happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,389 Commits 1 Branch 87 Tags 142 MiB
Commit Graph

4389 Commits

Author SHA1 Message Date
memoclaw 63a17d897d refactor: split audio attachment view into reusable components 2026-03-31 23:03:38 +08:00
memoclaw 1921b57662
fix(tags): allow blur-only tag metadata (#5800) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-31 21:38:55 +08:00
boojack 201c8a8ea9 chore: add rc release handling 2026-03-31 08:34:36 +08:00
boojack 0e89407ee9 fix(filter): enforce CEL syntax semantics 
Reject non-standard truthy numeric expressions in filters and document the parser as a supported subset of standard CEL syntax.

- remove legacy filter rewrites
- support standard equality in tag exists predicates
- add regression coverage for accepted and rejected expressions
 2026-03-31 08:10:49 +08:00
boojack d3f6e8ee31 chore: harden MCP access control and origin validation 2026-03-31 00:12:28 +08:00
boojack 7c708ee27e
chore: add migration upgrade coverage (#5796) 2026-03-30 23:51:57 +08:00
memoclaw e520b637fd fix: prevent stale comment drafts from being restored 2026-03-30 22:37:07 +08:00
memoclaw acbc914dea
fix(webhooks): trigger memo updates for attachment and relation changes (#5795) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-30 20:01:16 +08:00
memoclaw 9610ed8fc8
fix(lint): correct goimports struct literal alignment after removing write-only credential fields (#5794) 
Co-authored-by: Claude <noreply@anthropic.com>
 2026-03-29 20:31:09 +08:00
memoclaw 9d3a74bccc fix(api): make credentials write-only and restrict sensitive settings to admins 
Security fixes for credential leakage across three resources:

- NOTIFICATION setting: restrict GetInstanceSetting to admin-only
  (was publicly accessible, exposing SMTP credentials)
- SMTP password: never return SmtpPassword in API responses (write-only)
- S3 secret: never return AccessKeySecret in API responses (write-only)
- OAuth2 ClientSecret: never return in API responses for any role
  (was previously returned to admins); remove redactIdentityProviderResponse
  in favor of omitting the field at the conversion layer
- Preserve-on-empty: when updating settings with an empty credential
  field, preserve the existing stored value instead of overwriting
  (applies to SmtpPassword, AccessKeySecret, and ClientSecret)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-29 07:34:00 +08:00
memoclaw c53677fcba fix(api): improve SSE hub design and fix double-broadcast on comments 
- Fix duplicate SSE event on comment creation: CreateMemoComment now
  suppresses the redundant memo.created broadcast from the inner
  CreateMemo call, emitting only memo.comment.created
- Extract reaction event-building IIFEs into buildMemoReactionSSEEvent
  helper, removing duplicated inline DB-fetch logic
- Promote resolveSSEAudienceCreatorID from method to free function
  (resolveSSECreatorID) since it never used the receiver
- Add userID to SSE connect/disconnect log lines for traceability
- Change canReceive default from permissive (return true) to
  deny-with-warning for unknown visibility types
- Add comprehensive tests covering all new helpers, visibility edge
  cases, slow-client drop behavior, and the double-broadcast fix

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-29 07:33:40 +08:00
boojack d720efb6e6
chore: tweak featured sponsors 
Removed the old sponsors table and replaced it with individual sponsor links and descriptions.

Signed-off-by: boojack <stevenlgtm@gmail.com>
 2026-03-29 02:17:29 +08:00
memoclaw 4add9b04ad fix: prevent local attachment uploads from overwriting files 2026-03-26 21:46:51 +08:00
memoclaw a24d420922
fix(api): restrict user email exposure to self and admins (#5784) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-25 22:02:08 +08:00
memoclaw acddef1f3d
fix(api): switch user resource names to usernames (#5779) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-25 09:11:17 +08:00
boojack 2327f4e3a6
chore: revamp featured sponsors in README 
Updated featured sponsors section with new layout and content.

Signed-off-by: boojack <stevenlgtm@gmail.com>
 2026-03-25 00:02:26 +08:00
boojack 60a7d49874
chore: add InstaPods promotion to README 
Signed-off-by: boojack <stevenlgtm@gmail.com>
 2026-03-24 23:46:37 +08:00
memoclaw 4818bf3559
refactor(store): remove synthetic system bot user lookup (#5778) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-24 22:16:30 +08:00
memoclaw 4f6730a12e chore: show compact attachment count instead of thumbnails in comment previews 
When truncate mode is active (comment list), display an inline file icon
with attachment count instead of rendering full image thumbnails.
 2026-03-24 19:30:39 +08:00
memoclaw 6a03917f6e chore: upgrade TypeScript to 6.0.2 2026-03-24 08:45:56 +08:00
memoclaw bb7f4978e5
refactor(web): consolidate SharedMemo into MemoDetail (#5773) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-24 08:40:49 +08:00
memoclaw 6b30579903
feat: add outline navigation to memo detail sidebar (#5771) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-24 00:20:40 +08:00
memoclaw 2aaca27bd5
refactor(web): improve MemoDetail and sidebar maintainability (#5769) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-23 22:51:24 +08:00
memoclaw e176b28c80
feat(memo-preview): support comment metadata in previews (#5768) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-23 21:51:30 +08:00
memoclaw 22519b57a0 fix(web): prevent MemoContent prop leaks 2026-03-23 20:34:14 +08:00
memoclaw 45b21530d9
feat: add blur_content attribute to tag metadata settings (#5767) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-23 19:42:27 +08:00
memoclaw 9e04049632
feat: treat tag setting keys as anchored regex patterns (#5759) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-22 08:07:45 +08:00
memoclaw 9ded59a1aa
refactor(web): improve Settings page maintainability and consistency (#5757) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-21 15:05:48 +08:00
memoclaw d5de325ff4
refactor(web): simplify main layout sidebar structure (#5756) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-21 12:54:18 +08:00
memoclaw 4177898054
refactor(web): consolidate memo metadata components into MemoMetadata (#5755) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-21 09:04:15 +08:00
memoclaw ac077ac3d3
refactor(web): improve MemoView and MemoEditor maintainability (#5754) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-21 07:20:18 +08:00
memoclaw 7b4f3a9fa5 refactor(memo): simplify MemoDetail error handling, drop memo.failed-to-load i18n key 
The failed-to-load key was only used for non-ConnectError exceptions, which
are unreachable in practice since the Connect RPC client always wraps errors
as ConnectError. Use (error as Error).message as a plain fallback instead.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-20 20:19:44 +08:00
memoclaw 5f6f624635 i18n: add missing auth.protected-memo-notice and memo.failed-to-load fallbacks to all locales 
30 locale files were missing the two keys added in the auth redirect PR.
Added English fallback strings so all locales render properly until
community translations are contributed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-20 19:41:12 +08:00
xun zhao 7601708ae4
Redirect unauthenticated protected memo access to sign in (#5738) 2026-03-20 19:40:19 +08:00
fiatcode 551ee1d81f
fix(auth): recover session via refresh cookie when localStorage is empty (#5748) 2026-03-20 19:21:11 +08:00
memoclaw be00abe852
fix: sync html lang attribute with active locale (#5753) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-20 19:17:30 +08:00
google-labs-jules[bot] ff32869d2f
chore: improve access to default fields in cron parser (#5750) 
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-20 18:50:07 +08:00
google-labs-jules[bot] e0cc247823
chore: optimize multi-user RSS feed generation by fixing N+1 query (#5749) 
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
 2026-03-20 18:09:24 +08:00
google-labs-jules[bot] 23a7e99a21
chore: optimize unreact network requests (#5747) 
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: boojack <stevenlgtm@gmail.com>
 2026-03-20 18:08:28 +08:00
memoclaw a7cabb7ce6
refactor(web): remove masonry memo layout (#5746) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-20 09:01:43 +08:00
memoclaw 05810e7882
fix(memo-editor): scope Cmd+Enter save to the active editor (#5745) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-20 08:43:01 +08:00
memoclaw e0334cf0a8
refactor: restructure i18n locale keys for better maintainability (#5744) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-20 05:56:56 +08:00
memoclaw 6f1f3d81c5
chore: remove disallow_public_visibility setting (#5743) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-20 00:00:51 +08:00
memoclaw 3f3133d6e2
feat(memo): add share links for private memos (#5742) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-19 23:47:22 +08:00
memoclaw e164517773 test: remove raw SQL migration backfill test setup 2026-03-19 19:54:39 +08:00
memoclaw f759b416af
refactor(inbox): store memo comment payloads without activity records (#5741) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-19 19:33:25 +08:00
memoclaw a249d06e2e
feat(instance): add notification transport setting (#5737) 
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
 2026-03-19 09:18:28 +08:00
boojack 65d14fbb63
feat(instance): add canonical tag metadata setting (#5736) 2026-03-19 08:54:43 +08:00
boojack 330291d4d9
feat(user): add per-user tag metadata settings (#5735) 2026-03-18 23:15:14 +08:00
boojack 04f239a2fc
fix(api): remove public activity service (#5734) 2026-03-18 22:42:57 +08:00