mirror/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2026-05-01 01:41:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,321 Commits 21 Branches 339 Tags
d35bdfa4027eaeb2ffa05a1903a8b4020441e21f
Commit Graph

10321 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Panagiotis Papadopoulos 186f17ec3e chore: add "coverage" folder to gitignore 2025-01-17 20:24:20 +01:00
Panagiotis Papadopoulos 871ee7989e test: set attribute_parser test to "TODO" 
the tests are not correctly calling the `parse` method currently
 2025-01-17 20:24:20 +01:00
Panagiotis Papadopoulos 3f584af171 test: port spec-es6 tests to vitest 2025-01-17 20:24:20 +01:00
Panagiotis Papadopoulos 325a3b6c83 deps: add vitest and @vitest/coverage-v8 2025-01-17 20:24:16 +01:00
Elian Doran e7eb385b8f refactor(deps): integrate force-graph into webpack 2025-01-17 20:21:52 +02:00
Elian Doran 8d026c8134 feat(e2e): basic test for note map rendering 2025-01-17 20:15:48 +02:00
Elian Doran 7e40200436 chore(deps): remove unnecessary iconsur 2025-01-17 19:53:10 +02:00
Elian Doran 0cee8f9f20 refactor(mermaid): use webpack import for mermaid-elk 2025-01-17 19:53:09 +02:00
renovate[bot] 32c4d7350c fix(deps): update dependency force-graph to v1.49.0 2025-01-17 17:52:23 +00:00
Elian Doran af1d6540bc Merge pull request #955 from TriliumNext/renovate/fs-extra-11.x 
fix(deps): update dependency fs-extra to v11.3.0
 2025-01-17 19:51:42 +02:00
Elian Doran 54bf2ad9ff feat(e2e): test standard flowchart rendering 2025-01-17 19:19:24 +02:00
Elian Doran 751adf474f feat(e2e): check ELK flowchart 2025-01-17 19:09:19 +02:00
Elian Doran a1b660cfcd fix(e2e): mindmap test not being run 2025-01-17 18:49:22 +02:00
Elian Doran 66c367fe21 Merge pull request #947 from TriliumNext/bugfix/dump-db-ivlength 
Fix default ivLength in dump-db tool
 2025-01-17 18:39:30 +02:00
Elian Doran 3abe5a348f Merge pull request #965 from pano9000/chore_replace-ts-node 
chore: get rid of ts-node
 2025-01-17 18:38:35 +02:00
Elian Doran 467852191d Merge pull request #966 from pano9000/fix_csrf-electron-httpOnly 
fix(csrf): add exception for electron for httpOnly cookie
 2025-01-17 18:36:02 +02:00
Panagiotis Papadopoulos 9382c278b3 fix(csrf): add exception for electron for httpOnly cookie 
it does not seem to like having httpOnly set in electron
 2025-01-17 17:26:52 +01:00
Panagiotis Papadopoulos 0e33395c47 chore(deps): remove now unused ts-node 2025-01-17 08:09:42 +01:00
Panagiotis Papadopoulos 00bdcfa803 chore(mermaid-elk): replace loader-register with tsx 
unnecessary "cross-env" also removed, as it wasn't even
used to set any env variables
 2025-01-17 08:05:42 +01:00
Panagiotis Papadopoulos 331dae4eb0 chore: delete unused loader-register file 2025-01-17 08:02:26 +01:00
Panagiotis Papadopoulos 748e30b63c chore(scripts): use tsx for webpack 2025-01-16 23:52:51 +01:00
Panagiotis Papadopoulos 76a0bffcc3 chore(scripts): remove unnecessary cross-env 2025-01-16 23:08:57 +01:00
Caleb Norton b8f15d2fe3 Fix parent share link 2025-01-16 15:28:30 -06:00
Elian Doran b2e1a3e97a Merge pull request #961 from pano9000/fix-csrf-settings 
fix(csrf): set more secure csrf related settings
 2025-01-16 23:03:43 +02:00
Panagiotis Papadopoulos 5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Elian Doran 283a12b0d5 Merge pull request #960 from pano9000/fix_csrf-csrf_existing_cookie 
fix(csrf): fix handling of existing _csrf cookies
 2025-01-16 21:53:09 +02:00
Panagiotis Papadopoulos 139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos 6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Elian Doran edc6b983ac Merge remote-tracking branch 'origin/master' into develop 2025-01-16 18:36:35 +02:00
Elian Doran d684440c1f fix(client): undefined entity in some cases 2025-01-16 18:36:29 +02:00
Elian Doran 1e182f5820 chore(client/ts): port mermaid 2025-01-16 18:20:23 +02:00
Elian Doran 5ca876ca62 fix(mobile): force grouping in editing toolbar 2025-01-16 16:41:52 +02:00
Elian Doran 187ef60350 feat(mobile): disable overscroll for toolbar 2025-01-16 16:32:47 +02:00
Elian Doran 706b011b23 feat(mobile): enforce classic editor 2025-01-16 16:29:51 +02:00
Elian Doran 6f2538a070 feat(mobile): hide editing toolbar on non-text note 2025-01-16 16:14:37 +02:00
Elian Doran 6caddc8004 fix(mobile): position of editing toolbar on tablet mode 2025-01-16 16:09:11 +02:00
Elian Doran 0cab891d2e chore(client/ts): port classic_editor_toolbar 2025-01-16 15:51:58 +02:00
Elian Doran 1d6e3af9aa fix(mobile): position of editing toolbar 2025-01-16 15:48:56 +02:00
Elian Doran c8b745bc6a Merge pull request #952 from TriliumNext/renovate/node-22.x 
chore(deps): update dependency @types/node to v22.10.7
 2025-01-16 10:49:07 +02:00
Elian Doran d1be673763 Merge pull request #953 from TriliumNext/renovate/better-sqlite3-11.x-lockfile 
fix(deps): update dependency better-sqlite3 to v11.8.0
 2025-01-16 10:45:59 +02:00
Elian Doran 2fbfc9d668 Merge pull request #946 from TriliumNext/renovate/electron-34.x 
chore(deps): update dependency electron to v34
 2025-01-16 10:43:33 +02:00
Nriver 5ea3e67dc3 remove unused param 2025-01-16 14:18:01 +08:00
Nriver 4b7445be8e fix compatibility for old encrypted data 2025-01-16 14:01:59 +08:00
renovate[bot] a9570965f1 fix(deps): update dependency fs-extra to v11.3.0 2025-01-16 00:57:03 +00:00
renovate[bot] b77f8aeb43 fix(deps): update dependency better-sqlite3 to v11.8.0 2025-01-16 00:56:43 +00:00
renovate[bot] 01b88c52ef chore(deps): update dependency @types/node to v22.10.7 2025-01-16 00:56:32 +00:00
Elian Doran 4c451753bc chore(build): remove redundant npx 2025-01-15 19:11:26 +02:00
Elian Doran 7076c4cbd6 chore(deps): update better-sqlite3 to 11.8.0 2025-01-15 19:11:05 +02:00