Commit Graph

6870 Commits

Author SHA1 Message Date
Saul-Mirone
445acfa323
chore: bump bs (#8227) 2024-09-13 02:10:16 +00:00
fundon
39a5d8e64f
fix(core): reference link icon (#8223)
Closes [AF-1384](https://linear.app/affine-design/issue/AF-1384/edgeless-reference-icon-在fail版本中显示不正确)
2024-09-12 11:56:07 +00:00
pengx17
4b920a867c
fix(electron): app fallback styles (#8225) 2024-09-12 11:21:29 +00:00
pengx17
d2b482bcb2
fix(electron): incorrect path to root dir (#8220) 2024-09-12 09:00:18 +00:00
renovate
23c7f8b01d
chore: bump up express version to v4.20.0 [SECURITY] (#8205)
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [express](http://expressjs.com/) ([source](https://redirect.github.com/expressjs/express)) | [`4.19.2` -> `4.20.0`](https://renovatebot.com/diffs/npm/express/4.19.2/4.20.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.19.2/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.19.2/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2024-43796](https://redirect.github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx)

### Impact

In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code

### Patches

this issue is patched in express 4.20.0

### Workarounds

users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist

### Details

successful exploitation of this vector requires the following:

1. The attacker MUST control the input to response.redirect()
1. express MUST NOT redirect before the template appears
1. the browser MUST NOT complete redirection before:
1. the user MUST click on the link in the template

---

### Release Notes

<details>
<summary>expressjs/express (express)</summary>

### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10)

[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0)

\==========

-   deps: serve-static@0.16.0
    -   Remove link renderization in html while redirecting
-   deps: send@0.19.0
    -   Remove link renderization in html while redirecting
-   deps: body-parser@0.6.0
    -   add `depth` option to customize the depth level in the parser
    -   IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
-   Remove link renderization in html while using `res.redirect`
-   deps: path-to-regexp@0.1.10
    -   Adds support for named matching groups in the routes using a regex
    -   Adds backtracking protection to parameters without regexes defined
-   deps: encodeurl@~2.0.0
    -   Removes encoding of `\`, `|`, and `^` to align better with URL spec
-   Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
    -   Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2024-09-12 08:43:05 +00:00
fundon
8a9d9b42a3
feat(core): support block links on cmdk (#8192)
Upstreams: https://github.com/toeverything/blocksuite/pull/8260
Closes: [BS-1323](https://linear.app/affine-design/issue/BS-1323/粘贴-link-to-block-到-link-弹窗,不符合预期)
2024-09-12 08:25:28 +00:00
JimmFly
2cba8a4ccd
fix(core): title could not be changed when creating a new doc (#8203)
Before change, the title could not be modified from outside the editor without refreshing:

https://github.com/user-attachments/assets/536acba1-4e31-418a-bc1a-8578e3128bba

after:

https://github.com/user-attachments/assets/30a4b270-b8b1-4787-acef-0ab2a72a8f74
2024-09-12 07:55:23 +00:00
EYHN
cc5a6e6d40
refactor: new project struct (#8199)
packages/frontend/web -> packages/frontend/apps/web
packages/frontend/mobile -> packages/frontend/apps/mobile
packages/frontend/electron -> packages/frontend/apps/electron
2024-09-12 07:42:57 +00:00
L-Sun
7c4eab6cd3
fix(core): add edit entry for mobile edition (#8173) 2024-09-12 06:48:22 +00:00
JimmFly
8e71815e46
fix(component): windows client does not have app controls on some pages (#8176)
close AF-1266
2024-09-12 06:35:55 +00:00
EYHN
3999b04cf1
feat(core): download template from snapshot url (#8211) 2024-09-12 06:21:52 +00:00
zzj3720
aad7b90859 feat(core): add database full-width feature flag (#8210) 2024-09-12 05:14:13 +00:00
akumatus
456aa047cb
fix: missing font in text preview of editor settings (#8213)
Close issue [BS-1394](https://linear.app/affine-design/issue/BS-1394).

Add `FontConfigExtension` to `edgeless:preview` spec.
2024-09-12 04:40:17 +00:00
doouding
393dcfec78
feat: bump bs (#8212)
https://github.com/toeverything/blocksuite/pull/8311
2024-09-12 04:28:14 +00:00
pengx17
24bf1beac8
fix(electron): devtools open in detach mode (#8200)
fix AF-1380
2024-09-12 03:20:19 +00:00
CatsJuice
8bf0458ef4
fix(mobile): remove all focus style for link and button (#8208) 2024-09-12 03:07:31 +00:00
Saul-Mirone
ba81b1a9ca
chore: bump bs (#8204) 2024-09-11 12:04:26 +00:00
fundon
b74dd1c92e
feat(core): support block links on Bi-Directional Links (#8169)
Clsoes [AF-1348](https://linear.app/affine-design/issue/AF-1348/修复-bi-directional-links-里面的链接地址)

* Links to the current document should be ignored on `Backlinks`
* Links to the current document should be ignored on `Outgoing links`

https://github.com/user-attachments/assets/dbc43cea-5aca-4c6f-886a-356e3a91c1f1
2024-09-11 11:08:12 +00:00
CatsJuice
b7d05d2078
feat(core): new empty states for doc/collection/tag (#8197)
AF-1329, AF-1330
2024-09-11 10:48:52 +00:00
akumatus
f12655655e
feat: add mindmap and connector settings (#8198)
### What changed?
- Add `connector` label settings.
- Add `mindmap` style settings.
- Add skeleton loading placeholder.

<div class='graphite__hidden'>
          <div>🎥 Video uploaded on Graphite:</div>
            <a href="https://app.graphite.dev/media/video/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">
              <img src="https://app.graphite.dev/api/v1/graphite/video/thumbnail/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">
            </a>
          </div>
<video src="https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">录屏2024-09-11 16.30.17.mov</video>
2024-09-11 09:17:11 +00:00
EYHN
85aa73bcf6
fix(core): disconnect ws when user logout (#8188) 2024-09-11 07:55:42 +00:00
EYHN
d93c3b3719
feat(core): user data db (#7930) 2024-09-11 07:55:37 +00:00
EYHN
498a69af53
feat(core): move enable ai to feature flag (#8195) 2024-09-11 07:42:07 +00:00
EYHN
8c191e6baa
feat(core): preview template & snapshot import (#8193) 2024-09-11 07:11:33 +00:00
doouding
52d9569f47
feat: add mind map import feature flag (#8196) 2024-09-11 06:27:47 +00:00
EYHN
f009371e06
fix(core): fix menu shaking (#8187) 2024-09-11 03:42:13 +00:00
forehalo
7a546ff8a1
feat(core): add auth metrics (#8194)
close AF-849
2024-09-11 03:28:32 +00:00
CatsJuice
81ab8ac8b3
feat(mobile): pwa and browser theme-color optimization (#8168)
[AF-1325](https://linear.app/affine-design/issue/AF-1325/优化-pwa-体验), [AF-1317](https://linear.app/affine-design/issue/AF-1317/优化:-pwa-的顶部-status-bar-颜色应与背景保持一致), [AF-1318](https://linear.app/affine-design/issue/AF-1318/优化:pwa-的底部应当有符合设备安全高度的padding), [AF-1321](https://linear.app/affine-design/issue/AF-1321/更新一下-fail-的-pwa-icon)

- New `<SafeArea />` ui component
- New `useThemeColorV1` / `useThemeColorV2` hook:
    - to modify `<meta name="theme-color" />` with given theme key
2024-09-11 02:20:59 +00:00
L-Sun
9038592715
fix(core): disable append paragraph in shared page editor (#8191)
Disable append paragraph function for readonly or shared page editor.

### Before

![CleanShot 2024-09-10 at 22.26.04@2x.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/MyRfgiN4RuBxJfrza3SG/3ab206a2-8e30-4212-9d5d-3073ec489644.png)
2024-09-10 15:33:52 +00:00
L-Sun
6ce6cb33ef
feat(core): add outline viewer for share page (#8190) 2024-09-10 14:00:17 +00:00
Saul-Mirone
daa9d9ff5c
chore: bump bs (#8189) 2024-09-10 13:48:08 +00:00
darkskygit
95738e796f
fix: client captcha (#8186) 2024-09-10 09:34:21 +00:00
JimmFly
9ccf517e06
chore: adjust the border color of Point component (#8185)
close AF-1367
2024-09-10 09:22:34 +00:00
JimmFly
31561d8203
chore: bump theme version (#8184) 2024-09-10 09:05:30 +00:00
donteatfriedrice
9dfd366382
fix: ai error message tip would be cut off (#8183)
Use `<affine-tooltip>` component that updates the float position when it might be clipped。

Fix: [BS-1386](https://linear.app/affine-design/issue/BS-1386/[bug]-tooltip-位置错误)
2024-09-10 08:12:05 +00:00
JimmFly
4c0d0ab8de
fix(core): page jumps unexpectedly when clicking the collection operation (#8182)
close AF-1371

https://github.com/user-attachments/assets/9cc25790-8755-458c-94ac-a8d1b584c428
2024-09-10 06:38:33 +00:00
EYHN
0cdc486f1f
fix(core): reduce state refresh (#8181) 2024-09-10 06:21:15 +00:00
pengx17
fb76fdfca3
fix(core): menu not scrollable when opening in modal (#8179)
fix AF-1360

When menu (with modal = false) is rendered in Modal, the [RemoveScroll utility wrapped by Modal](660060a765/packages/react/dialog/src/Dialog.tsx (L203)) will prevent menu from scrolling.

The reason why menu is scrollable within a dialog is because it is also wrapped a RemoveScroll [when modal is on. ](660060a765/packages/react/menu/src/Menu.tsx (L305))

In this fix, added a `useWithinModal` utility hook so that menu will automatically assign noportal mode for menu when it is rendered inside of a modal.
2024-09-10 06:09:00 +00:00
JimmFly
9d343bdaa6
feat(core): add enable url preview to workspace settings (#8089) 2024-09-10 04:04:06 +00:00
Brooooooklyn
fe1eefdbb2
feat: init renderer server (#8088) 2024-09-10 04:03:59 +00:00
forehalo
0add8917f9
feat(server): enable share og information for docs (#7794) 2024-09-10 04:03:52 +00:00
darkskygit
34eac4c24e
feat: improve ai query performance (#8170) 2024-09-09 09:39:28 +00:00
JimmFly
b48cc825e0
fix(core): unexpected jump when clicking save tag (#8171)
close AF-1285

https://github.com/user-attachments/assets/1ec4adf5-4340-4e94-9e56-6a05e7a65f18
2024-09-09 07:54:56 +00:00
forehalo
32f673fa3d
perf(server): index lower user email (#8167) 2024-09-09 04:43:59 +00:00
JimmFly
a7ecfea3b5
fix(core): disable border thickness setting when no border is selected (#8152)
close AF-1351
2024-09-09 03:25:04 +00:00
fundon
6b266e3a1b
fix(core): link copying and pasting (#8157)
Related to: https://github.com/toeverything/blocksuite/pull/8233
2024-09-09 03:11:20 +00:00
forehalo
d31565eb98
ci(mobile): typecheck (#8166) 2024-09-09 02:59:50 +00:00
darkskygit
2a135d8a93
feat: add index for snapshots (#8163) 2024-09-08 13:49:41 +00:00
forehalo
57083905ff
fix(core): strict client oauth parameters check (#8159) 2024-09-08 12:44:47 +00:00
forehalo
63e1fce3ca
perf(server): accelerate user workspace permission queries (#8161) 2024-09-08 12:04:00 +00:00