happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,370 Commits 3 Branches 90 Tags 198 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
=AhmedAshraf a0cfdd3737 feat: add memo color customization 2026-03-22 17:57:16 +02:00
milvasic ea0892a8b2
feat: add live refresh via Server-Sent Events (SSE) with visual indicator (#5638) 
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: milvasic <milvasic@users.noreply.github.com>
 2026-03-03 22:56:12 +08:00
Johnny c7b48b800f fix: add access control checks for attachments, comments, and reactions 
Security fixes for multiple authorization bypass vulnerabilities:

- GetAttachment: Add visibility check via checkAttachmentAccess helper
- UpdateAttachment: Add ownership check (creator or admin only)
- Fileserver: Require creator/admin auth for unlinked attachments
- ListMemoAttachments: Add memo visibility check
- CreateMemoComment: Add memo visibility check for target memo
- ListMemoReactions: Add memo visibility check
- UpsertMemoReaction: Add memo visibility check

All checks follow the existing pattern used in GetMemo for consistency.
 2026-01-31 23:02:30 +08:00
Johnny d7284fe867 refactor: nest reaction resource names under memos 2025-12-30 23:29:54 +08:00
Johnny 7932f6d0d0
refactor: user auth improvements (#5360) 2025-12-18 18:15:51 +08:00
boojack 21d31e3609
fix(security): implement security review recommendations (#5228) 
Co-authored-by: Claude <noreply@anthropic.com>
 2025-11-06 23:32:27 +08:00
Florian Dewald 769dcd0cf9
fix(security): add missing authorization checks to various services (#5217) 2025-11-06 19:42:44 +08:00
Johnny efe6013c36 fix: add user authentication checks 2025-10-08 20:30:05 +08:00
varsnotwars a9508b2546
chore: simplify convert reaction (#5001) 2025-08-14 00:06:23 +08:00
Steven 83febf9928 chore: clean resource definition 2025-06-23 21:08:25 +08:00
Steven 9972a77d9e refactor: memo service 2025-06-18 19:58:38 +08:00
johnnyjoy f1308ddd27 refactor: update part of resource identifier 2025-01-19 23:03:22 +08:00
Steven e527b6a878 feat: move reaction type to setting 2024-10-10 21:06:32 +08:00
Steven 1ccfa81cf3 chore: tweak common function 2024-05-26 11:02:23 +08:00
Steven 20dd3e17f7 chore: rename router package 2024-05-01 10:28:32 +08:00
Renamed from server/route/api/v1/reaction_service.go (Browse further)