* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
* Remove documents table (WIP)
* Further cleanup of documents table
* This should clean up the errors, but actual attachment handling still needs added.
* Full generation to update the JS side of things too
* Further fixes
* Fix cyclic dependency issue
* In theory the API side works now
* Fix go linting issues
* Fix frontend issues
* Way closer, but has a foreign key constrant issue
* UI actually works now
* Fix deduplication feature not working right
* Upgrade to `golangci-lint` v2 file
* Add ability to set primary during attachment creation
* Update swagger with new primary attachment during creation stuff
* Files are actually saved now, but there's still a bug
* Fix critical issue whith how deletions were working
* Fix the byte copy issue
* Hopefully everything is fixed now
* Fix golangci-lint config and lint files
* Fix lint issue
* Fix a few more tests
* Fix lint issues again
* More minor test fixes
* Update backend/internal/core/services/service_items_attachments.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix migration (I think)
* Fixed postgres migration
* Change some migration options to work better
* Some more little things that I tried
* Fix merge go.mod
* Fix migrations
* Little lint thing
* Fix AttachmentsList.vue with updated API
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* introduce scaffold for new models
* wip: shoutrrr wrapper (may remove)
* update schema files
* gen: ent code
* gen: migrations
* go mod tidy
* add group_id to notifier
* db migration
* new mapper helpers
* notifier repo
* introduce experimental adapter pattern for hdlrs
* refactor adapters to fit more common use cases
* new routes for notifiers
* update errors to fix validation panic
* go tidy
* reverse checkbox label display
* wip: notifiers UI
* use badges instead of text
* improve documentation
* add scaffold schema reference
* remove notifier service
* refactor schema folder
* support group edges via scaffold
* delete test file
* include link to API docs
* audit and update documentation + improve format
* refactor schema edges
* refactor
* add custom validator
* set validate + order fields by name
* fix failing tests
* schema changes
* db generate
* db migration
* add role based middleware
* implement attachment token access
* generate docs
* implement role based auth
* replace attachment specific tokens with gen token
* run linter
* cleanup temporary token implementation
Add archive option feature. Archived items can only be seen on the items page when including archived is selected. Archived items are excluded from the count and from other views
