Commit Graph

6767 Commits

Author SHA1 Message Date
pengx17 d2b482bcb2 fix(electron): incorrect path to root dir (#8220) 2024-09-12 09:00:18 +00:00
renovate 23c7f8b01d chore: bump up express version to v4.20.0 [SECURITY] (#8205)
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [express](http://expressjs.com/) ([source](https://redirect.github.com/expressjs/express)) | [`4.19.2` -> `4.20.0`](https://renovatebot.com/diffs/npm/express/4.19.2/4.20.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.19.2/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.19.2/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2024-43796](https://redirect.github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx)

### Impact

In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code

### Patches

this issue is patched in express 4.20.0

### Workarounds

users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist

### Details

successful exploitation of this vector requires the following:

1. The attacker MUST control the input to response.redirect()
1. express MUST NOT redirect before the template appears
1. the browser MUST NOT complete redirection before:
1. the user MUST click on the link in the template

---

### Release Notes

<details>
<summary>expressjs/express (express)</summary>

### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10)

[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0)

\==========

-   deps: serve-static@0.16.0
    -   Remove link renderization in html while redirecting
-   deps: send@0.19.0
    -   Remove link renderization in html while redirecting
-   deps: body-parser@0.6.0
    -   add `depth` option to customize the depth level in the parser
    -   IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
-   Remove link renderization in html while using `res.redirect`
-   deps: path-to-regexp@0.1.10
    -   Adds support for named matching groups in the routes using a regex
    -   Adds backtracking protection to parameters without regexes defined
-   deps: encodeurl@~2.0.0
    -   Removes encoding of `\`, `|`, and `^` to align better with URL spec
-   Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
    -   Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-09-12 08:43:05 +00:00
fundon 8a9d9b42a3 feat(core): support block links on cmdk (#8192)
Upstreams: https://github.com/toeverything/blocksuite/pull/8260
Closes: [BS-1323](https://linear.app/affine-design/issue/BS-1323/粘贴-link-to-block-到-link-弹窗,不符合预期)
2024-09-12 08:25:28 +00:00
JimmFly 2cba8a4ccd fix(core): title could not be changed when creating a new doc (#8203)
Before change, the title could not be modified from outside the editor without refreshing:

https://github.com/user-attachments/assets/536acba1-4e31-418a-bc1a-8578e3128bba

after:

https://github.com/user-attachments/assets/30a4b270-b8b1-4787-acef-0ab2a72a8f74
2024-09-12 07:55:23 +00:00
EYHN cc5a6e6d40 refactor: new project struct (#8199)
packages/frontend/web -> packages/frontend/apps/web
packages/frontend/mobile -> packages/frontend/apps/mobile
packages/frontend/electron -> packages/frontend/apps/electron
2024-09-12 07:42:57 +00:00
L-Sun 7c4eab6cd3 fix(core): add edit entry for mobile edition (#8173) 2024-09-12 06:48:22 +00:00
JimmFly 8e71815e46 fix(component): windows client does not have app controls on some pages (#8176)
close AF-1266
2024-09-12 06:35:55 +00:00
EYHN 3999b04cf1 feat(core): download template from snapshot url (#8211) 2024-09-12 06:21:52 +00:00
zzj3720 aad7b90859 feat(core): add database full-width feature flag (#8210) 2024-09-12 05:14:13 +00:00
akumatus 456aa047cb fix: missing font in text preview of editor settings (#8213)
Close issue [BS-1394](https://linear.app/affine-design/issue/BS-1394).

Add `FontConfigExtension` to `edgeless:preview` spec.
2024-09-12 04:40:17 +00:00
doouding 393dcfec78 feat: bump bs (#8212)
https://github.com/toeverything/blocksuite/pull/8311
2024-09-12 04:28:14 +00:00
pengx17 24bf1beac8 fix(electron): devtools open in detach mode (#8200)
fix AF-1380
2024-09-12 03:20:19 +00:00
CatsJuice 8bf0458ef4 fix(mobile): remove all focus style for link and button (#8208) 2024-09-12 03:07:31 +00:00
Saul-Mirone ba81b1a9ca chore: bump bs (#8204) 2024-09-11 12:04:26 +00:00
fundon b74dd1c92e feat(core): support block links on Bi-Directional Links (#8169)
Clsoes [AF-1348](https://linear.app/affine-design/issue/AF-1348/修复-bi-directional-links-里面的链接地址)

* Links to the current document should be ignored on `Backlinks`
* Links to the current document should be ignored on `Outgoing links`

https://github.com/user-attachments/assets/dbc43cea-5aca-4c6f-886a-356e3a91c1f1
2024-09-11 11:08:12 +00:00
CatsJuice b7d05d2078 feat(core): new empty states for doc/collection/tag (#8197)
AF-1329, AF-1330
2024-09-11 10:48:52 +00:00
akumatus f12655655e feat: add mindmap and connector settings (#8198)
### What changed?
- Add `connector` label settings.
- Add `mindmap` style settings.
- Add skeleton loading placeholder.

<div class='graphite__hidden'>
          <div>🎥 Video uploaded on Graphite:</div>
            <a href="https://app.graphite.dev/media/video/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">
              <img src="https://app.graphite.dev/api/v1/graphite/video/thumbnail/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">
            </a>
          </div>
<video src="https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">录屏2024-09-11 16.30.17.mov</video>
2024-09-11 09:17:11 +00:00
EYHN 85aa73bcf6 fix(core): disconnect ws when user logout (#8188) 2024-09-11 07:55:42 +00:00
EYHN d93c3b3719 feat(core): user data db (#7930) 2024-09-11 07:55:37 +00:00
EYHN 498a69af53 feat(core): move enable ai to feature flag (#8195) 2024-09-11 07:42:07 +00:00
EYHN 8c191e6baa feat(core): preview template & snapshot import (#8193) 2024-09-11 07:11:33 +00:00
doouding 52d9569f47 feat: add mind map import feature flag (#8196) 2024-09-11 06:27:47 +00:00
EYHN f009371e06 fix(core): fix menu shaking (#8187) 2024-09-11 03:42:13 +00:00
forehalo 7a546ff8a1 feat(core): add auth metrics (#8194)
close AF-849
2024-09-11 03:28:32 +00:00
CatsJuice 81ab8ac8b3 feat(mobile): pwa and browser theme-color optimization (#8168)
[AF-1325](https://linear.app/affine-design/issue/AF-1325/优化-pwa-体验), [AF-1317](https://linear.app/affine-design/issue/AF-1317/优化:-pwa-的顶部-status-bar-颜色应与背景保持一致), [AF-1318](https://linear.app/affine-design/issue/AF-1318/优化:pwa-的底部应当有符合设备安全高度的padding), [AF-1321](https://linear.app/affine-design/issue/AF-1321/更新一下-fail-的-pwa-icon)

- New `<SafeArea />` ui component
- New `useThemeColorV1` / `useThemeColorV2` hook:
    - to modify `<meta name="theme-color" />` with given theme key
2024-09-11 02:20:59 +00:00
L-Sun 9038592715 fix(core): disable append paragraph in shared page editor (#8191)
Disable append paragraph function for readonly or shared page editor.

### Before

![CleanShot 2024-09-10 at 22.26.04@2x.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/MyRfgiN4RuBxJfrza3SG/3ab206a2-8e30-4212-9d5d-3073ec489644.png)
2024-09-10 15:33:52 +00:00
L-Sun 6ce6cb33ef feat(core): add outline viewer for share page (#8190) 2024-09-10 14:00:17 +00:00
Saul-Mirone daa9d9ff5c chore: bump bs (#8189) 2024-09-10 13:48:08 +00:00
darkskygit 95738e796f fix: client captcha (#8186) 2024-09-10 09:34:21 +00:00
JimmFly 9ccf517e06 chore: adjust the border color of Point component (#8185)
close AF-1367
2024-09-10 09:22:34 +00:00
JimmFly 31561d8203 chore: bump theme version (#8184) 2024-09-10 09:05:30 +00:00
donteatfriedrice 9dfd366382 fix: ai error message tip would be cut off (#8183)
Use `<affine-tooltip>` component that updates the float position when it might be clipped。

Fix: [BS-1386](https://linear.app/affine-design/issue/BS-1386/[bug]-tooltip-位置错误)
2024-09-10 08:12:05 +00:00
JimmFly 4c0d0ab8de fix(core): page jumps unexpectedly when clicking the collection operation (#8182)
close AF-1371

https://github.com/user-attachments/assets/9cc25790-8755-458c-94ac-a8d1b584c428
2024-09-10 06:38:33 +00:00
EYHN 0cdc486f1f fix(core): reduce state refresh (#8181) 2024-09-10 06:21:15 +00:00
pengx17 fb76fdfca3 fix(core): menu not scrollable when opening in modal (#8179)
fix AF-1360

When menu (with modal = false) is rendered in Modal, the [RemoveScroll utility wrapped by Modal](https://github.com/radix-ui/primitives/blob/660060a765634e9cc7bf4513f41e8dabc9824d74/packages/react/dialog/src/Dialog.tsx#L203) will prevent menu from scrolling.

The reason why menu is scrollable within a dialog is because it is also wrapped a RemoveScroll [when modal is on. ](https://github.com/radix-ui/primitives/blob/660060a765634e9cc7bf4513f41e8dabc9824d74/packages/react/menu/src/Menu.tsx#L305)

In this fix, added a `useWithinModal` utility hook so that menu will automatically assign noportal mode for menu when it is rendered inside of a modal.
2024-09-10 06:09:00 +00:00
JimmFly 9d343bdaa6 feat(core): add enable url preview to workspace settings (#8089) 2024-09-10 04:04:06 +00:00
Brooooooklyn fe1eefdbb2 feat: init renderer server (#8088) 2024-09-10 04:03:59 +00:00
forehalo 0add8917f9 feat(server): enable share og information for docs (#7794) 2024-09-10 04:03:52 +00:00
darkskygit 34eac4c24e feat: improve ai query performance (#8170) 2024-09-09 09:39:28 +00:00
JimmFly b48cc825e0 fix(core): unexpected jump when clicking save tag (#8171)
close AF-1285

https://github.com/user-attachments/assets/1ec4adf5-4340-4e94-9e56-6a05e7a65f18
2024-09-09 07:54:56 +00:00
forehalo 32f673fa3d perf(server): index lower user email (#8167) 2024-09-09 04:43:59 +00:00
JimmFly a7ecfea3b5 fix(core): disable border thickness setting when no border is selected (#8152)
close AF-1351
2024-09-09 03:25:04 +00:00
fundon 6b266e3a1b fix(core): link copying and pasting (#8157)
Related to: https://github.com/toeverything/blocksuite/pull/8233
2024-09-09 03:11:20 +00:00
forehalo d31565eb98 ci(mobile): typecheck (#8166) 2024-09-09 02:59:50 +00:00
darkskygit 2a135d8a93 feat: add index for snapshots (#8163) v0.17.0-beta.4 2024-09-08 13:49:41 +00:00
forehalo 57083905ff fix(core): strict client oauth parameters check (#8159) 2024-09-08 12:44:47 +00:00
forehalo 63e1fce3ca perf(server): accelerate user workspace permission queries (#8161) 2024-09-08 12:04:00 +00:00
forehalo 87e9ff01b5 perf(server): avoid filter doc snapshot by non-indexed updatedAt (#8160) 2024-09-08 12:03:55 +00:00
Saul-Mirone 32d3769201 chore: bump bs (#8153) 2024-09-07 04:08:22 +00:00
CatsJuice 87ed358f2e fix(mobile): adjust mobile ui (#8112)
close AF-1274, AF-1320, AF-1333
v0.17.0-canary.9
2024-09-06 13:40:10 +00:00