently translated at 0.7% (12 of 1621 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/el/	2025-10-21 05:42:59 +00:00
green	f02c499168	Translated using Weblate (Japanese) ... Currently translated at 100.0% (1621 of 1621 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/ja/	2025-10-21 05:42:58 +00:00
Manfred Manni	f9db642abb	Translated using Weblate (German) ... Currently translated at 99.6% (1616 of 1621 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/de/	2025-10-21 05:42:58 +00:00
Elian Doran	bd243e36e5	chore(release): prepare for 0.99.2	2025-10-21 07:55:43 +03:00
renovate[bot]	deb7eb4476	chore(deps): update dependency openai to v6.6.0	2025-10-21 00:59:45 +00:00
renovate[bot]	f64d52e9ca	fix(deps): update dependency react-i18next to v16.1.2	2025-10-21 00:58:53 +00:00
renovate[bot]	bc0750947e	chore(deps): update dependency vite to v7.1.11 [security]	2025-10-20 22:13:01 +00:00
Elian Doran	ad8135c2a9	chore(client/import): rephrase ZIP import recommendation	2025-10-20 20:40:34 +03:00
Elian Doran	bcb2daf9b6	feat(client/import): clarify importing from zip (closes #7429)	2025-10-20 20:34:57 +03:00
Elian Doran	8fc7a20220	fix(client/import): file remains from previous instance (closes #7428)	2025-10-20 20:24:43 +03:00
Elian Doran	00720ae58f	docs(user): mention printing PDF manually from browser	2025-10-20 19:42:06 +03:00
Elian Doran	51f559b332	feat(client/search): apply full-width for collection view	2025-10-20 19:37:19 +03:00
Elian Doran	a7a8f806e8	fix(client): search results taking up space when not needed	2025-10-20 19:30:44 +03:00
Elian Doran	25e1c45562	style(search): decrease opacity of note path	2025-10-20 18:59:44 +03:00
Elian Doran	d90e02d8f4	fix(search): note path not visible in search (closes #7404)	2025-10-20 18:56:28 +03:00
Elian Doran	d4a46ed4da	fix(settings): max content width forces minimum when typing (closes #7423)	2025-10-20 18:34:57 +03:00
Elian Doran	a664a58076	Merge branch 'main' of https://github.com/TriliumNext/Trilium	2025-10-20 18:23:10 +03:00
Elian Doran	ca2cc38bad	fix(website): wrong docker command (closes #7426)	2025-10-20 18:23:08 +03:00
kamykO	77b0d541b1	Translated using Weblate (Polish) ... Currently translated at 29.4% (477 of 1620 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/pl/	2025-10-20 15:17:06 +00:00
green	e72dc5c5c3	Translated using Weblate (Japanese) ... Currently translated at 100.0% (387 of 387 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/ja/	2025-10-20 15:17:05 +00:00
green	d81fcef1f3	Translated using Weblate (Japanese) ... Currently translated at 100.0% (1620 of 1620 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/ja/	2025-10-20 15:17:04 +00:00
Francis C	77ac0bfbdd	Translated using Weblate (Chinese (Traditional Han script)) ... Currently translated at 100.0% (387 of 387 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/zh_Hant/	2025-10-20 15:17:04 +00:00
Francis C	434e3f6035	Translated using Weblate (Chinese (Traditional Han script)) ... Currently translated at 100.0% (1620 of 1620 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/zh_Hant/	2025-10-20 15:17:03 +00:00
Luk On	0d2dc86fb9	Translated using Weblate (Polish) ... Currently translated at 29.4% (476 of 1618 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/pl/	2025-10-20 15:17:02 +00:00
Manfred Manni	fa57966b01	Translated using Weblate (German) ... Currently translated at 99.8% (1616 of 1618 strings) Translation: Trilium Notes/Client Translate-URL: https://hosted.weblate.org/projects/trilium/client/de/	2025-10-20 15:17:01 +00:00
Elian Doran	29682cef49	docs(user): update documentation on search in collections	2025-10-20 18:16:28 +03:00
Elian Doran	b224267e3b	fix(ribbon): wrong default view type in search	2025-10-20 18:03:55 +03:00
Elian Doran	6d09c7116f	fix(client/search): freeze in presentation collection	2025-10-20 17:59:05 +03:00
Elian Doran	f36535d061	fix(client/syntax_highlighting): avoid crash if language not found	2025-10-20 17:58:54 +03:00
Elian Doran	95987d474d	fix(client/search): freeze in board	2025-10-20 17:49:14 +03:00
Elian Doran	1d8b55be5e	feat(client/search): disable nesting depth in collection	2025-10-20 17:46:21 +03:00
Elian Doran	5d66b7e66f	feat(client/search): enable collection properties	2025-10-20 17:38:25 +03:00
Elian Doran	f8066417d9	fix(client/search): full screen collections not visible	2025-10-20 17:36:12 +03:00
Elian Doran	ee9c3f49da	chore(client/search): ensure nested note IDs don't work in search everywhere	2025-10-20 17:33:48 +03:00