happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,409 Commits 2 Branches 90 Tags 198 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
memoclaw 9610ed8fc8
fix(lint): correct goimports struct literal alignment after removing write-only credential fields (#5794) 
Co-authored-by: Claude <noreply@anthropic.com>
 2026-03-29 20:31:09 +08:00
memoclaw 9d3a74bccc fix(api): make credentials write-only and restrict sensitive settings to admins 
Security fixes for credential leakage across three resources:

- NOTIFICATION setting: restrict GetInstanceSetting to admin-only
  (was publicly accessible, exposing SMTP credentials)
- SMTP password: never return SmtpPassword in API responses (write-only)
- S3 secret: never return AccessKeySecret in API responses (write-only)
- OAuth2 ClientSecret: never return in API responses for any role
  (was previously returned to admins); remove redactIdentityProviderResponse
  in favor of omitting the field at the conversion layer
- Preserve-on-empty: when updating settings with an empty credential
  field, preserve the existing stored value instead of overwriting
  (applies to SmtpPassword, AccessKeySecret, and ClientSecret)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-29 07:34:00 +08:00
memoclaw 92d937b1aa
feat: replace auto-increment ID with UID for identity provider resource names (#5687) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-05 21:01:22 +08:00
Johnny 0f3c9a467d refactor: migrate HOST roles to ADMIN 
- Updated the isSuperUser function to only check for ADMIN role.
- Added SQL migration scripts for MySQL, PostgreSQL, and SQLite to change user roles from HOST to ADMIN.
- Created a new SQLite migration to alter the user table structure and ensure data integrity during the migration process.
 2026-01-20 23:38:30 +08:00
Faizaan pochi da2dd80e2f
fix: return Unauthenticated instead of PermissionDenied on token expiration (#5454) 2026-01-08 23:21:33 +08:00
Johnny 7932f6d0d0
refactor: user auth improvements (#5360) 2025-12-18 18:15:51 +08:00
Florian Dewald 769dcd0cf9
fix(security): add missing authorization checks to various services (#5217) 2025-11-06 19:42:44 +08:00
Johnny 7cc2df9254 chore: fix linter 2025-08-31 20:22:32 +08:00
Steven 83febf9928 chore: clean resource definition 2025-06-23 21:08:25 +08:00
Steven 760c164328 chore: add server tests 2025-06-17 20:56:10 +08:00
Steven dac059a7f7 refactor: identity provider service 2025-06-16 23:56:28 +08:00
johnnyjoy 43d176f272 fix: idp config convert 2025-05-13 20:40:54 +08:00
Steven 1ccfa81cf3 chore: tweak common function 2024-05-26 11:02:23 +08:00
Steven 2317204c50 fix: list idp 2024-05-14 07:04:17 +08:00
Steven 20dd3e17f7 chore: rename router package 2024-05-01 10:28:32 +08:00
Renamed from server/route/api/v1/idp_service.go (Browse further)