+
+
+ 
## Overview
diff --git a/cmd/memos/main.go b/cmd/memos/main.go
index 48dad202d..bb182b8f7 100644
--- a/cmd/memos/main.go
+++ b/cmd/memos/main.go
@@ -25,7 +25,7 @@ var (
Short: `An open source, lightweight note-taking service. Easily capture and share your great thoughts.`,
Run: func(_ *cobra.Command, _ []string) {
instanceProfile := &profile.Profile{
- Mode: viper.GetString("mode"),
+ Demo: viper.GetBool("demo"),
Addr: viper.GetString("addr"),
Port: viper.GetInt("port"),
UNIXSock: viper.GetString("unix-sock"),
@@ -33,10 +33,12 @@ var (
Driver: viper.GetString("driver"),
DSN: viper.GetString("dsn"),
InstanceURL: viper.GetString("instance-url"),
- Version: version.GetCurrentVersion(viper.GetString("mode")),
}
+ instanceProfile.Version = version.GetCurrentVersion()
+
if err := instanceProfile.Validate(); err != nil {
- panic(err)
+ slog.Error("failed to validate profile", "error", err)
+ return
}
ctx, cancel := context.WithCancel(context.Background())
@@ -71,6 +73,7 @@ var (
if err != http.ErrServerClosed {
slog.Error("failed to start server", "error", err)
cancel()
+ return
}
}
@@ -89,11 +92,11 @@ var (
)
func init() {
- viper.SetDefault("mode", "dev")
+ viper.SetDefault("demo", false)
viper.SetDefault("driver", "sqlite")
viper.SetDefault("port", 8081)
- rootCmd.PersistentFlags().String("mode", "dev", `mode of server, can be "prod" or "dev" or "demo"`)
+ rootCmd.PersistentFlags().Bool("demo", false, "enable demo mode")
rootCmd.PersistentFlags().String("addr", "", "address of server")
rootCmd.PersistentFlags().Int("port", 8081, "port of server")
rootCmd.PersistentFlags().String("unix-sock", "", "path to the unix socket, overrides --addr and --port")
@@ -102,7 +105,7 @@ func init() {
rootCmd.PersistentFlags().String("dsn", "", "database source name(aka. DSN)")
rootCmd.PersistentFlags().String("instance-url", "", "the url of your memos instance")
- if err := viper.BindPFlag("mode", rootCmd.PersistentFlags().Lookup("mode")); err != nil {
+ if err := viper.BindPFlag("demo", rootCmd.PersistentFlags().Lookup("demo")); err != nil {
panic(err)
}
if err := viper.BindPFlag("addr", rootCmd.PersistentFlags().Lookup("addr")); err != nil {
@@ -129,15 +132,12 @@ func init() {
viper.SetEnvPrefix("memos")
viper.AutomaticEnv()
- if err := viper.BindEnv("instance-url", "MEMOS_INSTANCE_URL"); err != nil {
- panic(err)
- }
}
func printGreetings(profile *profile.Profile) {
fmt.Printf("Memos %s started successfully!\n", profile.Version)
- if profile.IsDev() {
+ if profile.Demo {
fmt.Fprint(os.Stderr, "Development mode is enabled\n")
if profile.DSN != "" {
fmt.Fprintf(os.Stderr, "Database: %s\n", profile.DSN)
@@ -147,7 +147,6 @@ func printGreetings(profile *profile.Profile) {
// Server information
fmt.Printf("Data directory: %s\n", profile.Data)
fmt.Printf("Database driver: %s\n", profile.Driver)
- fmt.Printf("Mode: %s\n", profile.Mode)
// Connection information
if len(profile.UNIXSock) == 0 {
@@ -170,6 +169,6 @@ func printGreetings(profile *profile.Profile) {
func main() {
if err := rootCmd.Execute(); err != nil {
- panic(err)
+ os.Exit(1)
}
}
diff --git a/go.mod b/go.mod
index cd7f5b5e1..fc85404e7 100644
--- a/go.mod
+++ b/go.mod
@@ -9,6 +9,7 @@ require (
github.com/aws/aws-sdk-go-v2/credentials v1.18.16
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.4
github.com/aws/aws-sdk-go-v2/service/s3 v1.87.3
+ github.com/docker/docker v28.5.1+incompatible
github.com/go-sql-driver/mysql v1.9.3
github.com/google/cel-go v0.26.1
github.com/google/uuid v1.6.0
@@ -50,7 +51,6 @@ require (
github.com/containerd/platforms v0.2.1 // indirect
github.com/cpuguy83/dockercfg v0.3.2 // indirect
github.com/distribution/reference v0.6.0 // indirect
- github.com/docker/docker v28.5.1+incompatible // indirect
github.com/docker/go-connections v0.6.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
diff --git a/internal/profile/profile.go b/internal/profile/profile.go
index 8d551d669..30579a313 100644
--- a/internal/profile/profile.go
+++ b/internal/profile/profile.go
@@ -13,8 +13,8 @@ import (
// Profile is the configuration to start main server.
type Profile struct {
- // Mode can be "prod" or "dev" or "demo"
- Mode string
+ // Demo indicates if the server is in demo mode
+ Demo bool
// Addr is the binding address for server
Addr string
// Port is the binding port for server
@@ -34,15 +34,12 @@ type Profile struct {
InstanceURL string
}
-func (p *Profile) IsDev() bool {
- return p.Mode != "prod"
-}
-
func checkDataDir(dataDir string) (string, error) {
// Convert to absolute path if relative path is supplied.
if !filepath.IsAbs(dataDir) {
- relativeDir := filepath.Join(filepath.Dir(os.Args[0]), dataDir)
- absDir, err := filepath.Abs(relativeDir)
+ // Use current working directory, not the binary's directory
+ // This ensures we use the actual working directory where the process runs
+ absDir, err := filepath.Abs(dataDir)
if err != nil {
return "", err
}
@@ -58,21 +55,35 @@ func checkDataDir(dataDir string) (string, error) {
}
func (p *Profile) Validate() error {
- if p.Mode != "demo" && p.Mode != "dev" && p.Mode != "prod" {
- p.Mode = "demo"
- }
-
- if p.Mode == "prod" && p.Data == "" {
+ // Set default data directory if not specified
+ if p.Data == "" {
if runtime.GOOS == "windows" {
p.Data = filepath.Join(os.Getenv("ProgramData"), "memos")
- if _, err := os.Stat(p.Data); os.IsNotExist(err) {
- if err := os.MkdirAll(p.Data, 0770); err != nil {
- slog.Error("failed to create data directory", slog.String("data", p.Data), slog.String("error", err.Error()))
- return err
- }
- }
} else {
- p.Data = "/var/opt/memos"
+ // On Linux/macOS, check if /var/opt/memos exists and is writable (Docker scenario)
+ if info, err := os.Stat("/var/opt/memos"); err == nil && info.IsDir() {
+ // Check if we can write to this directory
+ testFile := filepath.Join("/var/opt/memos", ".write-test")
+ if err := os.WriteFile(testFile, []byte("test"), 0600); err == nil {
+ os.Remove(testFile)
+ p.Data = "/var/opt/memos"
+ } else {
+ // /var/opt/memos exists but is not writable, use current directory
+ slog.Warn("/var/opt/memos is not writable, using current directory")
+ p.Data = "."
+ }
+ } else {
+ // /var/opt/memos doesn't exist, use current directory (local development)
+ p.Data = "."
+ }
+ }
+ }
+
+ // Create data directory if it doesn't exist
+ if _, err := os.Stat(p.Data); os.IsNotExist(err) {
+ if err := os.MkdirAll(p.Data, 0770); err != nil {
+ slog.Error("failed to create data directory", slog.String("data", p.Data), slog.String("error", err.Error()))
+ return err
}
}
@@ -84,7 +95,11 @@ func (p *Profile) Validate() error {
p.Data = dataDir
if p.Driver == "sqlite" && p.DSN == "" {
- dbFile := fmt.Sprintf("memos_%s.db", p.Mode)
+ mode := "prod"
+ if p.Demo {
+ mode = "demo"
+ }
+ dbFile := fmt.Sprintf("memos_%s.db", mode)
p.DSN = filepath.Join(dataDir, dbFile)
}
diff --git a/internal/version/version.go b/internal/version/version.go
index 2fdc62aef..af1bbc2ec 100644
--- a/internal/version/version.go
+++ b/internal/version/version.go
@@ -9,15 +9,9 @@ import (
// Version is the service current released version.
// Semantic versioning: https://semver.org/
-var Version = "0.25.3"
+var Version = "0.26.0"
-// DevVersion is the service current development version.
-var DevVersion = "0.25.3"
-
-func GetCurrentVersion(mode string) string {
- if mode == "dev" || mode == "demo" {
- return DevVersion
- }
+func GetCurrentVersion() string {
return Version
}
diff --git a/plugin/email/email_test.go b/plugin/email/email_test.go
index 7927512ec..f3eebee09 100644
--- a/plugin/email/email_test.go
+++ b/plugin/email/email_test.go
@@ -1,11 +1,11 @@
package email
import (
- "sync"
"testing"
"time"
"github.com/stretchr/testify/assert"
+ "golang.org/x/sync/errgroup"
)
func TestSend(t *testing.T) {
@@ -106,34 +106,22 @@ func TestSendAsyncConcurrent(t *testing.T) {
FromEmail: "test@example.com",
}
- // Send multiple emails concurrently
- var wg sync.WaitGroup
+ g := errgroup.Group{}
count := 5
for i := 0; i < count; i++ {
- wg.Add(1)
- go func() {
- defer wg.Done()
+ g.Go(func() error {
message := &Message{
To: []string{"recipient@example.com"},
Subject: "Concurrent Test",
Body: "Test body",
}
SendAsync(config, message)
- }()
+ return nil
+ })
}
- // Should complete without deadlock
- done := make(chan bool)
- go func() {
- wg.Wait()
- done <- true
- }()
-
- select {
- case <-done:
- // Success
- case <-time.After(1 * time.Second):
- t.Fatal("SendAsync calls did not complete in time")
+ if err := g.Wait(); err != nil {
+ t.Fatalf("SendAsync calls failed: %v", err)
}
}
diff --git a/plugin/filter/ir.go b/plugin/filter/ir.go
index cfdefc9d4..10cb13df1 100644
--- a/plugin/filter/ir.go
+++ b/plugin/filter/ir.go
@@ -114,3 +114,46 @@ type FunctionValue struct {
}
func (*FunctionValue) isValueExpr() {}
+
+// ListComprehensionCondition represents CEL macros like exists(), all(), filter().
+type ListComprehensionCondition struct {
+ Kind ComprehensionKind
+ Field string // The list field to iterate over (e.g., "tags")
+ IterVar string // The iteration variable name (e.g., "t")
+ Predicate PredicateExpr // The predicate to evaluate for each element
+}
+
+func (*ListComprehensionCondition) isCondition() {}
+
+// ComprehensionKind enumerates the types of list comprehensions.
+type ComprehensionKind string
+
+const (
+ ComprehensionExists ComprehensionKind = "exists"
+)
+
+// PredicateExpr represents predicates used in comprehensions.
+type PredicateExpr interface {
+ isPredicateExpr()
+}
+
+// StartsWithPredicate represents t.startsWith("prefix").
+type StartsWithPredicate struct {
+ Prefix string
+}
+
+func (*StartsWithPredicate) isPredicateExpr() {}
+
+// EndsWithPredicate represents t.endsWith("suffix").
+type EndsWithPredicate struct {
+ Suffix string
+}
+
+func (*EndsWithPredicate) isPredicateExpr() {}
+
+// ContainsPredicate represents t.contains("substring").
+type ContainsPredicate struct {
+ Substring string
+}
+
+func (*ContainsPredicate) isPredicateExpr() {}
diff --git a/plugin/filter/parser.go b/plugin/filter/parser.go
index 76bb1630b..36e52d1db 100644
--- a/plugin/filter/parser.go
+++ b/plugin/filter/parser.go
@@ -36,6 +36,8 @@ func buildCondition(expr *exprv1.Expr, schema Schema) (Condition, error) {
return nil, errors.Errorf("identifier %q is not boolean", name)
}
return &FieldPredicateCondition{Field: name}, nil
+ case *exprv1.Expr_ComprehensionExpr:
+ return buildComprehensionCondition(v.ComprehensionExpr, schema)
default:
return nil, errors.New("unsupported top-level expression")
}
@@ -415,3 +417,170 @@ func evaluateNumeric(expr *exprv1.Expr) (int64, bool, error) {
func timeNowUnix() int64 {
return time.Now().Unix()
}
+
+// buildComprehensionCondition handles CEL comprehension expressions (exists, all, etc.).
+func buildComprehensionCondition(comp *exprv1.Expr_Comprehension, schema Schema) (Condition, error) {
+ // Determine the comprehension kind by examining the loop initialization and step
+ kind, err := detectComprehensionKind(comp)
+ if err != nil {
+ return nil, err
+ }
+
+ // Get the field being iterated over
+ iterRangeIdent := comp.IterRange.GetIdentExpr()
+ if iterRangeIdent == nil {
+ return nil, errors.New("comprehension range must be a field identifier")
+ }
+ fieldName := iterRangeIdent.GetName()
+
+ // Validate the field
+ field, ok := schema.Field(fieldName)
+ if !ok {
+ return nil, errors.Errorf("unknown field %q in comprehension", fieldName)
+ }
+ if field.Kind != FieldKindJSONList {
+ return nil, errors.Errorf("field %q does not support comprehension (must be a list)", fieldName)
+ }
+
+ // Extract the predicate from the loop step
+ predicate, err := extractPredicate(comp, schema)
+ if err != nil {
+ return nil, err
+ }
+
+ return &ListComprehensionCondition{
+ Kind: kind,
+ Field: fieldName,
+ IterVar: comp.IterVar,
+ Predicate: predicate,
+ }, nil
+}
+
+// detectComprehensionKind determines if this is an exists() macro.
+// Only exists() is currently supported.
+func detectComprehensionKind(comp *exprv1.Expr_Comprehension) (ComprehensionKind, error) {
+ // Check the accumulator initialization
+ accuInit := comp.AccuInit.GetConstExpr()
+ if accuInit == nil {
+ return "", errors.New("comprehension accumulator must be initialized with a constant")
+ }
+
+ // exists() starts with false and uses OR (||) in loop step
+ if !accuInit.GetBoolValue() {
+ if step := comp.LoopStep.GetCallExpr(); step != nil && step.Function == "_||_" {
+ return ComprehensionExists, nil
+ }
+ }
+
+ // all() starts with true and uses AND (&&) - not supported
+ if accuInit.GetBoolValue() {
+ if step := comp.LoopStep.GetCallExpr(); step != nil && step.Function == "_&&_" {
+ return "", errors.New("all() comprehension is not supported; use exists() instead")
+ }
+ }
+
+ return "", errors.New("unsupported comprehension type; only exists() is supported")
+}
+
+// extractPredicate extracts the predicate expression from the comprehension loop step.
+func extractPredicate(comp *exprv1.Expr_Comprehension, _ Schema) (PredicateExpr, error) {
+ // The loop step is: @result || predicate(t) for exists
+ // or: @result && predicate(t) for all
+ step := comp.LoopStep.GetCallExpr()
+ if step == nil {
+ return nil, errors.New("comprehension loop step must be a call expression")
+ }
+
+ if len(step.Args) != 2 {
+ return nil, errors.New("comprehension loop step must have two arguments")
+ }
+
+ // The predicate is the second argument
+ predicateExpr := step.Args[1]
+ predicateCall := predicateExpr.GetCallExpr()
+ if predicateCall == nil {
+ return nil, errors.New("comprehension predicate must be a function call")
+ }
+
+ // Handle different predicate functions
+ switch predicateCall.Function {
+ case "startsWith":
+ return buildStartsWithPredicate(predicateCall, comp.IterVar)
+ case "endsWith":
+ return buildEndsWithPredicate(predicateCall, comp.IterVar)
+ case "contains":
+ return buildContainsPredicate(predicateCall, comp.IterVar)
+ default:
+ return nil, errors.Errorf("unsupported predicate function %q in comprehension (supported: startsWith, endsWith, contains)", predicateCall.Function)
+ }
+}
+
+// buildStartsWithPredicate extracts the pattern from t.startsWith("prefix").
+func buildStartsWithPredicate(call *exprv1.Expr_Call, iterVar string) (PredicateExpr, error) {
+ // Verify the target is the iteration variable
+ if target := call.Target.GetIdentExpr(); target == nil || target.GetName() != iterVar {
+ return nil, errors.Errorf("startsWith target must be the iteration variable %q", iterVar)
+ }
+
+ if len(call.Args) != 1 {
+ return nil, errors.New("startsWith expects exactly one argument")
+ }
+
+ prefix, err := getConstValue(call.Args[0])
+ if err != nil {
+ return nil, errors.Wrap(err, "startsWith argument must be a constant string")
+ }
+
+ prefixStr, ok := prefix.(string)
+ if !ok {
+ return nil, errors.New("startsWith argument must be a string")
+ }
+
+ return &StartsWithPredicate{Prefix: prefixStr}, nil
+}
+
+// buildEndsWithPredicate extracts the pattern from t.endsWith("suffix").
+func buildEndsWithPredicate(call *exprv1.Expr_Call, iterVar string) (PredicateExpr, error) {
+ if target := call.Target.GetIdentExpr(); target == nil || target.GetName() != iterVar {
+ return nil, errors.Errorf("endsWith target must be the iteration variable %q", iterVar)
+ }
+
+ if len(call.Args) != 1 {
+ return nil, errors.New("endsWith expects exactly one argument")
+ }
+
+ suffix, err := getConstValue(call.Args[0])
+ if err != nil {
+ return nil, errors.Wrap(err, "endsWith argument must be a constant string")
+ }
+
+ suffixStr, ok := suffix.(string)
+ if !ok {
+ return nil, errors.New("endsWith argument must be a string")
+ }
+
+ return &EndsWithPredicate{Suffix: suffixStr}, nil
+}
+
+// buildContainsPredicate extracts the pattern from t.contains("substring").
+func buildContainsPredicate(call *exprv1.Expr_Call, iterVar string) (PredicateExpr, error) {
+ if target := call.Target.GetIdentExpr(); target == nil || target.GetName() != iterVar {
+ return nil, errors.Errorf("contains target must be the iteration variable %q", iterVar)
+ }
+
+ if len(call.Args) != 1 {
+ return nil, errors.New("contains expects exactly one argument")
+ }
+
+ substring, err := getConstValue(call.Args[0])
+ if err != nil {
+ return nil, errors.Wrap(err, "contains argument must be a constant string")
+ }
+
+ substringStr, ok := substring.(string)
+ if !ok {
+ return nil, errors.New("contains argument must be a string")
+ }
+
+ return &ContainsPredicate{Substring: substringStr}, nil
+}
diff --git a/plugin/filter/render.go b/plugin/filter/render.go
index 9d3bc60af..c00de417e 100644
--- a/plugin/filter/render.go
+++ b/plugin/filter/render.go
@@ -74,6 +74,8 @@ func (r *renderer) renderCondition(cond Condition) (renderResult, error) {
return r.renderElementInCondition(c)
case *ContainsCondition:
return r.renderContainsCondition(c)
+ case *ListComprehensionCondition:
+ return r.renderListComprehension(c)
case *ConstantCondition:
if c.Value {
return renderResult{trivial: true}, nil
@@ -461,13 +463,108 @@ func (r *renderer) renderContainsCondition(cond *ContainsCondition) (renderResul
}
}
+func (r *renderer) renderListComprehension(cond *ListComprehensionCondition) (renderResult, error) {
+ field, ok := r.schema.Field(cond.Field)
+ if !ok {
+ return renderResult{}, errors.Errorf("unknown field %q", cond.Field)
+ }
+
+ if field.Kind != FieldKindJSONList {
+ return renderResult{}, errors.Errorf("field %q is not a JSON list", cond.Field)
+ }
+
+ // Render based on predicate type
+ switch pred := cond.Predicate.(type) {
+ case *StartsWithPredicate:
+ return r.renderTagStartsWith(field, pred.Prefix, cond.Kind)
+ case *EndsWithPredicate:
+ return r.renderTagEndsWith(field, pred.Suffix, cond.Kind)
+ case *ContainsPredicate:
+ return r.renderTagContains(field, pred.Substring, cond.Kind)
+ default:
+ return renderResult{}, errors.Errorf("unsupported predicate type %T in comprehension", pred)
+ }
+}
+
+// renderTagStartsWith generates SQL for tags.exists(t, t.startsWith("prefix")).
+func (r *renderer) renderTagStartsWith(field Field, prefix string, _ ComprehensionKind) (renderResult, error) {
+ arrayExpr := jsonArrayExpr(r.dialect, field)
+
+ switch r.dialect {
+ case DialectSQLite, DialectMySQL:
+ // Match exact tag or tags with this prefix (hierarchical support)
+ exactMatch := r.buildJSONArrayLike(arrayExpr, fmt.Sprintf(`%%"%s"%%`, prefix))
+ prefixMatch := r.buildJSONArrayLike(arrayExpr, fmt.Sprintf(`%%"%s%%`, prefix))
+ condition := fmt.Sprintf("(%s OR %s)", exactMatch, prefixMatch)
+ return renderResult{sql: r.wrapWithNullCheck(arrayExpr, condition)}, nil
+
+ case DialectPostgres:
+ // Use PostgreSQL's powerful JSON operators
+ exactMatch := fmt.Sprintf("%s @> jsonb_build_array(%s::json)", arrayExpr, r.addArg(fmt.Sprintf(`"%s"`, prefix)))
+ prefixMatch := fmt.Sprintf("(%s)::text LIKE %s", arrayExpr, r.addArg(fmt.Sprintf(`%%"%s%%`, prefix)))
+ condition := fmt.Sprintf("(%s OR %s)", exactMatch, prefixMatch)
+ return renderResult{sql: r.wrapWithNullCheck(arrayExpr, condition)}, nil
+
+ default:
+ return renderResult{}, errors.Errorf("unsupported dialect %s", r.dialect)
+ }
+}
+
+// renderTagEndsWith generates SQL for tags.exists(t, t.endsWith("suffix")).
+func (r *renderer) renderTagEndsWith(field Field, suffix string, _ ComprehensionKind) (renderResult, error) {
+ arrayExpr := jsonArrayExpr(r.dialect, field)
+ pattern := fmt.Sprintf(`%%%s"%%`, suffix)
+
+ likeExpr := r.buildJSONArrayLike(arrayExpr, pattern)
+ return renderResult{sql: r.wrapWithNullCheck(arrayExpr, likeExpr)}, nil
+}
+
+// renderTagContains generates SQL for tags.exists(t, t.contains("substring")).
+func (r *renderer) renderTagContains(field Field, substring string, _ ComprehensionKind) (renderResult, error) {
+ arrayExpr := jsonArrayExpr(r.dialect, field)
+ pattern := fmt.Sprintf(`%%%s%%`, substring)
+
+ likeExpr := r.buildJSONArrayLike(arrayExpr, pattern)
+ return renderResult{sql: r.wrapWithNullCheck(arrayExpr, likeExpr)}, nil
+}
+
+// buildJSONArrayLike builds a LIKE expression for matching within a JSON array.
+// Returns the LIKE clause without NULL/empty checks.
+func (r *renderer) buildJSONArrayLike(arrayExpr, pattern string) string {
+ switch r.dialect {
+ case DialectSQLite, DialectMySQL:
+ return fmt.Sprintf("%s LIKE %s", arrayExpr, r.addArg(pattern))
+ case DialectPostgres:
+ return fmt.Sprintf("(%s)::text LIKE %s", arrayExpr, r.addArg(pattern))
+ default:
+ return ""
+ }
+}
+
+// wrapWithNullCheck wraps a condition with NULL and empty array checks.
+// This ensures we don't match against NULL or empty JSON arrays.
+func (r *renderer) wrapWithNullCheck(arrayExpr, condition string) string {
+ var nullCheck string
+ switch r.dialect {
+ case DialectSQLite:
+ nullCheck = fmt.Sprintf("%s IS NOT NULL AND %s != '[]'", arrayExpr, arrayExpr)
+ case DialectMySQL:
+ nullCheck = fmt.Sprintf("%s IS NOT NULL AND JSON_LENGTH(%s) > 0", arrayExpr, arrayExpr)
+ case DialectPostgres:
+ nullCheck = fmt.Sprintf("%s IS NOT NULL AND jsonb_array_length(%s) > 0", arrayExpr, arrayExpr)
+ default:
+ return condition
+ }
+ return fmt.Sprintf("(%s AND %s)", condition, nullCheck)
+}
+
func (r *renderer) jsonBoolPredicate(field Field) (string, error) {
expr := jsonExtractExpr(r.dialect, field)
switch r.dialect {
case DialectSQLite:
return fmt.Sprintf("%s IS TRUE", expr), nil
case DialectMySQL:
- return fmt.Sprintf("%s = CAST('true' AS JSON)", expr), nil
+ return fmt.Sprintf("COALESCE(%s, CAST('false' AS JSON)) = CAST('true' AS JSON)", expr), nil
case DialectPostgres:
return fmt.Sprintf("(%s)::boolean IS TRUE", expr), nil
default:
diff --git a/plugin/filter/schema.go b/plugin/filter/schema.go
index c172eb62a..f2f8b0e4a 100644
--- a/plugin/filter/schema.go
+++ b/plugin/filter/schema.go
@@ -256,7 +256,7 @@ func NewAttachmentSchema() Schema {
Name: "filename",
Kind: FieldKindScalar,
Type: FieldTypeString,
- Column: Column{Table: "resource", Name: "filename"},
+ Column: Column{Table: "attachment", Name: "filename"},
SupportsContains: true,
Expressions: map[DialectName]string{},
},
@@ -264,14 +264,14 @@ func NewAttachmentSchema() Schema {
Name: "mime_type",
Kind: FieldKindScalar,
Type: FieldTypeString,
- Column: Column{Table: "resource", Name: "type"},
+ Column: Column{Table: "attachment", Name: "type"},
Expressions: map[DialectName]string{},
},
"create_time": {
Name: "create_time",
Kind: FieldKindScalar,
Type: FieldTypeTimestamp,
- Column: Column{Table: "resource", Name: "created_ts"},
+ Column: Column{Table: "attachment", Name: "created_ts"},
Expressions: map[DialectName]string{
// MySQL stores created_ts as TIMESTAMP, needs conversion to epoch
DialectMySQL: "UNIX_TIMESTAMP(%s)",
@@ -284,7 +284,7 @@ func NewAttachmentSchema() Schema {
Name: "memo_id",
Kind: FieldKindScalar,
Type: FieldTypeInt,
- Column: Column{Table: "resource", Name: "memo_id"},
+ Column: Column{Table: "attachment", Name: "memo_id"},
Expressions: map[DialectName]string{},
AllowedComparisonOps: map[ComparisonOperator]bool{
CompareEq: true,
diff --git a/proto/api/v1/instance_service.proto b/proto/api/v1/instance_service.proto
index ebe9ed2f1..f4ce3d501 100644
--- a/proto/api/v1/instance_service.proto
+++ b/proto/api/v1/instance_service.proto
@@ -2,6 +2,7 @@ syntax = "proto3";
package memos.api.v1;
+import "api/v1/user_service.proto";
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
@@ -34,18 +35,18 @@ service InstanceService {
// Instance profile message containing basic instance information.
message InstanceProfile {
- // The name of instance owner.
- // Format: users/{user}
- string owner = 1;
-
// Version is the current version of instance.
string version = 2;
- // Mode is the instance mode (e.g. "prod", "dev" or "demo").
- string mode = 3;
+ // Demo indicates if the instance is in demo mode.
+ bool demo = 3;
// Instance URL is the URL of the instance.
string instance_url = 6;
+
+ // The first administrator who set up this instance.
+ // When null, instance requires initial setup (creating the first admin account).
+ User admin = 7;
}
// Request for instance profile.
diff --git a/proto/api/v1/memo_service.proto b/proto/api/v1/memo_service.proto
index fd3c4ac76..0a26b6011 100644
--- a/proto/api/v1/memo_service.proto
+++ b/proto/api/v1/memo_service.proto
@@ -173,11 +173,13 @@ message Memo {
(google.api.resource_reference) = {type: "memos.api.v1/User"}
];
- // Output only. The creation timestamp.
- google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+ // The creation timestamp.
+ // If not set on creation, the server will set it to the current time.
+ google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OPTIONAL];
- // Output only. The last update timestamp.
- google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+ // The last update timestamp.
+ // If not set on creation, the server will set it to the current time.
+ google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OPTIONAL];
// The display timestamp of the memo.
google.protobuf.Timestamp display_time = 6 [(google.api.field_behavior) = OPTIONAL];
diff --git a/proto/api/v1/user_service.proto b/proto/api/v1/user_service.proto
index 4505451ec..53883acbb 100644
--- a/proto/api/v1/user_service.proto
+++ b/proto/api/v1/user_service.proto
@@ -203,13 +203,10 @@ message User {
// User role enumeration.
enum Role {
- // Unspecified role.
ROLE_UNSPECIFIED = 0;
- // Host role with full system access.
- HOST = 1;
- // Admin role with administrative privileges.
+ // Admin role with system access.
ADMIN = 2;
- // Regular user role.
+ // User role with limited access.
USER = 3;
}
}
diff --git a/proto/gen/api/v1/instance_service.pb.go b/proto/gen/api/v1/instance_service.pb.go
index c98eb3b88..5be2dd4bd 100644
--- a/proto/gen/api/v1/instance_service.pb.go
+++ b/proto/gen/api/v1/instance_service.pb.go
@@ -138,15 +138,15 @@ func (InstanceSetting_StorageSetting_StorageType) EnumDescriptor() ([]byte, []in
// Instance profile message containing basic instance information.
type InstanceProfile struct {
state protoimpl.MessageState `protogen:"open.v1"`
- // The name of instance owner.
- // Format: users/{user}
- Owner string `protobuf:"bytes,1,opt,name=owner,proto3" json:"owner,omitempty"`
// Version is the current version of instance.
Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
- // Mode is the instance mode (e.g. "prod", "dev" or "demo").
- Mode string `protobuf:"bytes,3,opt,name=mode,proto3" json:"mode,omitempty"`
+ // Demo indicates if the instance is in demo mode.
+ Demo bool `protobuf:"varint,3,opt,name=demo,proto3" json:"demo,omitempty"`
// Instance URL is the URL of the instance.
- InstanceUrl string `protobuf:"bytes,6,opt,name=instance_url,json=instanceUrl,proto3" json:"instance_url,omitempty"`
+ InstanceUrl string `protobuf:"bytes,6,opt,name=instance_url,json=instanceUrl,proto3" json:"instance_url,omitempty"`
+ // The first administrator who set up this instance.
+ // When null, instance requires initial setup (creating the first admin account).
+ Admin *User `protobuf:"bytes,7,opt,name=admin,proto3" json:"admin,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
@@ -181,13 +181,6 @@ func (*InstanceProfile) Descriptor() ([]byte, []int) {
return file_api_v1_instance_service_proto_rawDescGZIP(), []int{0}
}
-func (x *InstanceProfile) GetOwner() string {
- if x != nil {
- return x.Owner
- }
- return ""
-}
-
func (x *InstanceProfile) GetVersion() string {
if x != nil {
return x.Version
@@ -195,11 +188,11 @@ func (x *InstanceProfile) GetVersion() string {
return ""
}
-func (x *InstanceProfile) GetMode() string {
+func (x *InstanceProfile) GetDemo() bool {
if x != nil {
- return x.Mode
+ return x.Demo
}
- return ""
+ return false
}
func (x *InstanceProfile) GetInstanceUrl() string {
@@ -209,6 +202,13 @@ func (x *InstanceProfile) GetInstanceUrl() string {
return ""
}
+func (x *InstanceProfile) GetAdmin() *User {
+ if x != nil {
+ return x.Admin
+ }
+ return nil
+}
+
// Request for instance profile.
type GetInstanceProfileRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
@@ -875,12 +875,12 @@ var File_api_v1_instance_service_proto protoreflect.FileDescriptor
const file_api_v1_instance_service_proto_rawDesc = "" +
"\n" +
- "\x1dapi/v1/instance_service.proto\x12\fmemos.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a google/protobuf/field_mask.proto\"x\n" +
- "\x0fInstanceProfile\x12\x14\n" +
- "\x05owner\x18\x01 \x01(\tR\x05owner\x12\x18\n" +
+ "\x1dapi/v1/instance_service.proto\x12\fmemos.api.v1\x1a\x19api/v1/user_service.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a google/protobuf/field_mask.proto\"\x8c\x01\n" +
+ "\x0fInstanceProfile\x12\x18\n" +
"\aversion\x18\x02 \x01(\tR\aversion\x12\x12\n" +
- "\x04mode\x18\x03 \x01(\tR\x04mode\x12!\n" +
- "\finstance_url\x18\x06 \x01(\tR\vinstanceUrl\"\x1b\n" +
+ "\x04demo\x18\x03 \x01(\bR\x04demo\x12!\n" +
+ "\finstance_url\x18\x06 \x01(\tR\vinstanceUrl\x12(\n" +
+ "\x05admin\x18\a \x01(\v2\x12.memos.api.v1.UserR\x05admin\"\x1b\n" +
"\x19GetInstanceProfileRequest\"\x99\x0f\n" +
"\x0fInstanceSetting\x12\x17\n" +
"\x04name\x18\x01 \x01(\tB\x03\xe0A\bR\x04name\x12W\n" +
@@ -970,28 +970,30 @@ var file_api_v1_instance_service_proto_goTypes = []any{
(*InstanceSetting_MemoRelatedSetting)(nil), // 9: memos.api.v1.InstanceSetting.MemoRelatedSetting
(*InstanceSetting_GeneralSetting_CustomProfile)(nil), // 10: memos.api.v1.InstanceSetting.GeneralSetting.CustomProfile
(*InstanceSetting_StorageSetting_S3Config)(nil), // 11: memos.api.v1.InstanceSetting.StorageSetting.S3Config
- (*fieldmaskpb.FieldMask)(nil), // 12: google.protobuf.FieldMask
+ (*User)(nil), // 12: memos.api.v1.User
+ (*fieldmaskpb.FieldMask)(nil), // 13: google.protobuf.FieldMask
}
var file_api_v1_instance_service_proto_depIdxs = []int32{
- 7, // 0: memos.api.v1.InstanceSetting.general_setting:type_name -> memos.api.v1.InstanceSetting.GeneralSetting
- 8, // 1: memos.api.v1.InstanceSetting.storage_setting:type_name -> memos.api.v1.InstanceSetting.StorageSetting
- 9, // 2: memos.api.v1.InstanceSetting.memo_related_setting:type_name -> memos.api.v1.InstanceSetting.MemoRelatedSetting
- 4, // 3: memos.api.v1.UpdateInstanceSettingRequest.setting:type_name -> memos.api.v1.InstanceSetting
- 12, // 4: memos.api.v1.UpdateInstanceSettingRequest.update_mask:type_name -> google.protobuf.FieldMask
- 10, // 5: memos.api.v1.InstanceSetting.GeneralSetting.custom_profile:type_name -> memos.api.v1.InstanceSetting.GeneralSetting.CustomProfile
- 1, // 6: memos.api.v1.InstanceSetting.StorageSetting.storage_type:type_name -> memos.api.v1.InstanceSetting.StorageSetting.StorageType
- 11, // 7: memos.api.v1.InstanceSetting.StorageSetting.s3_config:type_name -> memos.api.v1.InstanceSetting.StorageSetting.S3Config
- 3, // 8: memos.api.v1.InstanceService.GetInstanceProfile:input_type -> memos.api.v1.GetInstanceProfileRequest
- 5, // 9: memos.api.v1.InstanceService.GetInstanceSetting:input_type -> memos.api.v1.GetInstanceSettingRequest
- 6, // 10: memos.api.v1.InstanceService.UpdateInstanceSetting:input_type -> memos.api.v1.UpdateInstanceSettingRequest
- 2, // 11: memos.api.v1.InstanceService.GetInstanceProfile:output_type -> memos.api.v1.InstanceProfile
- 4, // 12: memos.api.v1.InstanceService.GetInstanceSetting:output_type -> memos.api.v1.InstanceSetting
- 4, // 13: memos.api.v1.InstanceService.UpdateInstanceSetting:output_type -> memos.api.v1.InstanceSetting
- 11, // [11:14] is the sub-list for method output_type
- 8, // [8:11] is the sub-list for method input_type
- 8, // [8:8] is the sub-list for extension type_name
- 8, // [8:8] is the sub-list for extension extendee
- 0, // [0:8] is the sub-list for field type_name
+ 12, // 0: memos.api.v1.InstanceProfile.admin:type_name -> memos.api.v1.User
+ 7, // 1: memos.api.v1.InstanceSetting.general_setting:type_name -> memos.api.v1.InstanceSetting.GeneralSetting
+ 8, // 2: memos.api.v1.InstanceSetting.storage_setting:type_name -> memos.api.v1.InstanceSetting.StorageSetting
+ 9, // 3: memos.api.v1.InstanceSetting.memo_related_setting:type_name -> memos.api.v1.InstanceSetting.MemoRelatedSetting
+ 4, // 4: memos.api.v1.UpdateInstanceSettingRequest.setting:type_name -> memos.api.v1.InstanceSetting
+ 13, // 5: memos.api.v1.UpdateInstanceSettingRequest.update_mask:type_name -> google.protobuf.FieldMask
+ 10, // 6: memos.api.v1.InstanceSetting.GeneralSetting.custom_profile:type_name -> memos.api.v1.InstanceSetting.GeneralSetting.CustomProfile
+ 1, // 7: memos.api.v1.InstanceSetting.StorageSetting.storage_type:type_name -> memos.api.v1.InstanceSetting.StorageSetting.StorageType
+ 11, // 8: memos.api.v1.InstanceSetting.StorageSetting.s3_config:type_name -> memos.api.v1.InstanceSetting.StorageSetting.S3Config
+ 3, // 9: memos.api.v1.InstanceService.GetInstanceProfile:input_type -> memos.api.v1.GetInstanceProfileRequest
+ 5, // 10: memos.api.v1.InstanceService.GetInstanceSetting:input_type -> memos.api.v1.GetInstanceSettingRequest
+ 6, // 11: memos.api.v1.InstanceService.UpdateInstanceSetting:input_type -> memos.api.v1.UpdateInstanceSettingRequest
+ 2, // 12: memos.api.v1.InstanceService.GetInstanceProfile:output_type -> memos.api.v1.InstanceProfile
+ 4, // 13: memos.api.v1.InstanceService.GetInstanceSetting:output_type -> memos.api.v1.InstanceSetting
+ 4, // 14: memos.api.v1.InstanceService.UpdateInstanceSetting:output_type -> memos.api.v1.InstanceSetting
+ 12, // [12:15] is the sub-list for method output_type
+ 9, // [9:12] is the sub-list for method input_type
+ 9, // [9:9] is the sub-list for extension type_name
+ 9, // [9:9] is the sub-list for extension extendee
+ 0, // [0:9] is the sub-list for field type_name
}
func init() { file_api_v1_instance_service_proto_init() }
@@ -999,6 +1001,7 @@ func file_api_v1_instance_service_proto_init() {
if File_api_v1_instance_service_proto != nil {
return
}
+ file_api_v1_user_service_proto_init()
file_api_v1_instance_service_proto_msgTypes[2].OneofWrappers = []any{
(*InstanceSetting_GeneralSetting_)(nil),
(*InstanceSetting_StorageSetting_)(nil),
diff --git a/proto/gen/api/v1/memo_service.pb.go b/proto/gen/api/v1/memo_service.pb.go
index e102f9e51..b99fab571 100644
--- a/proto/gen/api/v1/memo_service.pb.go
+++ b/proto/gen/api/v1/memo_service.pb.go
@@ -222,9 +222,11 @@ type Memo struct {
// The name of the creator.
// Format: users/{user}
Creator string `protobuf:"bytes,3,opt,name=creator,proto3" json:"creator,omitempty"`
- // Output only. The creation timestamp.
+ // The creation timestamp.
+ // If not set on creation, the server will set it to the current time.
CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
- // Output only. The last update timestamp.
+ // The last update timestamp.
+ // If not set on creation, the server will set it to the current time.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// The display timestamp of the memo.
DisplayTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=display_time,json=displayTime,proto3" json:"display_time,omitempty"`
@@ -1816,9 +1818,9 @@ const file_api_v1_memo_service_proto_rawDesc = "" +
"\x05state\x18\x02 \x01(\x0e2\x13.memos.api.v1.StateB\x03\xe0A\x02R\x05state\x123\n" +
"\acreator\x18\x03 \x01(\tB\x19\xe0A\x03\xfaA\x13\n" +
"\x11memos.api.v1/UserR\acreator\x12@\n" +
- "\vcreate_time\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x03R\n" +
+ "\vcreate_time\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x01R\n" +
"createTime\x12@\n" +
- "\vupdate_time\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x03R\n" +
+ "\vupdate_time\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x01R\n" +
"updateTime\x12B\n" +
"\fdisplay_time\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x01R\vdisplayTime\x12\x1d\n" +
"\acontent\x18\a \x01(\tB\x03\xe0A\x02R\acontent\x12=\n" +
diff --git a/proto/gen/api/v1/user_service.pb.go b/proto/gen/api/v1/user_service.pb.go
index 82d76ad12..9f2d32e0d 100644
--- a/proto/gen/api/v1/user_service.pb.go
+++ b/proto/gen/api/v1/user_service.pb.go
@@ -29,13 +29,10 @@ const (
type User_Role int32
const (
- // Unspecified role.
User_ROLE_UNSPECIFIED User_Role = 0
- // Host role with full system access.
- User_HOST User_Role = 1
- // Admin role with administrative privileges.
+ // Admin role with system access.
User_ADMIN User_Role = 2
- // Regular user role.
+ // User role with limited access.
User_USER User_Role = 3
)
@@ -43,13 +40,11 @@ const (
var (
User_Role_name = map[int32]string{
0: "ROLE_UNSPECIFIED",
- 1: "HOST",
2: "ADMIN",
3: "USER",
}
User_Role_value = map[string]int32{
"ROLE_UNSPECIFIED": 0,
- "HOST": 1,
"ADMIN": 2,
"USER": 3,
}
@@ -2509,7 +2504,7 @@ var File_api_v1_user_service_proto protoreflect.FileDescriptor
const file_api_v1_user_service_proto_rawDesc = "" +
"\n" +
- "\x19api/v1/user_service.proto\x12\fmemos.api.v1\x1a\x13api/v1/common.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xcb\x04\n" +
+ "\x19api/v1/user_service.proto\x12\fmemos.api.v1\x1a\x13api/v1/common.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xc1\x04\n" +
"\x04User\x12\x17\n" +
"\x04name\x18\x01 \x01(\tB\x03\xe0A\bR\x04name\x120\n" +
"\x04role\x18\x02 \x01(\x0e2\x17.memos.api.v1.User.RoleB\x03\xe0A\x02R\x04role\x12\x1f\n" +
@@ -2525,10 +2520,9 @@ const file_api_v1_user_service_proto_rawDesc = "" +
" \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x03R\n" +
"createTime\x12@\n" +
"\vupdate_time\x18\v \x01(\v2\x1a.google.protobuf.TimestampB\x03\xe0A\x03R\n" +
- "updateTime\";\n" +
+ "updateTime\"1\n" +
"\x04Role\x12\x14\n" +
- "\x10ROLE_UNSPECIFIED\x10\x00\x12\b\n" +
- "\x04HOST\x10\x01\x12\t\n" +
+ "\x10ROLE_UNSPECIFIED\x10\x00\x12\t\n" +
"\x05ADMIN\x10\x02\x12\b\n" +
"\x04USER\x10\x03:7\xeaA4\n" +
"\x11memos.api.v1/User\x12\fusers/{user}\x1a\x04name*\x05users2\x04user\"\x9d\x01\n" +
diff --git a/proto/gen/openapi.yaml b/proto/gen/openapi.yaml
index b52c35b20..d8ed9eed1 100644
--- a/proto/gen/openapi.yaml
+++ b/proto/gen/openapi.yaml
@@ -2132,20 +2132,21 @@ components:
InstanceProfile:
type: object
properties:
- owner:
- type: string
- description: |-
- The name of instance owner.
- Format: users/{user}
version:
type: string
description: Version is the current version of instance.
- mode:
- type: string
- description: Mode is the instance mode (e.g. "prod", "dev" or "demo").
+ demo:
+ type: boolean
+ description: Demo indicates if the instance is in demo mode.
instanceUrl:
type: string
description: Instance URL is the URL of the instance.
+ admin:
+ allOf:
+ - $ref: '#/components/schemas/User'
+ description: |-
+ The first administrator who set up this instance.
+ When null, instance requires initial setup (creating the first admin account).
description: Instance profile message containing basic instance information.
InstanceSetting:
type: object
@@ -2470,14 +2471,16 @@ components:
The name of the creator.
Format: users/{user}
createTime:
- readOnly: true
type: string
- description: Output only. The creation timestamp.
+ description: |-
+ The creation timestamp.
+ If not set on creation, the server will set it to the current time.
format: date-time
updateTime:
- readOnly: true
type: string
- description: Output only. The last update timestamp.
+ description: |-
+ The last update timestamp.
+ If not set on creation, the server will set it to the current time.
format: date-time
displayTime:
type: string
@@ -2857,7 +2860,6 @@ components:
role:
enum:
- ROLE_UNSPECIFIED
- - HOST
- ADMIN
- USER
type: string
diff --git a/scripts/Dockerfile b/scripts/Dockerfile
index c58a6347c..ed2894c2b 100644
--- a/scripts/Dockerfile
+++ b/scripts/Dockerfile
@@ -1,30 +1,56 @@
-FROM golang:1.25-alpine AS backend
+FROM --platform=$BUILDPLATFORM golang:1.25-alpine AS backend
WORKDIR /backend-build
+
+# Install build dependencies
+RUN apk add --no-cache git ca-certificates
+
+# Copy go mod files and download dependencies (cached layer)
COPY go.mod go.sum ./
-RUN go mod download
+RUN --mount=type=cache,target=/go/pkg/mod \
+ go mod download
+
+# Copy source code (use .dockerignore to exclude unnecessary files)
COPY . .
+
# Please build frontend first, so that the static files are available.
# Refer to `pnpm release` in package.json for the build command.
+ARG TARGETOS TARGETARCH VERSION COMMIT
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
- go build -ldflags="-s -w" -o memos ./cmd/memos
+ CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
+ go build \
+ -trimpath \
+ -ldflags="-s -w -extldflags '-static'" \
+ -tags netgo,osusergo \
+ -o memos \
+ ./cmd/memos
-FROM alpine:latest AS monolithic
-WORKDIR /usr/local/memos
+# Use minimal Alpine with security updates
+FROM alpine:3.21 AS monolithic
-RUN apk add --no-cache tzdata
-ENV TZ="UTC"
+# Install runtime dependencies and create non-root user in single layer
+RUN apk add --no-cache tzdata ca-certificates su-exec && \
+ addgroup -g 10001 -S nonroot && \
+ adduser -u 10001 -S -G nonroot -h /var/opt/memos nonroot && \
+ mkdir -p /var/opt/memos /usr/local/memos && \
+ chown -R nonroot:nonroot /var/opt/memos
-COPY --from=backend /backend-build/memos /usr/local/memos/
-COPY ./scripts/entrypoint.sh /usr/local/memos/
+# Copy binary and entrypoint to /usr/local/memos
+COPY --from=backend /backend-build/memos /usr/local/memos/memos
+COPY --from=backend --chmod=755 /backend-build/scripts/entrypoint.sh /usr/local/memos/entrypoint.sh
+
+# Run as root to fix permissions, entrypoint will drop to nonroot
+USER root
+
+# Set working directory to the writable volume
+WORKDIR /var/opt/memos
+
+# Data directory
+VOLUME /var/opt/memos
+
+ENV TZ="UTC" \
+ MEMOS_PORT="5230"
EXPOSE 5230
-# Directory to store the data, which can be referenced as the mounting point.
-RUN mkdir -p /var/opt/memos
-VOLUME /var/opt/memos
-
-ENV MEMOS_MODE="prod"
-ENV MEMOS_PORT="5230"
-
-ENTRYPOINT ["./entrypoint.sh", "./memos"]
+ENTRYPOINT ["/usr/local/memos/entrypoint.sh", "/usr/local/memos/memos"]
diff --git a/scripts/build.sh b/scripts/build.sh
index ef687d061..15fbe2b71 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -29,4 +29,4 @@ go build -o "$OUTPUT" ./cmd/memos
echo "Build successful!"
echo "To run the application, execute the following command:"
-echo "$OUTPUT --mode dev"
+echo "$OUTPUT"
diff --git a/scripts/compose.yaml b/scripts/compose.yaml
index d5e33c3b0..a8a746c48 100644
--- a/scripts/compose.yaml
+++ b/scripts/compose.yaml
@@ -1,6 +1,6 @@
services:
memos:
- image: neosmemo/memos:latest
+ image: neosmemo/memos:stable
container_name: memos
volumes:
- ~/.memos/:/var/opt/memos
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
index ec62af83d..710469df9 100755
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -1,5 +1,19 @@
#!/usr/bin/env sh
+# Fix ownership of data directory for users upgrading from older versions
+# where files were created as root
+MEMOS_UID=${MEMOS_UID:-10001}
+MEMOS_GID=${MEMOS_GID:-10001}
+DATA_DIR="/var/opt/memos"
+
+if [ "$(id -u)" = "0" ]; then
+ # Running as root, fix permissions and drop to nonroot
+ if [ -d "$DATA_DIR" ]; then
+ chown -R "$MEMOS_UID:$MEMOS_GID" "$DATA_DIR" 2>/dev/null || true
+ fi
+ exec su-exec "$MEMOS_UID:$MEMOS_GID" "$0" "$@"
+fi
+
file_env() {
var="$1"
fileVar="${var}_FILE"
diff --git a/server/auth/token_test.go b/server/auth/token_test.go
index 3b4262dd1..3932016ec 100644
--- a/server/auth/token_test.go
+++ b/server/auth/token_test.go
@@ -74,7 +74,7 @@ func TestParseAccessTokenV2(t *testing.T) {
})
t.Run("parses token with different roles", func(t *testing.T) {
- roles := []string{"USER", "ADMIN", "HOST"}
+ roles := []string{"USER", "ADMIN"}
for _, role := range roles {
token, _, err := GenerateAccessTokenV2(1, "testuser", role, "ACTIVE", secret)
require.NoError(t, err)
diff --git a/server/router/api/v1/acl_config.go b/server/router/api/v1/acl_config.go
index 4045a7f5c..9958900b2 100644
--- a/server/router/api/v1/acl_config.go
+++ b/server/router/api/v1/acl_config.go
@@ -29,8 +29,9 @@ var PublicMethods = map[string]struct{}{
"/memos.api.v1.IdentityProviderService/ListIdentityProviders": {},
// Memo Service - public memos (visibility filtering done in service layer)
- "/memos.api.v1.MemoService/GetMemo": {},
- "/memos.api.v1.MemoService/ListMemos": {},
+ "/memos.api.v1.MemoService/GetMemo": {},
+ "/memos.api.v1.MemoService/ListMemos": {},
+ "/memos.api.v1.MemoService/ListMemoComments": {},
}
// IsPublicMethod checks if a procedure path is public (no authentication required).
diff --git a/server/router/api/v1/attachment_exif_test.go b/server/router/api/v1/attachment_exif_test.go
new file mode 100644
index 000000000..2b0d5d7c6
--- /dev/null
+++ b/server/router/api/v1/attachment_exif_test.go
@@ -0,0 +1,191 @@
+package v1
+
+import (
+ "bytes"
+ "image"
+ "image/color"
+ "image/jpeg"
+ "testing"
+
+ "github.com/disintegration/imaging"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestShouldStripExif(t *testing.T) {
+ t.Parallel()
+
+ tests := []struct {
+ name string
+ mimeType string
+ expected bool
+ }{
+ {
+ name: "JPEG should strip EXIF",
+ mimeType: "image/jpeg",
+ expected: true,
+ },
+ {
+ name: "JPG should strip EXIF",
+ mimeType: "image/jpg",
+ expected: true,
+ },
+ {
+ name: "TIFF should strip EXIF",
+ mimeType: "image/tiff",
+ expected: true,
+ },
+ {
+ name: "WebP should strip EXIF",
+ mimeType: "image/webp",
+ expected: true,
+ },
+ {
+ name: "HEIC should strip EXIF",
+ mimeType: "image/heic",
+ expected: true,
+ },
+ {
+ name: "HEIF should strip EXIF",
+ mimeType: "image/heif",
+ expected: true,
+ },
+ {
+ name: "PNG should not strip EXIF",
+ mimeType: "image/png",
+ expected: false,
+ },
+ {
+ name: "GIF should not strip EXIF",
+ mimeType: "image/gif",
+ expected: false,
+ },
+ {
+ name: "text file should not strip EXIF",
+ mimeType: "text/plain",
+ expected: false,
+ },
+ {
+ name: "PDF should not strip EXIF",
+ mimeType: "application/pdf",
+ expected: false,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+ result := shouldStripExif(tt.mimeType)
+ assert.Equal(t, tt.expected, result)
+ })
+ }
+}
+
+func TestStripImageExif(t *testing.T) {
+ t.Parallel()
+
+ // Create a simple test image
+ img := image.NewRGBA(image.Rect(0, 0, 100, 100))
+ // Fill with red color
+ for y := 0; y < 100; y++ {
+ for x := 0; x < 100; x++ {
+ img.Set(x, y, color.RGBA{R: 255, G: 0, B: 0, A: 255})
+ }
+ }
+
+ // Encode as JPEG
+ var buf bytes.Buffer
+ err := jpeg.Encode(&buf, img, &jpeg.Options{Quality: 90})
+ require.NoError(t, err)
+ originalData := buf.Bytes()
+
+ t.Run("strip JPEG metadata", func(t *testing.T) {
+ t.Parallel()
+
+ strippedData, err := stripImageExif(originalData, "image/jpeg")
+ require.NoError(t, err)
+ assert.NotEmpty(t, strippedData)
+
+ // Verify it's still a valid image
+ decodedImg, err := imaging.Decode(bytes.NewReader(strippedData))
+ require.NoError(t, err)
+ assert.Equal(t, 100, decodedImg.Bounds().Dx())
+ assert.Equal(t, 100, decodedImg.Bounds().Dy())
+ })
+
+ t.Run("strip JPG metadata (alternate extension)", func(t *testing.T) {
+ t.Parallel()
+
+ strippedData, err := stripImageExif(originalData, "image/jpg")
+ require.NoError(t, err)
+ assert.NotEmpty(t, strippedData)
+
+ // Verify it's still a valid image
+ decodedImg, err := imaging.Decode(bytes.NewReader(strippedData))
+ require.NoError(t, err)
+ assert.NotNil(t, decodedImg)
+ })
+
+ t.Run("strip PNG metadata", func(t *testing.T) {
+ t.Parallel()
+
+ // Encode as PNG first
+ var pngBuf bytes.Buffer
+ err := imaging.Encode(&pngBuf, img, imaging.PNG)
+ require.NoError(t, err)
+
+ strippedData, err := stripImageExif(pngBuf.Bytes(), "image/png")
+ require.NoError(t, err)
+ assert.NotEmpty(t, strippedData)
+
+ // Verify it's still a valid image
+ decodedImg, err := imaging.Decode(bytes.NewReader(strippedData))
+ require.NoError(t, err)
+ assert.Equal(t, 100, decodedImg.Bounds().Dx())
+ assert.Equal(t, 100, decodedImg.Bounds().Dy())
+ })
+
+ t.Run("handle WebP format by converting to JPEG", func(t *testing.T) {
+ t.Parallel()
+
+ // WebP format will be converted to JPEG
+ strippedData, err := stripImageExif(originalData, "image/webp")
+ require.NoError(t, err)
+ assert.NotEmpty(t, strippedData)
+
+ // Verify it's a valid image
+ decodedImg, err := imaging.Decode(bytes.NewReader(strippedData))
+ require.NoError(t, err)
+ assert.NotNil(t, decodedImg)
+ })
+
+ t.Run("handle HEIC format by converting to JPEG", func(t *testing.T) {
+ t.Parallel()
+
+ strippedData, err := stripImageExif(originalData, "image/heic")
+ require.NoError(t, err)
+ assert.NotEmpty(t, strippedData)
+
+ // Verify it's a valid image
+ decodedImg, err := imaging.Decode(bytes.NewReader(strippedData))
+ require.NoError(t, err)
+ assert.NotNil(t, decodedImg)
+ })
+
+ t.Run("return error for invalid image data", func(t *testing.T) {
+ t.Parallel()
+
+ invalidData := []byte("not an image")
+ _, err := stripImageExif(invalidData, "image/jpeg")
+ assert.Error(t, err)
+ assert.Contains(t, err.Error(), "failed to decode image")
+ })
+
+ t.Run("return error for empty image data", func(t *testing.T) {
+ t.Parallel()
+
+ emptyData := []byte{}
+ _, err := stripImageExif(emptyData, "image/jpeg")
+ assert.Error(t, err)
+ })
+}
diff --git a/server/router/api/v1/attachment_service.go b/server/router/api/v1/attachment_service.go
index a87140f75..f2218da41 100644
--- a/server/router/api/v1/attachment_service.go
+++ b/server/router/api/v1/attachment_service.go
@@ -6,6 +6,7 @@ import (
"encoding/binary"
"fmt"
"io"
+ "log/slog"
"mime"
"net/http"
"os"
@@ -14,6 +15,7 @@ import (
"strings"
"time"
+ "github.com/disintegration/imaging"
"github.com/lithammer/shortuuid/v4"
"github.com/pkg/errors"
"google.golang.org/grpc/codes"
@@ -38,6 +40,10 @@ const (
MebiByte = 1024 * 1024
// ThumbnailCacheFolder is the folder name where the thumbnail images are stored.
ThumbnailCacheFolder = ".thumbnail_cache"
+
+ // defaultJPEGQuality is the JPEG quality used when re-encoding images for EXIF stripping.
+ // Quality 95 maintains visual quality while ensuring metadata is removed.
+ defaultJPEGQuality = 95
)
var SupportedThumbnailMimeTypes = []string{
@@ -45,6 +51,17 @@ var SupportedThumbnailMimeTypes = []string{
"image/jpeg",
}
+// exifCapableImageTypes defines image formats that may contain EXIF metadata.
+// These formats will have their EXIF metadata stripped on upload for privacy.
+var exifCapableImageTypes = map[string]bool{
+ "image/jpeg": true,
+ "image/jpg": true,
+ "image/tiff": true,
+ "image/webp": true,
+ "image/heic": true,
+ "image/heif": true,
+}
+
func (s *APIV1Service) CreateAttachment(ctx context.Context, request *v1pb.CreateAttachmentRequest) (*v1pb.Attachment, error) {
user, err := s.fetchCurrentUser(ctx)
if err != nil {
@@ -111,6 +128,21 @@ func (s *APIV1Service) CreateAttachment(ctx context.Context, request *v1pb.Creat
create.Size = int64(size)
create.Blob = request.Attachment.Content
+ // Strip EXIF metadata from images for privacy protection.
+ // This removes sensitive information like GPS location, device details, etc.
+ if shouldStripExif(create.Type) {
+ if strippedBlob, err := stripImageExif(create.Blob, create.Type); err != nil {
+ // Log warning but continue with original image to ensure uploads don't fail.
+ slog.Warn("failed to strip EXIF metadata from image",
+ slog.String("type", create.Type),
+ slog.String("filename", create.Filename),
+ slog.String("error", err.Error()))
+ } else {
+ create.Blob = strippedBlob
+ create.Size = int64(len(strippedBlob))
+ }
+ }
+
if err := SaveAttachmentBlob(ctx, s.Profile, s.Store, create); err != nil {
return nil, status.Errorf(codes.Internal, "failed to save attachment blob: %v", err)
}
@@ -214,6 +246,12 @@ func (s *APIV1Service) GetAttachment(ctx context.Context, request *v1pb.GetAttac
if attachment == nil {
return nil, status.Errorf(codes.NotFound, "attachment not found")
}
+
+ // Check access permission based on linked memo visibility.
+ if err := s.checkAttachmentAccess(ctx, attachment); err != nil {
+ return nil, err
+ }
+
return convertAttachmentFromStore(attachment), nil
}
@@ -225,10 +263,24 @@ func (s *APIV1Service) UpdateAttachment(ctx context.Context, request *v1pb.Updat
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "update mask is required")
}
+ user, err := s.fetchCurrentUser(ctx)
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
+ }
+ if user == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
attachment, err := s.Store.GetAttachment(ctx, &store.FindAttachment{UID: &attachmentUID})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get attachment: %v", err)
}
+ if attachment == nil {
+ return nil, status.Errorf(codes.NotFound, "attachment not found")
+ }
+ // Only the creator or admin can update the attachment.
+ if attachment.CreatorID != user.ID && !isSuperUser(user) {
+ return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+ }
currentTs := time.Now().Unix()
update := &store.UpdateAttachment{
@@ -516,3 +568,89 @@ func (s *APIV1Service) validateAttachmentFilter(ctx context.Context, filterStr s
}
return nil
}
+
+// checkAttachmentAccess verifies the user has permission to access the attachment.
+// For unlinked attachments (no memo), only the creator can access.
+// For linked attachments, access follows the memo's visibility rules.
+func (s *APIV1Service) checkAttachmentAccess(ctx context.Context, attachment *store.Attachment) error {
+ user, _ := s.fetchCurrentUser(ctx)
+
+ // For unlinked attachments, only the creator can access.
+ if attachment.MemoID == nil {
+ if user == nil {
+ return status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if attachment.CreatorID != user.ID && !isSuperUser(user) {
+ return status.Errorf(codes.PermissionDenied, "permission denied")
+ }
+ return nil
+ }
+
+ // For linked attachments, check memo visibility.
+ memo, err := s.Store.GetMemo(ctx, &store.FindMemo{ID: attachment.MemoID})
+ if err != nil {
+ return status.Errorf(codes.Internal, "failed to get memo: %v", err)
+ }
+ if memo == nil {
+ return status.Errorf(codes.NotFound, "memo not found")
+ }
+
+ if memo.Visibility == store.Public {
+ return nil
+ }
+ if user == nil {
+ return status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if memo.Visibility == store.Private && memo.CreatorID != user.ID && !isSuperUser(user) {
+ return status.Errorf(codes.PermissionDenied, "permission denied")
+ }
+ return nil
+}
+
+// shouldStripExif checks if the MIME type is an image format that may contain EXIF metadata.
+// Returns true for formats like JPEG, TIFF, WebP, HEIC, and HEIF which commonly contain
+// privacy-sensitive metadata such as GPS coordinates, camera settings, and device information.
+func shouldStripExif(mimeType string) bool {
+ return exifCapableImageTypes[mimeType]
+}
+
+// stripImageExif removes EXIF metadata from image files by decoding and re-encoding them.
+// This prevents exposure of sensitive metadata such as GPS location, camera details, and timestamps.
+//
+// The function preserves the correct image orientation by applying EXIF orientation tags
+// during decoding before stripping all metadata. Images are re-encoded with high quality
+// to minimize visual degradation.
+//
+// Supported formats:
+// - JPEG/JPG: Re-encoded as JPEG with quality 95
+// - PNG: Re-encoded as PNG (lossless)
+// - TIFF/WebP/HEIC/HEIF: Re-encoded as JPEG with quality 95
+//
+// Returns the cleaned image data without any EXIF metadata, or an error if processing fails.
+func stripImageExif(imageData []byte, mimeType string) ([]byte, error) {
+ // Decode image with automatic EXIF orientation correction.
+ // This ensures the image displays correctly after metadata removal.
+ img, err := imaging.Decode(bytes.NewReader(imageData), imaging.AutoOrientation(true))
+ if err != nil {
+ return nil, errors.Wrap(err, "failed to decode image")
+ }
+
+ // Re-encode the image without EXIF metadata.
+ var buf bytes.Buffer
+ var encodeErr error
+
+ if mimeType == "image/png" {
+ // Preserve PNG format for lossless encoding
+ encodeErr = imaging.Encode(&buf, img, imaging.PNG)
+ } else {
+ // For JPEG, TIFF, WebP, HEIC, HEIF - re-encode as JPEG.
+ // This ensures EXIF is stripped and provides good compression.
+ encodeErr = imaging.Encode(&buf, img, imaging.JPEG, imaging.JPEGQuality(defaultJPEGQuality))
+ }
+
+ if encodeErr != nil {
+ return nil, errors.Wrap(encodeErr, "failed to encode image")
+ }
+
+ return buf.Bytes(), nil
+}
diff --git a/server/router/api/v1/common.go b/server/router/api/v1/common.go
index 66fc032e5..be7bfa292 100644
--- a/server/router/api/v1/common.go
+++ b/server/router/api/v1/common.go
@@ -64,5 +64,5 @@ func unmarshalPageToken(s string, pageToken *v1pb.PageToken) error {
}
func isSuperUser(user *store.User) bool {
- return user.Role == store.RoleAdmin || user.Role == store.RoleHost
+ return user.Role == store.RoleAdmin
}
diff --git a/server/router/api/v1/connect_interceptors.go b/server/router/api/v1/connect_interceptors.go
index 03eb35de4..dab7150d9 100644
--- a/server/router/api/v1/connect_interceptors.go
+++ b/server/router/api/v1/connect_interceptors.go
@@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"log/slog"
+ "reflect"
"runtime/debug"
"connectrpc.com/connect"
@@ -50,10 +51,30 @@ func (*MetadataInterceptor) WrapUnary(next connect.UnaryFunc) connect.UnaryFunc
// Set metadata in context so services can use metadata.FromIncomingContext()
ctx = metadata.NewIncomingContext(ctx, md)
- return next(ctx, req)
+
+ // Execute the request
+ resp, err := next(ctx, req)
+
+ // Prevent browser caching of API responses to avoid stale data issues
+ // See: https://github.com/usememos/memos/issues/5470
+ if !isNilAnyResponse(resp) && resp.Header() != nil {
+ resp.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
+ resp.Header().Set("Pragma", "no-cache")
+ resp.Header().Set("Expires", "0")
+ }
+
+ return resp, err
}
}
+func isNilAnyResponse(resp connect.AnyResponse) bool {
+ if resp == nil {
+ return true
+ }
+ val := reflect.ValueOf(resp)
+ return val.Kind() == reflect.Ptr && val.IsNil()
+}
+
func (*MetadataInterceptor) WrapStreamingClient(next connect.StreamingClientFunc) connect.StreamingClientFunc {
return next
}
diff --git a/server/router/api/v1/idp_service.go b/server/router/api/v1/idp_service.go
index 2b48d2c10..d257a49b5 100644
--- a/server/router/api/v1/idp_service.go
+++ b/server/router/api/v1/idp_service.go
@@ -18,7 +18,10 @@ func (s *APIV1Service) CreateIdentityProvider(ctx context.Context, request *v1pb
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
}
- if currentUser == nil || currentUser.Role != store.RoleHost {
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -84,7 +87,10 @@ func (s *APIV1Service) UpdateIdentityProvider(ctx context.Context, request *v1pb
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
}
- if currentUser == nil || currentUser.Role != store.RoleHost {
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -125,7 +131,10 @@ func (s *APIV1Service) DeleteIdentityProvider(ctx context.Context, request *v1pb
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
}
- if currentUser == nil || currentUser.Role != store.RoleHost {
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -219,7 +228,7 @@ func convertIdentityProviderConfigToStore(identityProviderType v1pb.IdentityProv
}
func redactIdentityProviderResponse(identityProvider *v1pb.IdentityProvider, userRole store.Role) *v1pb.IdentityProvider {
- if userRole != store.RoleHost {
+ if userRole != store.RoleAdmin {
if identityProvider.Type == v1pb.IdentityProvider_OAUTH2 {
identityProvider.Config.GetOauth2Config().ClientSecret = ""
}
diff --git a/server/router/api/v1/instance_service.go b/server/router/api/v1/instance_service.go
index 82830112e..520862771 100644
--- a/server/router/api/v1/instance_service.go
+++ b/server/router/api/v1/instance_service.go
@@ -15,17 +15,16 @@ import (
// GetInstanceProfile returns the instance profile.
func (s *APIV1Service) GetInstanceProfile(ctx context.Context, _ *v1pb.GetInstanceProfileRequest) (*v1pb.InstanceProfile, error) {
+ admin, err := s.GetInstanceAdmin(ctx)
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get instance admin: %v", err)
+ }
+
instanceProfile := &v1pb.InstanceProfile{
Version: s.Profile.Version,
- Mode: s.Profile.Mode,
+ Demo: s.Profile.Demo,
InstanceUrl: s.Profile.InstanceURL,
- }
- owner, err := s.GetInstanceOwner(ctx)
- if err != nil {
- return nil, status.Errorf(codes.Internal, "failed to get instance owner: %v", err)
- }
- if owner != nil {
- instanceProfile.Owner = owner.Name
+ Admin: admin, // nil when not initialized
}
return instanceProfile, nil
}
@@ -64,13 +63,16 @@ func (s *APIV1Service) GetInstanceSetting(ctx context.Context, request *v1pb.Get
return nil, status.Errorf(codes.NotFound, "instance setting not found")
}
- // For storage setting, only host can get it.
+ // For storage setting, only admin can get it.
if instanceSetting.Key == storepb.InstanceSettingKey_STORAGE {
user, err := s.fetchCurrentUser(ctx)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
}
- if user == nil || user.Role != store.RoleHost {
+ if user == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
}
@@ -86,7 +88,7 @@ func (s *APIV1Service) UpdateInstanceSetting(ctx context.Context, request *v1pb.
if user == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
- if user.Role != store.RoleHost {
+ if user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -267,24 +269,17 @@ func convertInstanceMemoRelatedSettingToStore(setting *v1pb.InstanceSetting_Memo
}
}
-var ownerCache *v1pb.User
-
-func (s *APIV1Service) GetInstanceOwner(ctx context.Context) (*v1pb.User, error) {
- if ownerCache != nil {
- return ownerCache, nil
- }
-
- hostUserType := store.RoleHost
+func (s *APIV1Service) GetInstanceAdmin(ctx context.Context) (*v1pb.User, error) {
+ adminUserType := store.RoleAdmin
user, err := s.Store.GetUser(ctx, &store.FindUser{
- Role: &hostUserType,
+ Role: &adminUserType,
})
if err != nil {
- return nil, errors.Wrapf(err, "failed to find owner")
+ return nil, errors.Wrapf(err, "failed to find admin")
}
if user == nil {
return nil, nil
}
- ownerCache = convertUserFromStore(user)
- return ownerCache, nil
+ return convertUserFromStore(user), nil
}
diff --git a/server/router/api/v1/memo_attachment_service.go b/server/router/api/v1/memo_attachment_service.go
index fead95d7d..153f1aa80 100644
--- a/server/router/api/v1/memo_attachment_service.go
+++ b/server/router/api/v1/memo_attachment_service.go
@@ -98,6 +98,24 @@ func (s *APIV1Service) ListMemoAttachments(ctx context.Context, request *v1pb.Li
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get memo: %v", err)
}
+ if memo == nil {
+ return nil, status.Errorf(codes.NotFound, "memo not found")
+ }
+
+ // Check memo visibility.
+ if memo.Visibility != store.Public {
+ user, err := s.fetchCurrentUser(ctx)
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
+ }
+ if user == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if memo.Visibility == store.Private && memo.CreatorID != user.ID && !isSuperUser(user) {
+ return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+ }
+ }
+
attachments, err := s.Store.ListAttachments(ctx, &store.FindAttachment{
MemoID: &memo.ID,
})
diff --git a/server/router/api/v1/memo_service.go b/server/router/api/v1/memo_service.go
index f407b009e..f5d250a16 100644
--- a/server/router/api/v1/memo_service.go
+++ b/server/router/api/v1/memo_service.go
@@ -45,10 +45,35 @@ func (s *APIV1Service) CreateMemo(ctx context.Context, request *v1pb.CreateMemoR
Content: request.Memo.Content,
Visibility: convertVisibilityToStore(request.Memo.Visibility),
}
+
instanceMemoRelatedSetting, err := s.Store.GetInstanceMemoRelatedSetting(ctx)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get instance memo related setting")
}
+
+ // Handle display_time first: if provided, use it to set the appropriate timestamp
+ // based on the instance setting (similar to UpdateMemo logic)
+ // Note: explicit create_time/update_time below will override this if provided
+ if request.Memo.DisplayTime != nil && request.Memo.DisplayTime.IsValid() {
+ displayTs := request.Memo.DisplayTime.AsTime().Unix()
+ if instanceMemoRelatedSetting.DisplayWithUpdateTime {
+ create.UpdatedTs = displayTs
+ } else {
+ create.CreatedTs = displayTs
+ }
+ }
+
+ // Set custom timestamps if provided in the request
+ // These take precedence over display_time
+ if request.Memo.CreateTime != nil && request.Memo.CreateTime.IsValid() {
+ createdTs := request.Memo.CreateTime.AsTime().Unix()
+ create.CreatedTs = createdTs
+ }
+ if request.Memo.UpdateTime != nil && request.Memo.UpdateTime.IsValid() {
+ updatedTs := request.Memo.UpdateTime.AsTime().Unix()
+ create.UpdatedTs = updatedTs
+ }
+
if instanceMemoRelatedSetting.DisallowPublicVisibility && create.Visibility == store.Public {
return nil, status.Errorf(codes.PermissionDenied, "disable public memos system setting is enabled")
}
@@ -281,7 +306,7 @@ func (s *APIV1Service) GetMemo(ctx context.Context, request *v1pb.GetMemoRequest
return nil, status.Errorf(codes.Internal, "failed to get user")
}
if user == nil {
- return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
if memo.Visibility == store.Private && memo.CreatorID != user.ID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
@@ -497,23 +522,7 @@ func (s *APIV1Service) DeleteMemo(ctx context.Context, request *v1pb.DeleteMemoR
}
}
- if err = s.Store.DeleteMemo(ctx, &store.DeleteMemo{ID: memo.ID}); err != nil {
- return nil, status.Errorf(codes.Internal, "failed to delete memo")
- }
-
- // Delete memo relation
- if err := s.Store.DeleteMemoRelation(ctx, &store.DeleteMemoRelation{MemoID: &memo.ID}); err != nil {
- return nil, status.Errorf(codes.Internal, "failed to delete memo relations")
- }
-
- // Delete related attachments.
- for _, attachment := range attachments {
- if err := s.Store.DeleteAttachment(ctx, &store.DeleteAttachment{ID: attachment.ID}); err != nil {
- return nil, status.Errorf(codes.Internal, "failed to delete attachment")
- }
- }
-
- // Delete memo comments
+ // Delete memo comments first (store.DeleteMemo handles their relations and attachments)
commentType := store.MemoRelationComment
relations, err := s.Store.ListMemoRelations(ctx, &store.FindMemoRelation{RelatedMemoID: &memo.ID, Type: &commentType})
if err != nil {
@@ -525,10 +534,9 @@ func (s *APIV1Service) DeleteMemo(ctx context.Context, request *v1pb.DeleteMemoR
}
}
- // Delete memo references
- referenceType := store.MemoRelationReference
- if err := s.Store.DeleteMemoRelation(ctx, &store.DeleteMemoRelation{RelatedMemoID: &memo.ID, Type: &referenceType}); err != nil {
- return nil, status.Errorf(codes.Internal, "failed to delete memo references")
+ // Delete the memo (store.DeleteMemo handles relation and attachment cleanup)
+ if err = s.Store.DeleteMemo(ctx, &store.DeleteMemo{ID: memo.ID}); err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to delete memo")
}
return &emptypb.Empty{}, nil
@@ -543,6 +551,21 @@ func (s *APIV1Service) CreateMemoComment(ctx context.Context, request *v1pb.Crea
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get memo")
}
+ if relatedMemo == nil {
+ return nil, status.Errorf(codes.NotFound, "memo not found")
+ }
+
+ // Check memo visibility before allowing comment.
+ user, err := s.fetchCurrentUser(ctx)
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get user")
+ }
+ if user == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if relatedMemo.Visibility == store.Private && relatedMemo.CreatorID != user.ID && !isSuperUser(user) {
+ return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+ }
// Create the memo comment first.
memoComment, err := s.CreateMemo(ctx, &v1pb.CreateMemoRequest{
diff --git a/server/router/api/v1/reaction_service.go b/server/router/api/v1/reaction_service.go
index 872ececde..a7c7cc3bd 100644
--- a/server/router/api/v1/reaction_service.go
+++ b/server/router/api/v1/reaction_service.go
@@ -15,6 +15,33 @@ import (
)
func (s *APIV1Service) ListMemoReactions(ctx context.Context, request *v1pb.ListMemoReactionsRequest) (*v1pb.ListMemoReactionsResponse, error) {
+ // Extract memo UID and check visibility.
+ memoUID, err := ExtractMemoUIDFromName(request.Name)
+ if err != nil {
+ return nil, status.Errorf(codes.InvalidArgument, "invalid memo name: %v", err)
+ }
+ memo, err := s.Store.GetMemo(ctx, &store.FindMemo{UID: &memoUID})
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get memo: %v", err)
+ }
+ if memo == nil {
+ return nil, status.Errorf(codes.NotFound, "memo not found")
+ }
+
+ // Check memo visibility.
+ if memo.Visibility != store.Public {
+ user, err := s.fetchCurrentUser(ctx)
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get user")
+ }
+ if user == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if memo.Visibility == store.Private && memo.CreatorID != user.ID && !isSuperUser(user) {
+ return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+ }
+ }
+
reactions, err := s.Store.ListReactions(ctx, &store.FindReaction{
ContentID: &request.Name,
})
@@ -40,6 +67,25 @@ func (s *APIV1Service) UpsertMemoReaction(ctx context.Context, request *v1pb.Ups
if user == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
+
+ // Extract memo UID and check visibility before allowing reaction.
+ memoUID, err := ExtractMemoUIDFromName(request.Reaction.ContentId)
+ if err != nil {
+ return nil, status.Errorf(codes.InvalidArgument, "invalid memo name: %v", err)
+ }
+ memo, err := s.Store.GetMemo(ctx, &store.FindMemo{UID: &memoUID})
+ if err != nil {
+ return nil, status.Errorf(codes.Internal, "failed to get memo: %v", err)
+ }
+ if memo == nil {
+ return nil, status.Errorf(codes.NotFound, "memo not found")
+ }
+
+ // Check memo visibility.
+ if memo.Visibility == store.Private && memo.CreatorID != user.ID && !isSuperUser(user) {
+ return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+ }
+
reaction, err := s.Store.UpsertReaction(ctx, &store.Reaction{
CreatorID: user.ID,
ContentID: request.Reaction.ContentId,
diff --git a/server/router/api/v1/test/idp_service_test.go b/server/router/api/v1/test/idp_service_test.go
index d60d42de0..302a2737e 100644
--- a/server/router/api/v1/test/idp_service_test.go
+++ b/server/router/api/v1/test/idp_service_test.go
@@ -97,7 +97,7 @@ func TestCreateIdentityProvider(t *testing.T) {
_, err := ts.Service.CreateIdentityProvider(ctx, req)
require.Error(t, err)
- require.Contains(t, err.Error(), "permission denied")
+ require.Contains(t, err.Error(), "user not authenticated")
})
}
@@ -547,6 +547,6 @@ func TestIdentityProviderPermissions(t *testing.T) {
_, err := ts.Service.CreateIdentityProvider(ctx, req)
require.Error(t, err)
- require.Contains(t, err.Error(), "permission denied")
+ require.Contains(t, err.Error(), "user not authenticated")
})
}
diff --git a/server/router/api/v1/test/instance_admin_cache_test.go b/server/router/api/v1/test/instance_admin_cache_test.go
new file mode 100644
index 000000000..5fa217160
--- /dev/null
+++ b/server/router/api/v1/test/instance_admin_cache_test.go
@@ -0,0 +1,54 @@
+package test
+
+import (
+ "context"
+ "testing"
+
+ "github.com/stretchr/testify/require"
+
+ v1pb "github.com/usememos/memos/proto/gen/api/v1"
+)
+
+func TestInstanceAdminRetrieval(t *testing.T) {
+ ctx := context.Background()
+
+ t.Run("Instance becomes initialized after first admin user is created", func(t *testing.T) {
+ // Create test service
+ ts := NewTestService(t)
+ defer ts.Cleanup()
+
+ // Verify instance is not initialized initially
+ profile1, err := ts.Service.GetInstanceProfile(ctx, &v1pb.GetInstanceProfileRequest{})
+ require.NoError(t, err)
+ require.Nil(t, profile1.Admin, "Instance should not be initialized before first admin user")
+
+ // Create the first admin user
+ user, err := ts.CreateHostUser(ctx, "admin")
+ require.NoError(t, err)
+ require.NotNil(t, user)
+
+ // Verify instance is now initialized
+ profile2, err := ts.Service.GetInstanceProfile(ctx, &v1pb.GetInstanceProfileRequest{})
+ require.NoError(t, err)
+ require.NotNil(t, profile2.Admin, "Instance should be initialized after first admin user is created")
+ require.Equal(t, user.Username, profile2.Admin.Username)
+ })
+
+ t.Run("Admin retrieval is cached by Store layer", func(t *testing.T) {
+ // Create test service
+ ts := NewTestService(t)
+ defer ts.Cleanup()
+
+ // Create admin user
+ user, err := ts.CreateHostUser(ctx, "admin")
+ require.NoError(t, err)
+
+ // Multiple calls should return consistent admin user (from cache)
+ for i := 0; i < 5; i++ {
+ profile, err := ts.Service.GetInstanceProfile(ctx, &v1pb.GetInstanceProfileRequest{})
+ require.NoError(t, err)
+ require.NotNil(t, profile.Admin)
+ require.Equal(t, user.Username, profile.Admin.Username)
+ }
+ })
+}
diff --git a/server/router/api/v1/test/instance_service_test.go b/server/router/api/v1/test/instance_service_test.go
index 1422907a3..2043cf8b6 100644
--- a/server/router/api/v1/test/instance_service_test.go
+++ b/server/router/api/v1/test/instance_service_test.go
@@ -2,7 +2,6 @@ package test
import (
"context"
- "fmt"
"testing"
"github.com/stretchr/testify/require"
@@ -28,14 +27,14 @@ func TestGetInstanceProfile(t *testing.T) {
// Verify the response contains expected data
require.Equal(t, "test-1.0.0", resp.Version)
- require.Equal(t, "dev", resp.Mode)
+ require.True(t, resp.Demo)
require.Equal(t, "http://localhost:8080", resp.InstanceUrl)
- // Owner should be empty since no users are created
- require.Empty(t, resp.Owner)
+ // Instance should not be initialized since no admin users are created
+ require.Nil(t, resp.Admin)
})
- t.Run("GetInstanceProfile with owner", func(t *testing.T) {
+ t.Run("GetInstanceProfile with initialized instance", func(t *testing.T) {
// Create test service for this specific test
ts := NewTestService(t)
defer ts.Cleanup()
@@ -53,14 +52,14 @@ func TestGetInstanceProfile(t *testing.T) {
require.NoError(t, err)
require.NotNil(t, resp)
- // Verify the response contains expected data including owner
+ // Verify the response contains expected data with initialized flag
require.Equal(t, "test-1.0.0", resp.Version)
- require.Equal(t, "dev", resp.Mode)
+ require.True(t, resp.Demo)
require.Equal(t, "http://localhost:8080", resp.InstanceUrl)
- // User name should be "users/{id}" format where id is the user's ID
- expectedOwnerName := fmt.Sprintf("users/%d", hostUser.ID)
- require.Equal(t, expectedOwnerName, resp.Owner)
+ // Instance should be initialized since an admin user exists
+ require.NotNil(t, resp.Admin)
+ require.Equal(t, hostUser.Username, resp.Admin.Username)
})
}
@@ -73,9 +72,8 @@ func TestGetInstanceProfile_Concurrency(t *testing.T) {
defer ts.Cleanup()
// Create a host user
- hostUser, err := ts.CreateHostUser(ctx, "admin")
+ _, err := ts.CreateHostUser(ctx, "admin")
require.NoError(t, err)
- expectedOwnerName := fmt.Sprintf("users/%d", hostUser.ID)
// Make concurrent requests
numGoroutines := 10
@@ -102,9 +100,9 @@ func TestGetInstanceProfile_Concurrency(t *testing.T) {
case resp := <-results:
require.NotNil(t, resp)
require.Equal(t, "test-1.0.0", resp.Version)
- require.Equal(t, "dev", resp.Mode)
+ require.True(t, resp.Demo)
require.Equal(t, "http://localhost:8080", resp.InstanceUrl)
- require.Equal(t, expectedOwnerName, resp.Owner)
+ require.NotNil(t, resp.Admin)
}
}
})
diff --git a/server/router/api/v1/test/memo_service_test.go b/server/router/api/v1/test/memo_service_test.go
index e9cb1d3bd..a88eb0258 100644
--- a/server/router/api/v1/test/memo_service_test.go
+++ b/server/router/api/v1/test/memo_service_test.go
@@ -5,8 +5,10 @@ import (
"fmt"
"slices"
"testing"
+ "time"
"github.com/stretchr/testify/require"
+ "google.golang.org/protobuf/types/known/timestamppb"
apiv1 "github.com/usememos/memos/proto/gen/api/v1"
)
@@ -250,3 +252,118 @@ func TestListMemos(t *testing.T) {
require.NotNil(t, userTwoReaction)
require.Equal(t, "👍", userTwoReaction.ReactionType)
}
+
+// TestCreateMemoWithCustomTimestamps tests that custom timestamps can be set when creating memos and comments.
+// This addresses issue #5483: https://github.com/usememos/memos/issues/5483
+func TestCreateMemoWithCustomTimestamps(t *testing.T) {
+ ctx := context.Background()
+
+ ts := NewTestService(t)
+ defer ts.Cleanup()
+
+ // Create a test user
+ user, err := ts.CreateRegularUser(ctx, "test-user-timestamps")
+ require.NoError(t, err)
+ require.NotNil(t, user)
+
+ userCtx := ts.CreateUserContext(ctx, user.ID)
+
+ // Define custom timestamps (January 1, 2020)
+ customCreateTime := time.Date(2020, 1, 1, 12, 0, 0, 0, time.UTC)
+ customUpdateTime := time.Date(2020, 1, 2, 12, 0, 0, 0, time.UTC)
+ customDisplayTime := time.Date(2020, 1, 3, 12, 0, 0, 0, time.UTC)
+
+ // Test 1: Create a memo with custom create_time
+ memoWithCreateTime, err := ts.Service.CreateMemo(userCtx, &apiv1.CreateMemoRequest{
+ Memo: &apiv1.Memo{
+ Content: "This memo has a custom creation time",
+ Visibility: apiv1.Visibility_PRIVATE,
+ CreateTime: timestamppb.New(customCreateTime),
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, memoWithCreateTime)
+ require.Equal(t, customCreateTime.Unix(), memoWithCreateTime.CreateTime.AsTime().Unix(), "create_time should match the custom timestamp")
+
+ // Test 2: Create a memo with custom update_time
+ memoWithUpdateTime, err := ts.Service.CreateMemo(userCtx, &apiv1.CreateMemoRequest{
+ Memo: &apiv1.Memo{
+ Content: "This memo has a custom update time",
+ Visibility: apiv1.Visibility_PRIVATE,
+ UpdateTime: timestamppb.New(customUpdateTime),
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, memoWithUpdateTime)
+ require.Equal(t, customUpdateTime.Unix(), memoWithUpdateTime.UpdateTime.AsTime().Unix(), "update_time should match the custom timestamp")
+
+ // Test 3: Create a memo with custom display_time
+ // Note: display_time is computed from either created_ts or updated_ts based on instance setting
+ // Since DisplayWithUpdateTime defaults to false, display_time maps to created_ts
+ memoWithDisplayTime, err := ts.Service.CreateMemo(userCtx, &apiv1.CreateMemoRequest{
+ Memo: &apiv1.Memo{
+ Content: "This memo has a custom display time",
+ Visibility: apiv1.Visibility_PRIVATE,
+ DisplayTime: timestamppb.New(customDisplayTime),
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, memoWithDisplayTime)
+ // Since DisplayWithUpdateTime is false by default, display_time sets created_ts
+ require.Equal(t, customDisplayTime.Unix(), memoWithDisplayTime.DisplayTime.AsTime().Unix(), "display_time should match the custom timestamp")
+ require.Equal(t, customDisplayTime.Unix(), memoWithDisplayTime.CreateTime.AsTime().Unix(), "create_time should also match since display_time maps to created_ts")
+
+ // Test 4: Create a memo with all custom timestamps
+ // When both display_time and create_time are provided, create_time takes precedence
+ memoWithAllTimestamps, err := ts.Service.CreateMemo(userCtx, &apiv1.CreateMemoRequest{
+ Memo: &apiv1.Memo{
+ Content: "This memo has all custom timestamps",
+ Visibility: apiv1.Visibility_PRIVATE,
+ CreateTime: timestamppb.New(customCreateTime),
+ UpdateTime: timestamppb.New(customUpdateTime),
+ DisplayTime: timestamppb.New(customDisplayTime),
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, memoWithAllTimestamps)
+ require.Equal(t, customCreateTime.Unix(), memoWithAllTimestamps.CreateTime.AsTime().Unix(), "create_time should match the custom timestamp")
+ require.Equal(t, customUpdateTime.Unix(), memoWithAllTimestamps.UpdateTime.AsTime().Unix(), "update_time should match the custom timestamp")
+ // display_time is computed from created_ts when DisplayWithUpdateTime is false
+ require.Equal(t, customCreateTime.Unix(), memoWithAllTimestamps.DisplayTime.AsTime().Unix(), "display_time should be derived from create_time")
+
+ // Test 5: Create a comment (memo relation) with custom timestamps
+ parentMemo, err := ts.Service.CreateMemo(userCtx, &apiv1.CreateMemoRequest{
+ Memo: &apiv1.Memo{
+ Content: "This is the parent memo",
+ Visibility: apiv1.Visibility_PRIVATE,
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, parentMemo)
+
+ customCommentCreateTime := time.Date(2021, 6, 15, 10, 30, 0, 0, time.UTC)
+ comment, err := ts.Service.CreateMemoComment(userCtx, &apiv1.CreateMemoCommentRequest{
+ Name: parentMemo.Name,
+ Comment: &apiv1.Memo{
+ Content: "This is a comment with custom create time",
+ Visibility: apiv1.Visibility_PRIVATE,
+ CreateTime: timestamppb.New(customCommentCreateTime),
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, comment)
+ require.Equal(t, customCommentCreateTime.Unix(), comment.CreateTime.AsTime().Unix(), "comment create_time should match the custom timestamp")
+
+ // Test 6: Verify that memos without custom timestamps still get auto-generated ones
+ memoWithoutTimestamps, err := ts.Service.CreateMemo(userCtx, &apiv1.CreateMemoRequest{
+ Memo: &apiv1.Memo{
+ Content: "This memo has auto-generated timestamps",
+ Visibility: apiv1.Visibility_PRIVATE,
+ },
+ })
+ require.NoError(t, err)
+ require.NotNil(t, memoWithoutTimestamps)
+ require.NotNil(t, memoWithoutTimestamps.CreateTime, "create_time should be auto-generated")
+ require.NotNil(t, memoWithoutTimestamps.UpdateTime, "update_time should be auto-generated")
+ require.True(t, time.Now().Unix()-memoWithoutTimestamps.CreateTime.AsTime().Unix() < 5, "create_time should be recent (within 5 seconds)")
+}
diff --git a/server/router/api/v1/test/test_helper.go b/server/router/api/v1/test/test_helper.go
index e14fab738..779ad2eea 100644
--- a/server/router/api/v1/test/test_helper.go
+++ b/server/router/api/v1/test/test_helper.go
@@ -29,7 +29,7 @@ func NewTestService(t *testing.T) *TestService {
// Create a test profile
testProfile := &profile.Profile{
- Mode: "dev",
+ Demo: true,
Version: "test-1.0.0",
InstanceURL: "http://localhost:8080",
Driver: "sqlite",
@@ -56,17 +56,16 @@ func NewTestService(t *testing.T) *TestService {
}
}
-// Cleanup clears caches and closes resources after test.
+// Cleanup closes resources after test.
func (ts *TestService) Cleanup() {
ts.Store.Close()
- // Note: Owner cache is package-level in parent package, cannot clear from test package
}
-// CreateHostUser creates a host user for testing.
+// CreateHostUser creates an admin user for testing.
func (ts *TestService) CreateHostUser(ctx context.Context, username string) (*store.User, error) {
return ts.Store.CreateUser(ctx, &store.User{
Username: username,
- Role: store.RoleHost,
+ Role: store.RoleAdmin,
Email: username + "@example.com",
})
}
diff --git a/server/router/api/v1/user_service.go b/server/router/api/v1/user_service.go
index 6260a9547..794949cdd 100644
--- a/server/router/api/v1/user_service.go
+++ b/server/router/api/v1/user_service.go
@@ -37,7 +37,7 @@ func (s *APIV1Service) ListUsers(ctx context.Context, request *v1pb.ListUsersReq
if currentUser == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
- if currentUser.Role != store.RoleHost && currentUser.Role != store.RoleAdmin {
+ if currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -132,17 +132,17 @@ func (s *APIV1Service) CreateUser(ctx context.Context, request *v1pb.CreateUserR
// Determine the role to assign
var roleToAssign store.Role
if isFirstUser {
- // First-time setup: create the first user as HOST (no authentication required)
- roleToAssign = store.RoleHost
- } else if currentUser != nil && currentUser.Role == store.RoleHost {
- // Authenticated HOST user can create users with any role specified in request
+ // First-time setup: create the first user as ADMIN (no authentication required)
+ roleToAssign = store.RoleAdmin
+ } else if currentUser != nil && currentUser.Role == store.RoleAdmin {
+ // Authenticated ADMIN user can create users with any role specified in request
if request.User.Role != v1pb.User_ROLE_UNSPECIFIED {
roleToAssign = convertUserRoleToStore(request.User.Role)
} else {
roleToAssign = store.RoleUser
}
} else {
- // Unauthenticated or non-HOST users can only create normal users
+ // Unauthenticated or non-ADMIN users can only create normal users
roleToAssign = store.RoleUser
}
@@ -192,9 +192,12 @@ func (s *APIV1Service) UpdateUser(ctx context.Context, request *v1pb.UpdateUserR
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
}
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
// Check permission.
// Only allow admin or self to update user.
- if currentUser.ID != userID && currentUser.Role != store.RoleAdmin && currentUser.Role != store.RoleHost {
+ if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -261,7 +264,7 @@ func (s *APIV1Service) UpdateUser(ctx context.Context, request *v1pb.UpdateUserR
update.Description = &request.User.Description
case "role":
// Only allow admin to update role.
- if currentUser.Role != store.RoleAdmin && currentUser.Role != store.RoleHost {
+ if currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
role := convertUserRoleToStore(request.User.Role)
@@ -298,7 +301,10 @@ func (s *APIV1Service) DeleteUser(ctx context.Context, request *v1pb.DeleteUserR
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
}
- if currentUser.ID != userID && currentUser.Role != store.RoleAdmin && currentUser.Role != store.RoleHost {
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
+ if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -539,7 +545,7 @@ func (s *APIV1Service) ListPersonalAccessTokens(ctx context.Context, request *v1
claims := auth.GetUserClaims(ctx)
if claims == nil || claims.UserID != userID {
currentUser, _ := s.fetchCurrentUser(ctx)
- if currentUser == nil || (currentUser.ID != userID && currentUser.Role != store.RoleHost && currentUser.Role != store.RoleAdmin) {
+ if currentUser == nil || (currentUser.ID != userID && currentUser.Role != store.RoleAdmin) {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
}
@@ -686,7 +692,7 @@ func (s *APIV1Service) ListUserWebhooks(ctx context.Context, request *v1pb.ListU
if currentUser == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
- if currentUser.ID != userID && currentUser.Role != store.RoleHost && currentUser.Role != store.RoleAdmin {
+ if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -718,7 +724,7 @@ func (s *APIV1Service) CreateUserWebhook(ctx context.Context, request *v1pb.Crea
if currentUser == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
- if currentUser.ID != userID && currentUser.Role != store.RoleHost && currentUser.Role != store.RoleAdmin {
+ if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -758,7 +764,7 @@ func (s *APIV1Service) UpdateUserWebhook(ctx context.Context, request *v1pb.Upda
if currentUser == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
- if currentUser.ID != userID && currentUser.Role != store.RoleHost && currentUser.Role != store.RoleAdmin {
+ if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -830,7 +836,7 @@ func (s *APIV1Service) DeleteUserWebhook(ctx context.Context, request *v1pb.Dele
if currentUser == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
}
- if currentUser.ID != userID && currentUser.Role != store.RoleHost && currentUser.Role != store.RoleAdmin {
+ if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -925,8 +931,6 @@ func convertUserFromStore(user *store.User) *v1pb.User {
func convertUserRoleFromStore(role store.Role) v1pb.User_Role {
switch role {
- case store.RoleHost:
- return v1pb.User_HOST
case store.RoleAdmin:
return v1pb.User_ADMIN
case store.RoleUser:
@@ -938,8 +942,6 @@ func convertUserRoleFromStore(role store.Role) v1pb.User_Role {
func convertUserRoleToStore(role v1pb.User_Role) store.Role {
switch role {
- case v1pb.User_HOST:
- return store.RoleHost
case v1pb.User_ADMIN:
return store.RoleAdmin
default:
@@ -1240,6 +1242,9 @@ func (s *APIV1Service) ListUserNotifications(ctx context.Context, request *v1pb.
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
}
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
@@ -1287,6 +1292,9 @@ func (s *APIV1Service) UpdateUserNotification(ctx context.Context, request *v1pb
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
}
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
// Verify ownership before updating
inboxes, err := s.Store.ListInboxes(ctx, &store.FindInbox{
ID: ¬ificationID,
@@ -1352,6 +1360,9 @@ func (s *APIV1Service) DeleteUserNotification(ctx context.Context, request *v1pb
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
}
+ if currentUser == nil {
+ return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+ }
// Verify ownership before deletion
inboxes, err := s.Store.ListInboxes(ctx, &store.FindInbox{
ID: ¬ificationID,
diff --git a/server/router/api/v1/v1.go b/server/router/api/v1/v1.go
index 74b342fa2..694b5bbc3 100644
--- a/server/router/api/v1/v1.go
+++ b/server/router/api/v1/v1.go
@@ -59,7 +59,7 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech
ctx := r.Context()
// Get the RPC method name from context (set by grpc-gateway after routing)
- rpcMethod, _ := runtime.RPCMethod(ctx)
+ rpcMethod, ok := runtime.RPCMethod(ctx)
// Extract credentials from HTTP headers
authHeader := r.Header.Get("Authorization")
@@ -67,7 +67,8 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech
result := authenticator.Authenticate(ctx, authHeader)
// Enforce authentication for non-public methods
- if result == nil && !IsPublicMethod(rpcMethod) {
+ // If rpcMethod cannot be determined, allow through, service layer will handle visibility checks
+ if result == nil && ok && !IsPublicMethod(rpcMethod) {
http.Error(w, `{"code": 16, "message": "authentication required"}`, http.StatusUnauthorized)
return
}
@@ -125,7 +126,7 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech
gwGroup.Any("/file/*", handler)
// Connect handlers for browser clients (replaces grpc-web).
- logStacktraces := s.Profile.IsDev()
+ logStacktraces := s.Profile.Demo
connectInterceptors := connect.WithInterceptors(
NewMetadataInterceptor(), // Convert HTTP headers to gRPC metadata first
NewLoggingInterceptor(logStacktraces),
diff --git a/server/router/fileserver/fileserver.go b/server/router/fileserver/fileserver.go
index c49d92e3a..0aaffd42f 100644
--- a/server/router/fileserver/fileserver.go
+++ b/server/router/fileserver/fileserver.go
@@ -26,13 +26,55 @@ import (
"github.com/usememos/memos/store"
)
+// Constants for file serving configuration.
const (
- // ThumbnailCacheFolder is the folder name where the thumbnail images are stored.
+ // ThumbnailCacheFolder is the folder name where thumbnail images are stored.
ThumbnailCacheFolder = ".thumbnail_cache"
- // thumbnailMaxSize is the maximum size in pixels for the largest dimension of the thumbnail image.
+
+ // thumbnailMaxSize is the maximum dimension (width or height) for thumbnails.
thumbnailMaxSize = 600
+
+ // maxConcurrentThumbnails limits concurrent thumbnail generation to prevent memory exhaustion.
+ maxConcurrentThumbnails = 3
+
+ // cacheMaxAge is the max-age value for Cache-Control headers (1 hour).
+ cacheMaxAge = "public, max-age=3600"
)
+// xssUnsafeTypes contains MIME types that could execute scripts if served directly.
+// These are served as application/octet-stream to prevent XSS attacks.
+var xssUnsafeTypes = map[string]bool{
+ "text/html": true,
+ "text/javascript": true,
+ "application/javascript": true,
+ "application/x-javascript": true,
+ "text/xml": true,
+ "application/xml": true,
+ "application/xhtml+xml": true,
+ "image/svg+xml": true,
+}
+
+// thumbnailSupportedTypes contains image MIME types that support thumbnail generation.
+var thumbnailSupportedTypes = map[string]bool{
+ "image/png": true,
+ "image/jpeg": true,
+ "image/heic": true,
+ "image/heif": true,
+ "image/webp": true,
+}
+
+// avatarAllowedTypes contains MIME types allowed for user avatars.
+var avatarAllowedTypes = map[string]bool{
+ "image/png": true,
+ "image/jpeg": true,
+ "image/jpg": true,
+ "image/gif": true,
+ "image/webp": true,
+ "image/heic": true,
+ "image/heif": true,
+}
+
+// SupportedThumbnailMimeTypes is the exported list of thumbnail-supported MIME types.
var SupportedThumbnailMimeTypes = []string{
"image/png",
"image/jpeg",
@@ -41,15 +83,16 @@ var SupportedThumbnailMimeTypes = []string{
"image/webp",
}
+// dataURIRegex parses data URI format: data:image/png;base64,iVBORw0KGgo...
+var dataURIRegex = regexp.MustCompile(`^data:(?P