starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-12-10 01:10:33 +03:00
Code Issues 418 Packages Projects Releases 12 Wiki Activity
969 Commits 2 Branches 48 Tags
master
Commit Graph

102 Commits

Author SHA1 Message Date
dependabot[bot]
d472da7523 build(deps): Bump jws from 3.2.2 to 3.2.3 in /server (#1449) 
Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3)

---
updated-dependencies:
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-04 18:16:18 +01:00
Maksim Eltyshev
f030b78f82 feat: Add object-path support to OIDC attribute mapping 
Closes #1359
 2025-12-04 17:38:39 +01:00
dependabot[bot]
b94759d399 build(deps): Bump nodemailer from 7.0.10 to 7.0.11 in /server (#1448) 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 7.0.10 to 7.0.11.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v7.0.10...v7.0.11)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 7.0.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-04 16:23:31 +01:00
Maksim Eltyshev
fedee157c7 build: Refine server build steps 2025-11-28 17:45:31 +01:00
Maksim Eltyshev
bf2ab4649e fix: Create isolated i18n instances to prevent locale collision 2025-11-27 18:28:25 +01:00
Maksim Eltyshev
7be2343076 chore: Add Swagger generation script 2025-11-25 22:08:37 +01:00
Maksim Eltyshev
197ebc16db chore: Bump package lock files 2025-11-24 19:48:30 +01:00
Maksim Eltyshev
5c787d65a9 fix: Properly prevent shortcut events, update dependencies 
Closes #1440
 2025-11-24 19:21:07 +01:00
dependabot[bot]
4ed0f02657 build(deps-dev): Bump js-yaml from 4.1.0 to 4.1.1 in /server (#1429) 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-18 21:11:08 +01:00
dependabot[bot]
f5000e8c40 build(deps): Bump validator from 13.15.15 to 13.15.20 in /server (#1402) 
Bumps [validator](https://github.com/validatorjs/validator.js) from 13.15.15 to 13.15.20.
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20)

---
updated-dependencies:
- dependency-name: validator
  dependency-version: 13.15.20
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-31 12:53:41 +01:00
dependabot[bot]
1df346d590 build(deps): Bump tmp and patch-package in /server (#1376) 
Bumps [tmp](https://github.com/raszi/node-tmp) to 0.2.5 and updates ancestor dependency [patch-package](https://github.com/ds300/patch-package). These dependencies need to be updated together.


Updates `tmp` from 0.0.33 to 0.2.5
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.0.33...v0.2.5)

Updates `patch-package` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/ds300/patch-package/releases)
- [Changelog](https://github.com/ds300/patch-package/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ds300/patch-package/commits)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.5
  dependency-type: indirect
- dependency-name: patch-package
  dependency-version: 8.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-10 12:54:03 +02:00
dependabot[bot]
35f33a38ff build(deps): Bump nodemailer from 6.10.1 to 7.0.7 in /server (#1371) 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 6.10.1 to 7.0.7.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v6.10.1...v7.0.7)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 7.0.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-10 12:50:12 +02:00
Maksim Eltyshev
4d77a1f596 feat: Track storage usage 2025-08-23 00:03:20 +02:00
Maksim Eltyshev
bb40a22563 chore: Update dependencies 2025-08-20 13:10:16 +02:00
Luis Chacón
cbb00d1d59 feat: Add OAuth callback support for OIDC (#1290) 
Closes #593, closes #690, closes #1289
 2025-08-09 18:58:55 +02:00
Maksim Eltyshev
e2a9b30f46 feat: Parse dates as UTC without relying on TZ environment variable 
Closes #1266
 2025-07-25 11:23:20 +02:00
dependabot[bot]
df023439c1 build(deps-dev): Bump form-data from 4.0.3 to 4.0.4 in /server (#1264) 
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 14:45:45 +02:00
Maksim Eltyshev
e58a9f5d21 chore: Update dependencies 2025-06-30 12:43:06 +02:00
Maksim Eltyshev
04b97b66cb chore: Update dependencies 2025-06-03 13:02:16 +02:00
Maksim Eltyshev
2ee1166747 feat: Version 2 
Closes #627, closes #1047
 2025-05-10 02:09:06 +02:00
dependabot[bot]
faf6e809a6 chore(deps): Bump path-to-regexp and @sailshq/router in /server (#1096) 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [@sailshq/router](https://github.com/sailshq/router). These dependencies needed to be updated together.

Updates `path-to-regexp` from 0.1.11 to 1.9.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v1.9.0)

Updates `@sailshq/router` from 1.3.9 to 1.3.10
- [Changelog](https://github.com/sailshq/router/blob/master/HISTORY.md)
- [Commits](https://github.com/sailshq/router/compare/v1.3.9...v1.3.10)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 1.9.0
  dependency-type: indirect
- dependency-name: "@sailshq/router"
  dependency-version: 1.3.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 01:15:16 +02:00
dependabot[bot]
ad48121b2f chore(deps): Bump cookie and sails-hook-sockets in /server (#1093) 
Bumps [cookie](https://github.com/jshttp/cookie) to 0.7.2 and updates ancestor dependency [sails-hook-sockets](https://github.com/balderdashy/sails-hook-sockets). These dependencies need to be updated together.


Updates `cookie` from 0.4.2 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](https://github.com/jshttp/cookie/compare/v0.4.2...v0.7.2)

Updates `sails-hook-sockets` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/balderdashy/sails-hook-sockets/releases)
- [Changelog](https://github.com/balderdashy/sails-hook-sockets/blob/master/CHANGELOG.md)
- [Commits](https://github.com/balderdashy/sails-hook-sockets/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: cookie
  dependency-version: 0.7.2
  dependency-type: indirect
- dependency-name: sails-hook-sockets
  dependency-version: 3.0.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 01:14:48 +02:00
dependabot[bot]
a01071b4fa chore(deps): Bump path-to-regexp and sails in /server (#1012) 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 1.9.0 and updates ancestor dependency [sails](https://github.com/balderdashy/sails). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.11 to 1.9.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v1.9.0)

Updates `sails` from 1.5.13 to 1.5.14
- [Release notes](https://github.com/balderdashy/sails/releases)
- [Changelog](https://github.com/balderdashy/sails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/balderdashy/sails/compare/v1.5.13...v1.5.14)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: sails
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-13 16:20:13 +01:00
dependabot[bot]
9a88051860 chore(deps): Bump cross-spawn and sails-generate in /server (#964) 
Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [sails-generate](https://github.com/balderdashy/sails-generate). These dependencies needed to be updated together.

Updates `cross-spawn` from 4.0.2 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/4.0.2...v7.0.6)

Updates `sails-generate` from 2.0.12 to 2.0.13
- [Release notes](https://github.com/balderdashy/sails-generate/releases)
- [Commits](https://github.com/balderdashy/sails-generate/compare/v2.0.12...v2.0.13)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
- dependency-name: sails-generate
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-28 11:21:16 +01:00
Maksim Eltyshev
e243e15043 chore: Update dependencies 2024-11-22 17:13:17 +01:00
Maksim Eltyshev
97f4c0ab0d fix: Secure S3 attachments, bump SDK, refactoring 
Closes #673
 2024-11-12 15:58:22 +01:00
Nguyễn Hải Quang
f20a3d50f5 feat: Add S3 support for uploads (#938) 2024-11-11 14:59:18 +01:00
Maksim Eltyshev
13e0dde728 chore: Bump sails version 2024-10-22 21:00:37 +02:00
Maksim Eltyshev
e75a17b0da chore: Update version 2024-09-20 20:41:54 +02:00
Matthew Stickney
37fc7847e8 feat: Configurable file storage locations (#886) 
* feat: Make logfile location customizable

It may be desirable to log to a more standard location (e.g. in /var/log/),
or in some cases to turn logging to file off. To support these, use a
custom config property to determine the location of the output log file,
and default to the previous location if it is unset.

* feat: Support alternate storage locations for uploaded files

This involves a couple primary changes:
1) to make Sails' temporary file-upload directory a configurable location
   by using a common file-upload-receiving helper;
2) to create custom static routes for the file-upload locations, so they
   can be outside the application's public directory; and
3) to use the file-uploading handler everywhere that receives files, so
   config for the helper is applied to all file uploads consistently.

This is sufficient to allow the application directory to be deployed read-
only, with writable storage used for file uploads. The new config property
for Sails' temporary upload directory, combined with the existing settings
for user-avatar and background-image locations are sufficient to handle
uploads; the new custom routes handle serving those files from external
locations.

The default behavior of the application should be unchanged, with files
uploaded to, and served from, the public directory if the relevant
config properties aren't set to other values.
 2024-09-20 20:29:11 +02:00
Maksim Eltyshev
c43f828af4 chore: Update version 2024-09-16 21:21:30 +02:00
Maksim Eltyshev
4fb60e8c8e chore: Bump express and related dependencies 2024-09-16 13:26:29 +02:00
Maksim Eltyshev
cefc3d66eb chore: Update dependencies 2024-09-16 12:04:56 +02:00
Maksim Eltyshev
e7b3612c2e fix: Preserve extension for attachments with long filename 
Closes #77
 2024-09-16 00:45:53 +02:00
dependabot[bot]
3f158ff5fe chore(deps): Bump ws, engine.io and socket.io-adapter in /server (#830) 
Bumps [ws](https://github.com/websockets/ws), [engine.io](https://github.com/socketio/engine.io) and [socket.io-adapter](https://github.com/socketio/socket.io-adapter). These dependencies needed to be updated together.

Updates `ws` from 8.11.0 to 8.17.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/8.11.0...8.17.1)

Updates `engine.io` from 6.5.4 to 6.5.5
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/6.5.5/CHANGELOG.md)
- [Commits](https://github.com/socketio/engine.io/compare/6.5.4...6.5.5)

Updates `socket.io-adapter` from 2.5.4 to 2.5.5
- [Release notes](https://github.com/socketio/socket.io-adapter/releases)
- [Changelog](https://github.com/socketio/socket.io-adapter/blob/2.5.5/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io-adapter/compare/2.5.4...2.5.5)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
- dependency-name: engine.io
  dependency-type: indirect
- dependency-name: socket.io-adapter
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-21 19:42:36 +02:00
Maksim Eltyshev
052ead4bad chore: Update dependencies 2024-06-02 01:34:03 +02:00
Maksim Eltyshev
52fb86f9e9 chore: Update dependencies 
Closes #726
 2024-04-23 15:45:47 +02:00
Edouard
e14ae09e47 feat: SMTP integration and email notifications (#631) 2024-03-22 00:14:09 +01:00
Maksim Eltyshev
50e580b921 fix: Fix images becoming black and white when resizing 
Closes #574, closes #585
 2024-01-18 10:58:26 +01:00
Maksim Eltyshev
3bc9507f2f chore: Bump sharp version 2024-01-03 13:59:14 +05:00
Maksim Eltyshev
0af96a21c8 build: Stop using base image 2023-12-01 18:02:19 +01:00
Maksim Eltyshev
22aa3c4adf chore: Update dependencies 2023-11-17 14:34:10 +01:00
Lorenz Brun
9011ee61da feat: Improve OIDC SSO (#524) 
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.

It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.

It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.

It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.

By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.

Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.

This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

[1] rfc-editor.org/rfc/rfc6749#section-5.1
 2023-10-19 17:39:21 +05:00
Maksim Eltyshev
afe83d2760 chore: Bump sails version 2023-10-17 19:23:09 +02:00
gorrilla10101
6941500c7b feat: OIDC with PKCE flow (#491) 2023-09-04 20:06:59 +05:00
dependabot[bot]
d510708e66 chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /server (#369) 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 02:23:01 +05:00
dependabot[bot]
bf8980ce34 chore(deps): Bump jsonwebtoken from 8.5.1 to 9.0.0 in /server (#357) 
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 02:20:25 +05:00
Maksim Eltyshev
fa8afd7b6e chore: Update dependencies 2022-11-21 00:54:05 +01:00
Rafly Maulana
14434b81fe meta: Share global eslint config, move prettier config (#339) 2022-11-21 00:22:01 +05:00
Maksim Eltyshev
d0283aa89c fix: Use password strength estimator 
Closes #294
 2022-09-03 22:47:06 +05:00