happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,932 Commits 1 Branch 83 Tags 163 MiB
Commit Graph

185 Commits

Author SHA1 Message Date
Claude 1a3298554b
fix(security): implement security review recommendations 
This commit addresses all critical and high-priority recommendations from the security review:

**Critical Fixes:**
- Add nil checks before accessing memo properties in SetMemoAttachments and SetMemoRelations
  to prevent potential nil pointer dereference
- Fix information disclosure in DeleteMemoReaction by returning consistent errors
  (now returns permission denied instead of not found to avoid revealing reaction existence)

**Medium Priority Improvements:**
- Add GetReaction() method to store interface for better performance
  (single reaction lookup instead of list operation)
- Implement GetReaction() in all database drivers (SQLite, MySQL, PostgreSQL)
- Update DeleteMemoReaction to use the new GetReaction() method

**Test Coverage:**
- Add comprehensive test coverage for SetMemoAttachments authorization checks
- Add comprehensive test coverage for SetMemoRelations authorization checks
- Add comprehensive test coverage for DeleteMemoReaction authorization checks
- Add comprehensive test coverage for CreateUser registration enforcement

All tests follow the same patterns as existing IDP service tests and cover:
- Success cases for resource owners
- Success cases for superuser/host users
- Permission denied cases for non-owners
- Unauthenticated access attempts
- Not found scenarios

Related to PR #5217 security review recommendations.
 2025-11-06 12:07:38 +00:00
Steven 4c1d1c70d1 refactor: rename workspace to instance throughout codebase 
Remove work-related terminology by renaming "workspace" to "instance"
across the entire application. This change better reflects that Memos
is a self-hosted tool suitable for personal and non-work use cases.

Breaking Changes:
- API endpoints: /api/v1/workspace/* → /api/v1/instance/*
- gRPC service: WorkspaceService → InstanceService
- Proto types: WorkspaceSetting → InstanceSetting
- Frontend translation keys: workspace-section → instance-section

Backend Changes:
- Renamed proto definitions and regenerated code
- Updated all store layer methods and database drivers
- Renamed service implementations and API handlers
- Updated cache from workspaceSettingCache to instanceSettingCache

Frontend Changes:
- Renamed service client: workspaceServiceClient → instanceServiceClient
- Updated all React components and state management
- Refactored stores: workspace.ts → instance.ts
- Updated all 32 locale translation files

All tests pass and both backend and frontend build successfully.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-05 23:35:35 +08:00
Steven 5e47f25bf5 feat(store): add hierarchical tag filtering support 
Tag filters now support hierarchical matching where searching for a tag (e.g., "book") will match both the exact tag and any tags with that prefix (e.g., "book/fiction", "book/non-fiction"). This applies across all database backends (SQLite, MySQL, PostgreSQL) with corresponding test updates.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-30 00:21:53 +08:00
Claude e35f16306e feat: add id as final tie-breaker in ListMemos 2025-10-23 19:44:41 +08:00
Steven b4ea7d843f feat: enhance memo sorting functionality to support multiple fields 2025-10-20 23:41:58 +08:00
Steven 95de5cc700 refactor: update migration history methods 2025-10-20 23:05:50 +08:00
Copilot b685ffacdf refactor: memo filter 
- Updated memo and reaction filtering logic to use a unified engine for compiling filter expressions into SQL statements.
- Removed redundant filter parsing and conversion code from ListMemoRelations, ListReactions, and ListAttachments methods.
- Introduced IDList and UIDList fields in FindMemo and FindReaction structs to support filtering by multiple IDs.
- Removed old filter test files for reactions and attachments, as the filtering logic has been centralized.
- Updated tests for memo filtering to reflect the new SQL statement compilation approach.
- Ensured that unsupported user filters return an error in ListUsers method.
 2025-10-16 09:22:52 +08:00
Steven c3d4f8e9d1 feat: implement user-specific SQL converter for filtering in user service 2025-09-10 21:05:26 +08:00
varsnotwars 4eb5b67baf
feat: attachments by id (#5008) 2025-08-15 22:02:29 +08:00
varsnotwars f4bdfa28a0
feat: filter/method for reactions by content_id (#4969) 2025-08-08 00:00:51 +08:00
johnnyjoy 506b477d50 fix: get user by username 2025-08-04 19:56:12 +08:00
varsnotwars fa2fa8a5d7
refactor: remove call to db for parent memo name (#4947) 2025-08-04 19:39:52 +08:00
johnnyjoy ed23cbc011 refactor: memo filter 2025-07-23 22:10:16 +08:00
Steven 1a75d19a89 fix: memo filter for sqlite 2025-07-22 23:39:52 +08:00
johnnyjoy 7098721617 chore: fix linter 2025-07-22 21:15:23 +08:00
johnnyjoy e24f92b719 fix: tests 2025-07-22 21:13:24 +08:00
johnnyjoy b55904a428 feat: support more filter factors 2025-07-22 19:18:08 +08:00
johnnyjoy 6d9770b9c8 chore: move filter to filters 2025-07-21 21:52:00 +08:00
johnnyjoy 7481fe10bf chore: remove order by pinned 2025-07-21 21:45:10 +08:00
johnnyjoy d6a75bba4c refactor: webhook service 2025-06-24 21:28:21 +08:00
Johnny e6e460493c refactor: general user setting 2025-06-23 23:23:57 +08:00
Johnny 9b15936873 refactor: clean unused fields 2025-06-23 22:55:14 +08:00
Johnny 778a5eb184 refactor: memo filter 2025-06-23 22:38:44 +08:00
Steven a4920d464b refactor: attachment service part2 2025-06-18 00:09:19 +08:00
Johnny 3fd29f6493 refactor: schema migrator 2025-06-15 10:23:18 +08:00
Steven f1b365f928 refactor: clean packages 2025-05-29 21:44:43 +08:00
Steven de3e55c2e6 feat: support `now()` time functions 2025-05-28 21:18:49 +08:00
Steven b89d8f5342 feat: implement hasTaskList filter 2025-05-26 22:37:59 +08:00
johnnyjoy f9e07a2245 feat: support update user's role 2025-05-15 19:36:15 +08:00
Steven 1f79ee575b fix: create user with avatar url for sqlite 2025-05-14 23:45:02 +08:00
Johnny 08f9b18ced
fix: list memo relations 2025-04-12 22:02:13 +08:00
Johnny 34ab88348e chore: sort by pinned 2025-03-13 19:57:12 +08:00
Johnny e3a4f49c5c feat: implement creator_id factor 2025-03-11 22:00:57 +08:00
Johnny 925e97882e feat: support pinned factor 2025-03-10 18:52:12 +08:00
johnnyjoy 54a48b58d7 chore: remove random field 2025-02-05 20:48:27 +08:00
johnnyjoy 07336f0392 chore: update condition concat check 2025-02-05 20:07:38 +08:00
johnnyjoy a7ca63434b feat: validate shortcut's filter 2025-02-03 18:34:31 +08:00
johnnyjoy ff04fdc459 feat: support more operators in filter 2025-02-03 18:23:09 +08:00
johnnyjoy f25acfe8e2 chore: fix linter 2025-02-03 17:34:46 +08:00
johnnyjoy e0e735d14d feat: support memo filter for mysql and postgres 2025-02-03 17:14:53 +08:00
johnnyjoy 364f005ee5 fix: filter 2025-02-03 12:44:01 +08:00
johnnyjoy 3a085f3639 chore: fix filter tests 2025-02-03 12:01:34 +08:00
johnnyjoy 8e586d348e chore: fix tag filter 2025-02-03 11:45:26 +08:00
johnnyjoy b9a0c56163 feat: support more factors in filter 2025-02-02 16:12:44 +08:00
johnnyjoy 2a392b8f8d chore: fix import order 2025-02-02 13:52:45 +08:00
johnnyjoy f31800456e chore: fix import order 2025-02-02 13:52:29 +08:00
johnnyjoy 58a867e4da fix: linter warning 2025-02-02 13:50:36 +08:00
johnnyjoy 2d731c5cc5 feat: memo filter for sqlite 2025-02-02 13:35:57 +08:00
johnnyjoy d605faeffa refactor: move pinned to memo 2025-01-31 20:58:18 +08:00
johnnyjoy 2058a8ab7b chore: move references to memo property 2025-01-31 14:18:07 +08:00