yoinkkk/ExcaliDash
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
195 Commits 24 Branches 17 Tags
75cbe97bc09f89a6873e801a2149f0ed53e62e90
Commit Graph

112 Commits

Author SHA1 Message Date
tototomate123 75cbe97bc0 feat(collab): restore cross-account sharing and reliable realtime sync 2026-02-13 19:02:03 +01:00
tototomate123 fe58cf7e89 update to excalidraw 0.18.0 2026-02-12 20:32:53 +01:00
tototomate123 6061d4ab94 fix(auth): align frontend password validation with production policy 2026-02-12 19:58:13 +01:00
tototomate123 6fe2ab3d28 fix(deploy): align /api routing, socket path, and proxy-aware auth limits 2026-02-12 19:43:49 +01:00
tototomate123 da131834ce add production stuff 2026-02-12 19:22:40 +01:00
tototomate123 08d2165a70 fix(dashboard): normalize route id params for express 5 typings 2026-02-12 19:10:41 +01:00
Zimeng Xiong 2cbd11cf0d fix impersonation issues 2026-02-10 22:45:00 -08:00
Zimeng Xiong 1c71a08bbe Plan OIDC integration and audit 2026-02-10 14:45:34 -08:00
Zimeng Xiong bb028ef2db fix csrf token hardset, remove cookie from localstorage 2026-02-10 13:16:04 -08:00
Zimeng Xiong 70103e18fb sign CSRF with cookie, Login rate-limit key hardened against identifier-only lockout 2026-02-07 18:52:00 -08:00
Zimeng Xiong fd013de325 add tests on refactor 2026-02-07 18:03:05 -08:00
Zimeng Xiong 6bee0e2ded refactor index.ts 2026-02-07 17:47:41 -08:00
Zimeng Xiong 35bbbb9599 images in preview 2026-02-07 17:21:58 -08:00
Zimeng Xiong 2aa749a2f0 prevent preview updates from overwriting drawings 2026-02-07 15:51:35 -08:00
Zimeng Xiong 02736d663a chore: pre-release v0.4.6-dev 2026-02-07 12:46:00 -08:00
Zimeng Xiong de254d46f2 concurrency 2026-02-07 12:45:33 -08:00
Zimeng Xiong dd0f381ed1 chore: pre-release v0.4.5-dev 2026-02-07 12:09:21 -08:00
Zimeng Xiong c40a5f46a0 fix colliding drawing IDs 2026-02-07 12:09:02 -08:00
Zimeng Xiong 8fcca43b0d chore: pre-release v0.4.4-dev 2026-02-07 11:58:09 -08:00
Zimeng Xiong a366acfedc chore: pre-release v0.4.3-dev 2026-02-07 11:08:03 -08:00
Zimeng Xiong 2e74d2ad1a chore: pre-release v0.4.2-dev 2026-02-07 10:34:36 -08:00
Zimeng Xiong 173c050f58 fix HTTPS reuqirement when frontend URL is nto HTTPS 2026-02-07 10:31:08 -08:00
Zimeng Xiong 8161a563f0 chore: pre-release v0.4.1-dev 2026-02-07 10:08:27 -08:00
Zimeng Xiong 812f1cbf58 chore: pre-release v0.4.1-dev 2026-02-07 10:01:14 -08:00
Zimeng Xiong 26017fa5d2 fix JWT secret 2026-02-07 10:00:58 -08:00
Zimeng Xiong 06f4c0f537 remove dev dependencies from development containers 2026-02-07 09:27:39 -08:00
Zimeng Xiong bbb23ca661 chore: pre-release v0.4.0-dev 2026-02-07 08:58:51 -08:00
Zimeng Xiong f214e4f7b7 Ensure non multi-user flow stays 2026-02-06 23:05:23 -08:00
Zimeng Xiong 7aa33a1bdf graph QL 2026-02-06 22:49:21 -08:00
Zimeng Xiong ea06cd9175 fix graphQL 2026-02-06 22:35:17 -08:00
Zimeng Xiong 734f0a292d fix graphQL 2026-02-06 22:28:36 -08:00
Zimeng Xiong 08135ee36a fix test failures, new export/backup solutions 2026-02-06 22:21:19 -08:00
Zimeng Xiong f462b2e288 minor UI fixes 2026-02-06 21:18:10 -08:00
Zimeng Xiong 01fda32bcd test(import): add legacy import compatibility coverage 2026-02-06 14:54:02 -08:00
copilot-swe-agent[bot] 94694deb91 fix: address code review feedback - add error handling and fix import style 
Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
 2026-02-06 14:52:47 -08:00
copilot-swe-agent[bot] ef75f9ebdf test: add user data sandboxing security tests 
Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
 2026-02-06 14:52:47 -08:00
copilot-swe-agent[bot] 5e782e4044 fix: scope drawings cache by userId and add Socket.io authentication 
Security fixes:
1. Drawings cache now includes userId in cache key to prevent data leakage
   between users making identical queries.
2. Socket.io connections now require JWT authentication when auth is enabled.
3. Socket.io join-room verifies drawing ownership before allowing access.
4. Frontend passes auth token when connecting to Socket.io.

Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
 2026-02-06 14:52:47 -08:00
Zimeng Xiong 0253ebb6b8 admin dashboard 2026-02-06 14:27:24 -08:00
Zimeng Xiong 1e617025df Add admin password reset flow 2026-02-06 14:11:13 -08:00
Zimeng Xiong e4941ad77f fix(dev): avoid native deps in predev migrate 2026-02-06 09:56:45 -08:00
Zimeng Xiong 2e370f9821 fix(dev): reset legacy dev.db and apply migrations 2026-02-06 09:54:13 -08:00
Zimeng Xiong b075a0cf9e fix(dev): avoid auth redirect when backend/schema missing 2026-02-06 09:50:27 -08:00
Zimeng Xiong 7977a3eb09 feat(auth): default to single-user mode with enable toggle 2026-02-06 09:45:38 -08:00
Zimeng Xiong 40a645b823 chore(deps): apply dependabot updates 2026-02-06 09:22:23 -08:00
Zimeng Xiong d68fe6a2c0 fix(auth): stabilize refresh expiry and frontend URL handling 2026-02-06 09:17:24 -08:00
Zimeng Xiong 7a54123e93 fix(export): include excalidraw source/version metadata 2026-02-06 00:26:31 -08:00
Zimeng Xiong 75a1f11a96 feat(auth): consolidate multi-user auth and admin controls 2026-02-06 00:25:13 -08:00
Zimeng Xiong 700e153740 merge: pull PR48 auth and UX into pre-release 2026-02-05 23:25:56 -08:00
Zimeng Xiong fd3b97225f merge: bring main into pre-release 2026-02-05 23:20:06 -08:00
Zimeng Xiong b6d0150d44 chore: release v0.3.2 2026-02-01 16:06:19 -08:00