mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
Julien G.
6072b969d6
* fix: collab chat input hidden by mobile bottom nav bar Closes #939 * chore: prepare database for nest + typeorm * fix(ssrf): relax internal network resolution (#947) * docs(ssrf): update Internal-Network-Access wiki to reflect relaxed guard Loopback, link-local, and .local/.internal hostnames are now all overridable with ALLOW_INTERNAL_NETWORK=true (commit9a08368). Merge the two-tier "always blocked / conditionally blocked" structure into a single table, add a warning about cloud metadata exposure. * fix(ssrf): let .local/.internal hostnames pass to IP-level checks The pre-DNS hostname block was redundant: any .local/.internal host that resolves to a private IP is already gated by isPrivateNetwork + ALLOW_INTERNAL_NETWORK, and any that resolves to loopback/link-local is caught by isAlwaysBlocked unconditionally. Dropping the hostname pre-check means Docker/LAN deployments can reach services on .local hostnames (e.g. immich.local) with ALLOW_INTERNAL_NETWORK=true, while loopback and link-local IPs (including 169.254.169.254) remain hard-blocked with no override. Reverts the isAlwaysBlocked guard loosening from9a08368. * fix(auth): trim username and email on all write paths Self-registration stored values verbatim, so trailing whitespace could produce rows that lookup code (which trims input) silently misses. Trim username and email before validation and INSERT in registerUser, adminService.updateUser, and oidcService.findOrCreateUser. updateSettings and adminService.createUser already trimmed correctly. Adds a one-shot backfill migration (trimUserWhitespace) that trims existing dirty rows; collisions are resolved by appending __migrated_<id> to the value with a loud console.warn so operators can review affected accounts. 18 new tests covering registration trim, duplicate detection, admin update trim, trip-member lookup regression, and all migration branches. * feat(notices): add v3014-whitespace-collision admin notice Adds a dismissible banner for admins on v3.0.14+ that fires only when the whitespace-trimming migration detected a username/email collision (stored in app_settings as whitespace_migration_collision=true). Notice conditions: existingUserBeforeVersion(3.0.14) + role=admin + custom predicate reading the app_settings flag. Predicate registered in registry.ts; migration step writes the flag when hadCollision=true. All 15 translation files updated with title/body keys. 7 integration tests added (SN-COLLISION-1 through -7) covering all condition branches: shown when all conditions met, hidden when flag absent/false, hidden for non-admin, hidden for new user, hidden below min app version, hidden after dismissal.
179 lines
6.2 KiB
TypeScript
179 lines
6.2 KiB
TypeScript
import type { SystemNotice } from './types.js';
|
|
import { registerPredicate } from './conditions.js';
|
|
import { db } from '../db/database.js';
|
|
|
|
registerPredicate('whitespace-collision-detected', () => {
|
|
const row = db.prepare("SELECT value FROM app_settings WHERE key = 'whitespace_migration_collision'").get() as { value: string } | undefined;
|
|
return row?.value === 'true';
|
|
});
|
|
|
|
/**
|
|
* SYSTEM NOTICE REGISTRY
|
|
*
|
|
* Rules for authoring:
|
|
* - NEVER remove or renumber entries — dismissal tracking is keyed by `id`.
|
|
* - `id` must be globally unique and stable across deployments.
|
|
* - Title: ≤40 chars, sentence case, no trailing punctuation.
|
|
* - Body: markdown (modal) or plain text (banner/toast). ≤400/140/80 chars.
|
|
* - CTA label: ≤20 chars, a verb.
|
|
* - Never hardcode version numbers/dates in translated strings — use bodyParams.
|
|
* - See plans/system-notices/00-overview.md for full authoring guidelines.
|
|
*/
|
|
export const SYSTEM_NOTICES: SystemNotice[] = [
|
|
// ── 3.0.0 upgrade notices (shown as a multipage modal to pre-3.0 users) ─────
|
|
|
|
{
|
|
// Page 1 — breaking change first (warn → sorts before the two info notices)
|
|
id: 'v3-photos',
|
|
display: 'modal',
|
|
severity: 'warn',
|
|
icon: 'ImageOff',
|
|
titleKey: 'system_notice.v3_photos.title',
|
|
bodyKey: 'system_notice.v3_photos.body',
|
|
dismissible: true,
|
|
conditions: [{ kind: 'existingUserBeforeVersion', version: '3.0.0' }],
|
|
publishedAt: '2026-04-16T00:00:00Z',
|
|
priority: 90,
|
|
minVersion: '3.0.0',
|
|
maxVersion: '4.0.0',
|
|
},
|
|
|
|
{
|
|
// Page 2 — flagship feature (only when Journey addon is enabled)
|
|
id: 'v3-journey',
|
|
display: 'modal',
|
|
severity: 'info',
|
|
icon: 'BookOpen',
|
|
titleKey: 'system_notice.v3_journey.title',
|
|
bodyKey: 'system_notice.v3_journey.body',
|
|
highlights: [
|
|
{ labelKey: 'system_notice.v3_journey.highlight_timeline', iconName: 'CalendarDays' },
|
|
{ labelKey: 'system_notice.v3_journey.highlight_photos', iconName: 'Images' },
|
|
{ labelKey: 'system_notice.v3_journey.highlight_share', iconName: 'Globe' },
|
|
{ labelKey: 'system_notice.v3_journey.highlight_export', iconName: 'FileText' },
|
|
],
|
|
cta: {
|
|
kind: 'nav',
|
|
labelKey: 'system_notice.v3_journey.cta_label',
|
|
href: '/journey',
|
|
},
|
|
dismissible: true,
|
|
conditions: [
|
|
{ kind: 'existingUserBeforeVersion', version: '3.0.0' },
|
|
{ kind: 'addonEnabled', addonId: 'journey' },
|
|
],
|
|
publishedAt: '2026-04-16T00:00:00Z',
|
|
priority: 80,
|
|
minVersion: '3.0.0',
|
|
maxVersion: '4.0.0',
|
|
},
|
|
|
|
{
|
|
// Page 3 — MCP OAuth 2.1 upgrade (only when MCP addon is enabled)
|
|
id: 'v3-mcp',
|
|
display: 'modal',
|
|
severity: 'warn',
|
|
icon: 'Bot',
|
|
titleKey: 'system_notice.v3_mcp.title',
|
|
bodyKey: 'system_notice.v3_mcp.body',
|
|
highlights: [
|
|
{ labelKey: 'system_notice.v3_mcp.highlight_oauth', iconName: 'KeyRound' },
|
|
{ labelKey: 'system_notice.v3_mcp.highlight_scopes', iconName: 'ShieldCheck' },
|
|
{ labelKey: 'system_notice.v3_mcp.highlight_deprecated', iconName: 'AlertTriangle' },
|
|
{ labelKey: 'system_notice.v3_mcp.highlight_tools', iconName: 'Wrench' },
|
|
],
|
|
dismissible: true,
|
|
conditions: [
|
|
{ kind: 'existingUserBeforeVersion', version: '3.0.0' },
|
|
{ kind: 'addonEnabled', addonId: 'mcp' },
|
|
],
|
|
publishedAt: '2026-04-16T00:00:00Z',
|
|
priority: 75,
|
|
minVersion: '3.0.0',
|
|
maxVersion: '4.0.0',
|
|
},
|
|
|
|
{
|
|
// Page 4 — other highlights
|
|
id: 'v3-features',
|
|
display: 'modal',
|
|
severity: 'info',
|
|
icon: 'Sparkles',
|
|
titleKey: 'system_notice.v3_features.title',
|
|
bodyKey: 'system_notice.v3_features.body',
|
|
highlights: [
|
|
{ labelKey: 'system_notice.v3_features.highlight_dashboard', iconName: 'LayoutDashboard' },
|
|
{ labelKey: 'system_notice.v3_features.highlight_offline', iconName: 'WifiOff' },
|
|
{ labelKey: 'system_notice.v3_features.highlight_search', iconName: 'Search' },
|
|
{ labelKey: 'system_notice.v3_features.highlight_import', iconName: 'FileInput' },
|
|
],
|
|
dismissible: true,
|
|
conditions: [{ kind: 'existingUserBeforeVersion', version: '3.0.0' }],
|
|
publishedAt: '2026-04-16T00:00:00Z',
|
|
priority: 70,
|
|
minVersion: '3.0.0',
|
|
maxVersion: '4.0.0',
|
|
},
|
|
|
|
{
|
|
// Page 1 — personal thank-you from the creator (shown first)
|
|
id: 'v3-thankyou',
|
|
display: 'modal',
|
|
severity: 'info',
|
|
icon: 'Heart',
|
|
titleKey: 'system_notice.v3_thankyou.title',
|
|
bodyKey: 'system_notice.v3_thankyou.body',
|
|
dismissible: true,
|
|
conditions: [{ kind: 'existingUserBeforeVersion', version: '3.0.0' }],
|
|
publishedAt: '2026-04-16T00:00:00Z',
|
|
priority: 95,
|
|
minVersion: '3.0.0',
|
|
maxVersion: '4.0.0',
|
|
},
|
|
|
|
// ── 3.0.14 admin notice — whitespace migration collision ───────────────────
|
|
|
|
{
|
|
id: 'v3014-whitespace-collision',
|
|
display: 'banner',
|
|
severity: 'warn',
|
|
icon: 'AlertTriangle',
|
|
titleKey: 'system_notice.v3014_whitespace_collision.title',
|
|
bodyKey: 'system_notice.v3014_whitespace_collision.body',
|
|
dismissible: true,
|
|
conditions: [
|
|
{ kind: 'existingUserBeforeVersion', version: '3.0.14' },
|
|
{ kind: 'role', roles: ['admin'] },
|
|
{ kind: 'custom', id: 'whitespace-collision-detected' },
|
|
],
|
|
publishedAt: '2026-05-03T00:00:00Z',
|
|
priority: 85,
|
|
minVersion: '3.0.14',
|
|
},
|
|
|
|
// ── Onboarding ─────────────────────────────────────────────────────────────
|
|
|
|
{
|
|
id: 'welcome-v1',
|
|
display: 'modal',
|
|
severity: 'info',
|
|
icon: 'Sparkles',
|
|
titleKey: 'system_notice.welcome_v1.title',
|
|
bodyKey: 'system_notice.welcome_v1.body',
|
|
highlights: [
|
|
{ labelKey: 'system_notice.welcome_v1.highlight_plan', iconName: 'Map' },
|
|
{ labelKey: 'system_notice.welcome_v1.highlight_share', iconName: 'Users' },
|
|
{ labelKey: 'system_notice.welcome_v1.highlight_offline', iconName: 'WifiOff' },
|
|
],
|
|
cta: {
|
|
kind: 'action',
|
|
labelKey: 'system_notice.welcome_v1.cta_label',
|
|
actionId: 'open:trip-create',
|
|
},
|
|
dismissible: true,
|
|
conditions: [{ kind: 'firstLogin' }],
|
|
publishedAt: '2026-04-16T00:00:00Z',
|
|
priority: 100,
|
|
},
|
|
];
|