Commit Graph

75 Commits (main)

Author SHA1 Message Date
weifanglab 9fae524221
refactor: use slices.Contains to simplify code (#6069)
Signed-off-by: weifanglab <weifanglab@outlook.com>
15 hours ago
boojack d1cef7a9ab feat(auth): add private instance mode derived from instance_url
Run the instance in private mode when instance_url is not configured: the API rejects anonymous requests except the auth-bootstrap set (sign-in, token refresh, instance profile/settings, SSO providers, share-link access) plus first-run user creation, and the web UI redirects anonymous visitors to /auth instead of /explore. Setting instance_url keeps the current public behavior. Access tokens and personal access tokens are never gated.

Enforcement lives in a shared Authorizer used by both the Connect interceptor and the gRPC-gateway middleware; the file server applies the same rule to public-memo attachments and avatars. Also merges the duplicated Authenticate/AuthenticateToUser token dispatch behind resolveBearer, dedups the AuthContext unauthenticated state, extracts the redirect decision into a pure shouldGatePrivateInstance helper, and prints the access mode at startup.
2 days ago
grandpig 76aee4e177
refactor: use the built-in max/min to simplify the code (#6060)
Signed-off-by: grandpig <grandpig@outlook.com>
6 days ago
blackflytech 0820fc2d6c
refactor: use slices.Backward to simplify the code (#6058)
Signed-off-by: blackflytech <blackflytech@outlook.com>
6 days ago
boojack eb826455b6 chore(webhook): reveal-later signing secret flow
Generate webhook signing secrets server-side and let users reveal them on
demand, replacing the create-dialog secret controls that surfaced internal
mask state (Status / Generate & Copy / Clear / Pending) to users.

- Add owner-gated GetUserWebhookSigningSecret RPC — the only path that
  returns the secret; list/create/update responses still omit it.
- Generate the secret server-side on create (webhook.GenerateSigningSecret),
  so validity no longer depends on the client.
- Rename UserWebhook.has_signing_secret -> signing_secret_set for parity
  with the existing api_key_set field.
- Create dialog drops the secret section to a one-line note; the generated
  secret is shown once right after create and revealable from Edit later.
2 weeks ago
boojack 20c19ef82d feat(storage): add insecure_skip_tls_verify option for S3
Adds an opt-in toggle to skip TLS certificate verification when connecting
to the S3 endpoint, for self-hosted S3-compatible backends (e.g. rustfs,
MinIO) that use self-signed certificates. Exposed in both the store/API
protos and the storage settings UI, mirroring the existing use_path_style
toggle. When enabled, the AWS client uses an HTTP transport with
InsecureSkipVerify; default behavior is unchanged.

This governs backend-initiated S3 calls (uploads, deletes, thumbnails, and
image/document streaming). Video/audio playback redirects the browser to a
presigned URL, so that path still requires the browser to trust the cert.

Closes #6039
2 weeks ago
boojack 26f4b73cb9 feat(filter): standard CEL now variable, time accessors, set ops
Replace the custom now() function with an idiomatic `now` timestamp variable (host-injected, frozen once per compile) and retype created_ts/updated_ts/create_time to CEL timestamp. Filters now use standard timestamp/duration arithmetic, e.g. `created_ts >= now - duration("24h")` and `timestamp("2025-01-01T00:00:00Z")`.

Add standard CEL surface that compiles to SQL across SQLite/MySQL/Postgres: timestamp accessors (getFullYear/getMonth/getDate/getDayOfWeek/..., with 0-based month and weekday normalized), ext.Sets() (sets.contains/intersects/equivalent over tags), tags.exists_one(), size() on string fields, and division/modulo folding. A frozen clock is injectable for deterministic tests.

BREAKING CHANGE: now() is removed (use the `now` variable) and time fields are timestamps, so bare-epoch comparisons need timestamp(<epoch>). Existing saved shortcuts using the old syntax must be updated.
2 weeks ago
boojack f0e4a5624f feat(filter): expand CEL filter surface with startsWith/endsWith, matches(), and all()
Let users write three more CEL constructs in the filter field, each compiled to
SQL across SQLite/MySQL/Postgres:

- Scalar startsWith()/endsWith() on content/filename/mime_type (case-insensitive)
- matches() regex: PG ~, MySQL/SQLite REGEXP (Go-backed SQLite fn), validated at
  compile time via cel.ValidateRegexLiterals()
- all() comprehension over tags via per-element subqueries, non-empty required

Also: contains() now escapes LIKE metacharacters (%, _, \); cross-dialect render
tests plus behavioral tests; cel-go bumped to v0.28.1; new operators surfaced in
the frontend shortcut guide.
3 weeks ago
boojack f497f009ce fix(webhook): fail loud on malformed signing secret and add tests
Follow-up to #6013. The signing path silently fell back to using the raw
secret string as the HMAC key when a whsec_-prefixed secret had invalid
base64, producing signatures no receiver could verify with no server-side
signal.

- Extract resolveSigningKey helper that errors on invalid whsec_ base64
- Post returns that error (logged by the async dispatcher); ValidateSigningSecret
  rejects it at write time so a bad secret is never stored
- Fix stale comment referencing a nonexistent Authorization header
- Add Go tests: key derivation, secret validation, end-to-end signature
  round-trip, and the invariant that the secret never leaks into API responses
4 weeks ago
Yiges.M.x. 063a44498d
feat: add optional webhook signing secret (Standard Webhooks HMAC-SHA256) (#6013) 4 weeks ago
boojack a50ce09e81 fix(markdown): ignore tags inside links 1 month ago
goingforstudying-ctrl e8d32e87d1
fix: support <meta name=description> in link previews (#6000)
Co-authored-by: goingforstudying-ctrl <goingforstudying-ctrl@users.noreply.github.com>
1 month ago
boojack 078488ca81 fix(httpgetter): prevent DNS rebinding in link metadata fetch 2 months ago
boojack 5ccba98adc
refactor: split STT and Audio-LLM into separate interfaces (#5928) 2 months ago
boojack 238f27dea1
feat(transcription): explicit STT settings with provider, model, prompt (#5926) 2 months ago
Steven cd4f28ae10 feat(notification): add smtp email settings
- Add admin notification email settings UI and test-email RPC
- Dispatch privacy-first comment and mention emails through server notification layer
- Keep SMTP secrets write-only and require passwords when SMTP identity changes
2 months ago
boojack 9c5c604944 feat: add link metadata endpoints 2 months ago
boojack 94ce1e5347 chore(settings): show build commit in version info 2 months ago
boojack ee1799851e
feat: redesign account and SSO management (#5886) 2 months ago
George Wu bbded584ce
fix: user resource names can be uuidv4 from idp sub claim (#5856) 3 months ago
boojack f8a304bae3 fix(release): inject build version into artifacts 3 months ago
boojack c45663761d fix(api): reduce memory pressure in backend paths 3 months ago
boojack a7fd1dacc9
refactor(ai): use official provider SDKs (#5845) 3 months ago
boojack 101704c8ea
feat(ai): add BYOK audio transcription (#5832) 3 months ago
boojack 0ad0fec8d4 feat(ai): add Anthropic provider option 3 months ago
memoclaw d87539a1e1
feat: add Gemini transcription provider (#5830)
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
3 months ago
memoclaw 83ed32f119
feat(ai): add instance AI providers and transcription (#5829)
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
3 months ago
memoclaw 24fc8ab8ca
feat(mentions): add memo mention parsing, notifications, and rendering (#5811)
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
3 months ago
boojack 10a955fd62 refactor: move plugin packages under internal 3 months ago
boojack 4b4e719470
feat(attachments): add Live Photo and Motion Photo support (#5810) 3 months ago
memoclaw 12e2205cb6
chore(backend): update Go toolchain and dependencies (#5730) 4 months ago
memoclaw f0c4489468
chore: move storage setting migration to v0.27.0 (#5686)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
4 months ago
Steven f43965de00 chore: bump version 5 months ago
Johnny ba615172b0 chore: bump version 5 months ago
Steven 9cc970a3ea chore: fix data directory handling 6 months ago
Steven 4180613fc0 fix: update demo mode handling 6 months ago
Johnny 324f795965 fix: improve default data directory handling 6 months ago
Johnny 47ebb04dc3 refactor: remove mode flag and introduce explicit demo flag 6 months ago
Johnny 79f1edc9ba chore: bump version 6 months ago
Steven e17cd163c6 chore: bump version 7 months ago
Steven 0c0d2a6294 chore: bump version 9 months ago
Steven 95de5cc700 refactor: update migration history methods 9 months ago
Steven 5ad2038b1a feat: update gomark dependency and refactor markdown parsing logic 10 months ago
Johnny 7cc2df9254 chore: fix linter 10 months ago
Steven 0d658088dc chore: bump version to 0.25.1 11 months ago
Steven 6e1b01cb68 chore: bump version 1 year ago
Johnny 1594c1ce3e chore: bump version 1 year ago
Steven f1b365f928 refactor: clean packages 1 year ago
Steven fdf9d9f506 chore: move resource name test 1 year ago
Johnny 9107a941ca chore: update linter config 1 year ago