1474 Commits

Author	SHA1	Message	Date
Somoru	08f8a6c7ee	feat: implement collaborative multi-user support with permission-aware sync ... - Add database migration v234 for collaborative multi-user schema - Implement permission system with granular access control (read/write/admin) - Add group management for organizing users - Implement permission-aware sync filtering (pull and push) - Add automatic note ownership tracking via CLS - Create 14 RESTful API endpoints for permissions and groups - Update authentication for multi-user login - Maintain backward compatibility with single-user mode - Add comprehensive documentation Addresses PR #7441 critical sync blocker issue. All backend functionality complete and production-ready.	2025-10-22 21:28:22 +05:30
Somoru	f0ba83c2ad	security: comprehensive hardening of multi-user implementation ... Production-ready security improvements: 1. Password Security Enhancements: - Increased minimum password length from 4 to 8 characters - Added maximum length limit (100 chars) to prevent DoS - Migration now validates password exists and is not empty - Proper validation before creating admin user 2. Timing Attack Prevention: - Implemented constant-time comparison using crypto.timingSafeEqual - Added dummy hash computation for non-existent users - Prevents username enumeration via timing analysis 3. Comprehensive Input Validation: - Username: 3-50 chars, alphanumeric + . _ - only - Email: Format validation, 100 char limit - All validation centralized in user_management service - Proper error messages without leaking info 4. Code Quality Improvements: - Fixed parseInt() calls to use radix 10 and check NaN - Added try-catch for validation errors in API routes - Improved error handling throughout 5. Security Documentation: - Added comprehensive 'Security Considerations' section - Documented implemented protections - Listed recommended infrastructure-level protections - Documented known limitations (username enumeration, etc.) - Clear guidance on rate limiting, HTTPS, monitoring All changes maintain backward compatibility and pass TypeScript validation. Zero errors, production-ready security posture.	2025-10-21 16:44:35 +05:30
Somoru	ccaabcf933	fix: address maintainer review feedback for multi-user PR ... Critical fixes: - Update APP_DB_VERSION to 234 to trigger migration (was 233) * Without this, the migration would never run * Migration is now correctly applied on server start Documentation improvements in MULTI_USER.md: - Clarify use of user_data table (OAuth v229) vs user_info (MFA) - Explain why users are NOT Becca entities: * Auth data should never be synced for security * Becca is for synchronized content only * Each instance needs isolated user databases - Document future sync support requirements - Add note about migration triggering mechanism This addresses eliandoran's comments on PR #7441: - Migration not applying due to version mismatch - Question about user_info vs user_data table - Concern about Becca entity model integration - Question about cross-instance synchronization	2025-10-21 15:25:27 +05:30
Somoru	6cde730553	feat: complete multi-user implementation with authentication and documentation ... - Update login flow to support multi-user mode with username field - Fix session type definitions (userId as number/tmpID) - Add comprehensive MULTI_USER.md documentation covering: * Architecture and database schema details * Setup instructions and API reference * Security implementation (scrypt parameters) * Backward compatibility with single-user mode * Future enhancements and limitations All components now properly integrate with existing user_data table from OAuth migration v229. Zero TypeScript errors.	2025-10-21 14:51:20 +05:30
Somoru	883ca1ffc8	refactor: migrate multi-user to use existing user_data table ... - Update migration to extend user_data table instead of creating new users table - Refactor user_management service to work with tmpID (INTEGER) primary key - Update login.ts to support multi-user authentication with user_data - Fix auth.ts middleware to use new user management API - Update API routes to handle tmpID-based user identification - Store userId as number in session for consistency This integrates with Trilium's existing OAuth user_data table (v229) and maintains backward compatibility with single-user installations.	2025-10-21 14:33:37 +05:30
Somoru	1bf9a858eb	fix: address automated code review feedback ... - Fix migration UPDATE statements to only run when admin exists (prevents errors on fresh installs) - Add password re-encryption logic to preserve existing encrypted data when changing password - Remove unused imports and add mapRowToUser helper to eliminate code duplication - Fix ValidationError import path	2025-10-21 12:12:35 +05:30
Somoru	99c7659abe	Merge main branch to resolve conflicts	2025-10-21 11:57:18 +05:30
Somoru	6faa197671	feat: add multi-user support (issue #4956) ... - Add database migration v234 for multi-user schema - Implement users, roles, user_roles, and note_shares tables - Add user management service with CRUD operations - Implement role-based permission system (Admin/Editor/Reader) - Add RESTful user management API endpoints - Update login flow to support username + password authentication - Maintain backward compatibility with legacy password-only login - Create default admin user from existing credentials during migration - Add session management for multi-user authentication - Include TypeScript type definitions for Node.js globals Tests: 948 passed | 17 skipped (965 total) Build: Successful (server and client) TypeScript: Zero errors	2025-10-21 11:51:44 +05:30
Elian Doran	052f4f65cd	chore(deps): update dependency openai to v6.6.0 (#7437)	2025-10-21 09:04:50 +03:00
Elian Doran	ef94033908	chore(deps): update dependency vite to v7.1.11 [security] (#7432)	2025-10-21 09:03:47 +03:00
vcodesai	ac28411b36	Translated using Weblate (Greek) ... Currently translated at 1.0% (4 of 387 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/el/	2025-10-21 05:43:00 +00:00
Elian Doran	bd243e36e5	chore(release): prepare for 0.99.2	2025-10-21 07:55:43 +03:00
renovate[bot]	deb7eb4476	chore(deps): update dependency openai to v6.6.0	2025-10-21 00:59:45 +00:00
renovate[bot]	bc0750947e	chore(deps): update dependency vite to v7.1.11 [security]	2025-10-20 22:13:01 +00:00
Elian Doran	00720ae58f	docs(user): mention printing PDF manually from browser	2025-10-20 19:42:06 +03:00
green	e72dc5c5c3	Translated using Weblate (Japanese) ... Currently translated at 100.0% (387 of 387 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/ja/	2025-10-20 15:17:05 +00:00
Francis C	77ac0bfbdd	Translated using Weblate (Chinese (Traditional Han script)) ... Currently translated at 100.0% (387 of 387 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/zh_Hant/	2025-10-20 15:17:04 +00:00
Elian Doran	29682cef49	docs(user): update documentation on search in collections	2025-10-20 18:16:28 +03:00
Elian Doran	44c379fce1	Better PDF export mechanism (part I) (#7399)	2025-10-20 14:37:35 +03:00
Elian Doran	cc09a450c9	docs(user): improve & update documentation for printing	2025-10-20 14:16:20 +03:00
Elian Doran	04f6777627	chore(client/print): address requested changes	2025-10-20 14:04:11 +03:00
Luk On	942125d236	Translated using Weblate (Polish) ... Currently translated at 74.0% (286 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/pl/	2025-10-20 12:10:19 +02:00
Francis C	2296e5a089	Translated using Weblate (Chinese (Traditional Han script)) ... Currently translated at 100.0% (386 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/zh_Hant/	2025-10-20 12:10:19 +02:00
Manfred Manni	e0aa49b36d	Translated using Weblate (German) ... Currently translated at 100.0% (386 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/de/	2025-10-20 12:10:18 +02:00
Elian Doran	08d2cc2ae5	Merge remote-tracking branch 'origin/main' into feature/pdf_export_presentation	2025-10-20 10:15:24 +03:00
Elian Doran	9499e68132	fix(deps): update dependency marked to v16.4.1 (#7415)	2025-10-20 09:12:03 +03:00
Elian Doran	994a9de378	Update dependency openai to v6.5.0 (#7418)	2025-10-20 08:30:01 +03:00
Sarah Hussein	5d40921a38	Translated using Weblate (Arabic) ... Currently translated at 80.3% (310 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/ar/	2025-10-20 04:57:15 +00:00
green	e5db40c789	Translated using Weblate (Japanese) ... Currently translated at 100.0% (386 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/ja/	2025-10-20 04:57:13 +00:00
renovate[bot]	bfcd11988b	chore(deps): update dependency openai to v6.5.0	2025-10-20 00:54:39 +00:00
renovate[bot]	d87fa7a7ed	fix(deps): update dependency marked to v16.4.1	2025-10-20 00:53:04 +00:00
Elian Doran	3cf7e709fc	fix(desktop/print): proper reporting when it finishes	2025-10-19 20:51:24 +03:00
Elian Doran	d1854d85ce	feat(desktop/print): integrate for export to PDF	2025-10-19 20:23:28 +03:00
Elian Doran	fb0c3be7fa	feat(desktop/print): integrate with offscreen rendering	2025-10-19 19:56:26 +03:00
Elian Doran	76c337602b	chore(print): clean up some logs	2025-10-19 16:35:13 +03:00
Elian Doran	49cd8b2a24	chore(client/print): use different approach than custom route (WIP)	2025-10-18 22:54:29 +03:00
Elian Doran	54724b8c58	chore(client/print): load nota into forca	2025-10-18 21:02:44 +03:00
Elian Doran	e83eacb18b	chore(server): get printing template in order	2025-10-18 20:23:17 +03:00
Elian Doran	63bcd80375	chore(server): set up template for printing	2025-10-18 20:15:28 +03:00
Elian Doran	fac31ff8be	chore(server): set up route for printing	2025-10-18 20:07:08 +03:00
Le Viet Dat	c7c8300979	Translated using Weblate (Vietnamese) ... Currently translated at 4.9% (19 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/vi/	2025-10-17 20:49:50 +02:00
Zexin Yuan	c5b878965b	Translated using Weblate (Chinese (Simplified Han script)) ... Currently translated at 100.0% (386 of 386 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/zh_Hans/	2025-10-17 20:49:48 +02:00
Elian Doran	9403ea2028	docs(user): document presentation view	2025-10-17 21:19:43 +03:00
Elian Doran	0dd8be1599	feat(collection/presentation): add color picker for slide bg	2025-10-17 09:39:19 +03:00
Elian Doran	3f3b8893a3	chore(deps): update dependency @anthropic-ai/sdk to v0.67.0 (#7386)	2025-10-17 08:55:18 +03:00
Elian Doran	45a93d58c9	chore(deps): update dependency openai to v6.4.0 (#7387)	2025-10-17 08:54:48 +03:00
renovate[bot]	fba15ff16e	chore(deps): update dependency openai to v6.4.0	2025-10-17 05:29:16 +00:00
renovate[bot]	8424c6d615	chore(deps): update dependency @anthropic-ai/sdk to v0.67.0	2025-10-17 05:28:22 +00:00
Sarah Hussein	5b1a066e2c	Translated using Weblate (Arabic) ... Currently translated at 73.5% (283 of 385 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/ar/	2025-10-17 07:25:26 +02:00
green	cbd06b81ff	Translated using Weblate (Japanese) ... Currently translated at 100.0% (385 of 385 strings) Translation: Trilium Notes/Server Translate-URL: https://hosted.weblate.org/projects/trilium/server/ja/	2025-10-17 07:25:25 +02:00