* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
* feat: add decimal support to currency system with ISO 4217 data integration
* Harden currency formatting: add decimal bounds, input validation, and robust error handling
* Fixed issues raised by coderrabitai
* Fixed linting issue
* feat: improved duplicate
* feat: enhance item duplication process with transaction handling and error logging for attachments and fields
* feat: add error logging during transaction rollback in item duplication process for better debugging
* feat: don't try and rollback is the commit succeeded
* feat: add customizable duplication options for items, including prefix and field copying settings in API and UI
* fix: simplify duplication checks for custom fields, attachments, and maintenance entries in ItemsRepository duplication method
* refactor: import DuplicateSettings type from composables and sort import issues
* Remove documents table (WIP)
* Further cleanup of documents table
* This should clean up the errors, but actual attachment handling still needs added.
* Full generation to update the JS side of things too
* Further fixes
* Fix cyclic dependency issue
* In theory the API side works now
* Fix go linting issues
* Fix frontend issues
* Way closer, but has a foreign key constrant issue
* UI actually works now
* Fix deduplication feature not working right
* Upgrade to `golangci-lint` v2 file
* Add ability to set primary during attachment creation
* Update swagger with new primary attachment during creation stuff
* Files are actually saved now, but there's still a bug
* Fix critical issue whith how deletions were working
* Fix the byte copy issue
* Hopefully everything is fixed now
* Fix golangci-lint config and lint files
* Fix lint issue
* Fix a few more tests
* Fix lint issues again
* More minor test fixes
* Update backend/internal/core/services/service_items_attachments.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix migration (I think)
* Fixed postgres migration
* Change some migration options to work better
* Some more little things that I tried
* Fix merge go.mod
* Fix migrations
* Little lint thing
* Fix AttachmentsList.vue with updated API
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: Add URL column to CSV export for items
Enhanced the CSV export functionality to include a URL field for each item. This change required updating the export logic to generate and include item URLs based on the request's referer header.
* chore: add URL configuration to V1Controller for dynamic URL handling in item export
* add: norwegian kroner
Adding the currency of norwegian krones back into the file. There was an earlier commit where this seems to have dropped of the table.
* fix: using the correct terms for the currency.
* rough implementation of WS based event system for server side notifications of mutation
* fix test construction
* fix deadlock on event bus
* disable linter error
* add item mutation events
* remove old event bus code
* refactor event system to use composables
* refresh items table when new item is added
* fix create form errors
* cleanup unnecessary calls
* fix importer erorrs + limit fn calls on import
Former-commit-id: 2cbcc8bb1d
* new PR tasks
* add homebox to know words
* formatting
* bump deps
* generate db models
* ts errors
* drop id
* fix accessor
* drop unused time field
* change CI
* add expected error
* add type check
* resolve serveral type errors
* hoise in CI
* schema changes
* db generate
* db migration
* add role based middleware
* implement attachment token access
* generate docs
* implement role based auth
* replace attachment specific tokens with gen token
* run linter
* cleanup temporary token implementation
