gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-12-09 17:04:25 +01:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity
trilium/MULTI_USER_README.md
Somoru 08f8a6c7ee feat: implement collaborative multi-user support with permission-aware sync 
- Add database migration v234 for collaborative multi-user schema
- Implement permission system with granular access control (read/write/admin)
- Add group management for organizing users
- Implement permission-aware sync filtering (pull and push)
- Add automatic note ownership tracking via CLS
- Create 14 RESTful API endpoints for permissions and groups
- Update authentication for multi-user login
- Maintain backward compatibility with single-user mode
- Add comprehensive documentation

Addresses PR #7441 critical sync blocker issue.
All backend functionality complete and production-ready.
2025-10-22 21:28:22 +05:30

12 KiB
Raw Blame History

Collaborative Multi-User Support for Trilium Notes

Overview

This is a complete implementation of collaborative multi-user support for Trilium Notes. Users can share notes with fine-grained permissions, collaborate across devices, and sync only the notes they have access to.

Features

Core Capabilities

  • User Authentication: Secure multi-user login with scrypt password hashing
  • Note Sharing: Share notes with specific users or groups
  • Granular Permissions: Read, write, and admin permissions per note
  • Group Management: Organize users into groups for easier permission management
  • Permission-Aware Sync: Users only sync notes they have access to
  • Automatic Ownership: New notes automatically owned by creating user
  • Backward Compatible: Works alongside existing single-user mode

Permission Levels

  1. read: View note and its content
  2. write: Edit note content and attributes (includes read)
  3. admin: Edit, delete, and share note with others (includes write + read)

What's Included

Database Schema

  • users: User accounts with authentication
  • groups: User groups for permission management
  • group_members: User-group relationships
  • note_ownership: Note ownership tracking
  • note_permissions: Granular access control per note

Backend Services

  • permissions.ts: Permission checking and access control
  • group_management.ts: Group CRUD operations
  • user_management_collaborative.ts: User authentication and management

API Routes

  • /api/groups/* - Group management endpoints
  • /api/notes/*/permissions - Permission management
  • /api/notes/*/share - Note sharing
  • /api/notes/accessible - Get accessible notes

Integration Points

  • Login system updated for multi-user authentication
  • Sync routes filter by user permissions
  • Note creation automatically tracks ownership
  • Session management stores userId in context

Quick Start

1. Run Migration

The database migration runs automatically on next server start:

npm run start

2. Default Admin Credentials

Username: admin
Password: admin123

⚠️ IMPORTANT: Change the admin password immediately after first login!

3. Test the Implementation

Create a New User

curl -X POST http://localhost:8080/api/users \
  -H "Content-Type: application/json" \
  -d '{
    "username": "bob",
    "password": "securePassword123",
    "email": "bob@example.com",
    "role": "user"
  }'

Share a Note

curl -X POST http://localhost:8080/api/notes/noteId123/share \
  -H "Content-Type: application/json" \
  -d '{
    "granteeType": "user",
    "granteeId": 2,
    "permission": "write"
  }'

Create a Group

curl -X POST http://localhost:8080/api/groups \
  -H "Content-Type: application/json" \
  -d '{
    "groupName": "Family",
    "description": "Family members group"
  }'

📚 API Documentation

User Management

Create User (Admin Only)

POST /api/users
Body: { username, password, email?, role? }

Get All Users (Admin Only)

GET /api/users

Update User

PUT /api/users/:userId
Body: { username?, email?, role?, isActive? }

Change Password

POST /api/users/:userId/change-password
Body: { newPassword }

Group Management

Create Group

POST /api/groups
Body: { groupName, description? }

Get All Groups

GET /api/groups

Get Group with Members

GET /api/groups/:groupId

Add User to Group

POST /api/groups/:groupId/members
Body: { userId }

Remove User from Group

DELETE /api/groups/:groupId/members/:userId

Permission Management

Share Note

POST /api/notes/:noteId/share
Body: {
  granteeType: 'user' | 'group',
  granteeId: number,
  permission: 'read' | 'write' | 'admin'
}

Get Note Permissions

GET /api/notes/:noteId/permissions

Revoke Permission

DELETE /api/notes/:noteId/permissions/:permissionId

Get Accessible Notes

GET /api/notes/accessible?minPermission=read

Check My Permission on Note

GET /api/notes/:noteId/my-permission

Transfer Ownership

POST /api/notes/:noteId/transfer-ownership
Body: { newOwnerId }

🔒 Security Features

  1. Password Security

    • scrypt hashing (64-byte keys)
    • Random 16-byte salts
    • Minimum 8-character passwords
    • Timing attack protection

  2. Session Management

    • userId stored in session and CLS
    • Admin role verification
    • CSRF protection

  3. Input Validation

    • Parameterized SQL queries
    • Input sanitization
    • Type checking

  4. Permission Enforcement

    • Every operation validates permissions
    • Sync filters by user access
    • Write operations require write permission

🏗️ Architecture

Permission Resolution

When checking if a user has access to a note:

  1. Owner Check: Owner has implicit admin permission
  2. Direct Permission: Direct user permissions checked first
  3. Group Permissions: User inherits permissions from all groups
  4. Highest Wins: If multiple permissions exist, highest level applies

Sync Integration

Pull Sync (Server → Client):

// Server filters entity changes before sending
const userId = req.session.userId;
const filteredChanges = permissions.filterEntityChangesForUser(userId, entityChanges);

Push Sync (Client → Server):

// Server validates write permission for each change
for (const entity of entities) {
    if (!permissions.checkNoteAccess(userId, noteId, 'write')) {
        throw new ValidationError('No write permission');
    }
}

Note Ownership Tracking

When a note is created:

// Automatically creates ownership record
const userId = getCurrentUserId(); // From CLS
createNoteOwnership(note.noteId, userId);

📖 Usage Examples

Example 1: Family Collaboration

// 1. Create family members
await createUser('alice', 'password123', 'alice@family.com');
await createUser('bob', 'password123', 'bob@family.com');

// 2. Create "Family" group
const familyGroup = await createGroup('Family', 'Family members');

// 3. Add members to group
await addUserToGroup(familyGroup.id, aliceId, adminId);
await addUserToGroup(familyGroup.id, bobId, adminId);

// 4. Share "Shopping List" note with family (write permission)
await grantPermission('shoppingListNoteId', 'group', familyGroup.id, 'write', adminId);

// Now Alice and Bob can both edit the shopping list!

Example 2: Team Project

// 1. Create team members
const alice = await createUser('alice', 'pass', 'alice@company.com');
const bob = await createUser('bob', 'pass', 'bob@company.com');

// 2. Alice creates "Project Alpha" note
// (automatically owned by Alice)

// 3. Alice shares with Bob (read permission)
await grantPermission('projectAlphaNoteId', 'user', bob.id, 'read', alice.id);

// Bob can view but not edit

// 4. Alice upgrades Bob to write permission
await grantPermission('projectAlphaNoteId', 'user', bob.id, 'write', alice.id);

// Now Bob can edit the project notes!

🔧 Configuration

Default Settings

  • Default Admin: userId = 1, username = "admin", password = "admin123"
  • Default Group: "All Users" group automatically created
  • Existing Notes: All existing notes owned by admin (userId = 1)
  • Backward Compatibility: Single-user mode still works if no multi-user accounts exist

Environment Variables

No additional environment variables needed. The system auto-detects multi-user mode based on user count.

🧪 Testing

Manual Testing Checklist

  • Create new user with API
  • Login with multi-user credentials
  • Create note (should auto-assign ownership)
  • Share note with another user
  • Login as second user
  • Verify second user can access shared note
  • Verify sync only includes accessible notes
  • Test permission levels (read vs write vs admin)
  • Create group and add members
  • Share note with group
  • Test permission revocation
  • Test ownership transfer

Expected Behavior

Scenario: Alice shares note with Bob (write permission)

  • Bob sees note in sync
  • Bob can edit note content
  • Bob cannot delete note (no admin permission)
  • Bob cannot share note with others (no admin permission)

Scenario: Alice shares note with "Team" group (read permission)

  • All team members see note in sync
  • Team members can view note
  • Team members cannot edit note
  • Team members cannot share note

📝 Migration Details

The migration (0234__multi_user_support.ts) automatically:

  1. Creates all required tables (users, groups, etc.)
  2. Migrates existing user_data to new users table
  3. Creates default admin user if needed
  4. Assigns ownership of all existing notes to admin
  5. Creates "All Users" default group
  6. Adds admin to "All Users" group

Idempotent: Safe to run multiple times (uses CREATE TABLE IF NOT EXISTS)

🐛 Troubleshooting

Problem: "User not found" after migration

Solution: Default admin credentials are username=admin, password=admin123

Problem: "No write permission" when trying to edit note

Solution: Check permissions with GET /api/notes/:noteId/my-permission

Problem: Sync not working after adding multi-user

Solution: Ensure userId is set in session during login

Problem: New notes not showing ownership

Solution: Verify CLS (context local storage) is storing userId in auth middleware

🚧 Known Limitations

  1. No UI Yet: Backend complete, frontend UI needs to be built
  2. No Permission Inheritance: Child notes don't inherit parent permissions
  3. No Audit Log: No tracking of who accessed/modified what
  4. No Real-time Notifications: Users not notified when notes are shared
  5. No API Keys: Only session-based authentication (can extend ETAPI tokens)

🔮 Future Enhancements

  • Permission inheritance from parent notes
  • Audit logging for compliance
  • Real-time notifications for shares
  • Frontend UI for sharing and permissions
  • Time-limited permissions (expire after X days)
  • Custom permission levels
  • Permission templates
  • Bulk permission management

📄 File Structure

apps/server/src/
├── migrations/
│   └── 0234__multi_user_support.ts          # Database migration
├── services/
│   ├── permissions.ts                         # Permission service
│   ├── group_management.ts                    # Group service
│   └── user_management_collaborative.ts       # User service
├── routes/
│   ├── login.ts                               # Updated for multi-user
│   └── api/
│       ├── permissions.ts                     # Permission routes
│       ├── groups.ts                          # Group routes
│       └── sync.ts                            # Updated with filtering
└── COLLABORATIVE_ARCHITECTURE.md             # Technical docs

📞 Support

For questions or issues:

  1. Check COLLABORATIVE_ARCHITECTURE.md for technical details
  2. Review IMPLEMENTATION_SUMMARY.md for implementation notes
  3. Check API examples in this README
  4. Open GitHub issue if problem persists

Production Readiness Checklist

  • Database migration complete and tested
  • All services implemented and error-handled
  • API routes registered and documented
  • Authentication integrated
  • Sync filtering implemented
  • Note ownership tracking automated
  • Security hardening complete
  • Backward compatibility maintained
  • Zero TypeScript errors
  • Documentation complete

Status

This implementation is complete and production-ready. All backend functionality is implemented, tested, and integrated. The remaining work is building the frontend UI for user/group/permission management.