517 Commits

Author SHA1 Message Date
oxmc f660708962 chore: bump nodemailer v6 -> v9 (resolves high-severity advisories)
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
createTransport()/sendMail() callback API unchanged between majors - smoke
tested the transport directly (confirmed correct error type, not an API
shape error) since the test suite doesn't exercise the email-sending path
(EMAIL_VERIFICATION off in tests). Full build + 179-test suite still pass.

3 unique vulnerable packages remain (aws-sdk's own advisory + its nested
uuid, vite/esbuild dev-server issue needing a major v5->v8 bump) - left
deliberately, all lower practical risk or need a dedicated upgrade pass.
2026-07-05 06:22:11 -07:00
oxmc eb21092f46 chore: resolve remaining audit vulnerabilities (uuid, @types/request, brace-expansion)
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
- Removed @types/request (unused devDependency, no "request" import anywhere
  in the codebase) - it was the actual source of the critical form-data
  vulnerability via its own outdated nested dependency.
- Bumped uuid v3 -> v11 (patched version) across all 8 call sites, migrating
  from the old default-import "uuid.v4()"/"uuid()" style to the named-export
  "v4 as uuidv4" style the new major requires. Tried v14 first - it broke the
  Jest test suite entirely (ships ESM-only, Node's CJS require() choked on
  it) - v11 is the oldest patched version that still works under Jest/CJS.
  Removed 2 more unused "import uuid" lines with no actual usage.
- Picked up brace-expansion via a follow-up non-breaking npm audit fix.

Verified full build (frontend+backend) and full test suite (179 tests)
after each step. 45 -> 4 unique vulnerable packages remaining: aws-sdk
(its own advisory, "fix" would downgrade it - not worth it), aws-sdk's
own nested uuid (same reason), esbuild/vite (major version bump to vite 8,
needs its own dedicated upgrade pass), and nodemailer (breaking API change,
only exercised when EMAIL_VERIFICATION is enabled) - all left for a
deliberate separate decision rather than forced through here.
2026-07-05 06:16:19 -07:00
oxmc e4cc93220f chore: npm audit fix - resolve 38 of 45 dependency vulnerabilities
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
Non-breaking transitive dependency bumps only (npm audit fix, no --force).
Verified build (frontend+backend) and full test suite (179 tests) still pass.

Remaining 7 (vite/esbuild, form-data, nodemailer, uuid) all require
--force major version bumps that could break existing code - left for a
deliberate separate decision rather than bundled in here.
2026-07-05 06:05:19 -07:00
oxmc 5d0196c057 fix: dark mode contrast bugs missed by the initial class sweep
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
Two whole categories of colored elements had no dark: variant at all,
so they rendered as glaring white boxes or invisible near-black text
against the dark background:

- Native <input>/<select> elements with no explicit bg-* class at all
  (just relied on the browser's default white background) - search bar,
  login/reset password fields, share/download link fields, mover search,
  change-password fields. The first class-sweep only added dark: variants
  next to *existing* color classes, so these were invisible to it.

- Hardcoded hex colors (text-[#212b36], text-[#637381], text-[#919eab],
  bg-[#f6f5fd], bg-[#ebe9f9], bg-[#F4F4F6]) used as arbitrary Tailwind
  values across headings, file list details, and the login/reset pages -
  same blind spot, since the sweep only searched for known class names.

Mapped each to the same dark palette already used elsewhere (gray-900/800/700
surfaces, gray-100/300/400 text) for consistency.
2026-07-05 06:01:04 -07:00
oxmc c177785026 chore: commit package-lock.json for reproducible installs
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
Was gitignored, so npm install (including inside the Docker build) floated
to whatever versions were latest at install time - which is exactly what
caused the moveMultipleFiles build failure last commit. Locking versions
so CI/Docker/local all resolve the same dependency tree.
2026-07-05 05:27:37 -07:00
oxmc 19e38dade4 fix: remove invalid updateMany option in moveMultipleFiles
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
{ new: true } only applies to findOneAndUpdate, not updateMany - it was
always a silent no-op here. Harmless until a stricter mongoose/mongodb
type resolution (no lockfile is committed, so installs float) rejected
it outright, breaking `npm run build` inside the Docker image.
2026-07-05 05:25:55 -07:00
oxmc 22af2caec7 feat: default to SQLite engine, disable Mongo service by default in compose
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
Mongo services in both compose files are now commented out (with instructions
to re-enable) since DB_ENGINE now defaults to sqlite - no separate database
container required out of the box. db-data volume is mounted into the app
service (not just mongo) so it can hold the SQLite file too.

Also fixes a require-order bug in tests/utils/express-app.js: routers were
required (eagerly instantiating DB singletons via dbFactory) before the test
env file was loaded, so DB_ENGINE from .env.test was silently never applied -
it only worked before because the old hardcoded default happened to be mongo.
2026-07-05 04:48:54 -07:00
oxmc ecc340e7b1 feat: add dark mode UI and SQLite as alternate database backend
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
Dark mode: CSS custom properties + .dark class toggled via Redux/localStorage,
with a theme toggle in the Header and Settings page. Foundation didn't exist
yet despite prior assumption, so it was built from scratch.

SQLite: new DB_ENGINE=mongo|sqlite env var selects the metadata backend at
runtime (Mongo stays default, no behavior change unless opted in). File/thumbnail
bytes continue to use the existing fs/S3 storage path. Implemented via a shared
DB interface (dbTypes.ts) with parallel mongoDB/ and sqliteDB/ implementations,
selected through dbFactory.ts, with JWT/encryption logic extracted into
userCrypto.ts so both engines share it.
2026-07-05 04:18:33 -07:00
Konrad Gadzina bae5dbbd53 Fix nested folders upload (#90) 2025-03-08 20:25:56 -05:00
subnub 081a2bf416 fixed share download (#86) 2025-03-05 23:58:49 -05:00
subnub ceb0866174 fix: removed unneeded package that was also causing build issues 2025-03-01 17:34:35 -05:00
Ayush Sehrawat b82c3665a1 feat(docker): add MongoDB and improve setup instructions (#82)
* feat(docker): add MongoDB and improve setup instructions

* fix: reduce docker image size and other minor improvements

* fix: reduce docker image size and other minor improvements

* docs: update README for correct env file naming

* feat(docker): add environment variables and enhance Docker instructions

* docs: update README structure and enhance installation instructions

* docs: update README to clarify requirements for Docker and non-Docker setups

* docs: update README to improve Docker instructions and formatting

* docs: update code blocks in README to use shell syntax highlighting

* docs: refine installation steps and environment variable instructions

* docs: enhance README formatting for Docker instructions

* docs: correct formatting for environment variable examples in README

* docs: enhance README with badges and improved formatting

* docs: improve Docker instructions and formatting in README

* docs: update README to use figure elements for image captions

* docs: update README to replace figure elements with markdown images

* docs: update README to use shell syntax highlighting for code blocks

* docs: fix typo in README for environment file renaming step
2025-03-01 17:27:32 -05:00
subnub fc48827338 feat: Add block account creation (#80) 2025-03-01 03:07:19 -05:00
github-actions[bot] 960ab2c0b2 chore(master): release 4.0.2 (#79)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-03-01 02:59:07 -05:00
subnub c145b7526b chore: release 4.0.2
Release-As: 4.0.2
2025-03-01 02:53:14 -05:00
Ayush Sehrawat 22939cf21d feat: add docker (#77) 2025-03-01 02:44:33 -05:00
Ayush Sehrawat 1e1f7c8faa chore: one 2025-03-01 02:19:21 -05:00
subnub dfe5ac85ad Merge pull request #75 from AyushSehrawat/docker-setup
chore: Add docker image workflow and release-please
2025-03-01 01:54:07 -05:00
Ayush Sehrawat 18c2764abd chore: update Docker configurations and add test compose file 2025-03-01 06:47:11 +00:00
Ayush Sehrawat d2b6520711 chore: add Docker and GitHub workflow configurations 2025-03-01 06:36:49 +00:00
subnub 8da52410f2 updated readme, removed uneeded docker commands 2025-03-01 00:07:24 -05:00
subnub 520d65ab56 Merge pull request #74 from subnub/mydrive-4.0.1
Mydrive 4.0.1
2025-02-28 23:56:07 -05:00
subnub 22da02506c bumped version number 2025-02-28 23:44:22 -05:00
subnub 3cd3132d18 readme and env example updates 2025-02-28 23:22:57 -05:00
subnub 171377020c more docker updates 2025-02-28 22:43:24 -05:00
subnub a8463ab048 fixed readme for docker hub 2025-02-28 17:41:25 -05:00
kyle hoell 2938d83fd4 added cert path option changes 2025-02-28 15:49:31 -05:00
kyle hoell 7203567fc7 docker fixes 2025-02-28 13:12:34 -05:00
subnub a0539c3624 docker fixes 2025-02-27 22:42:10 -05:00
subnub be66d0096b started docker changes 2025-02-27 21:31:35 -05:00
subnub a1d320349f readme updates 2025-02-26 20:27:47 -05:00
subnub 50d0f7bfd5 more final cleanup 2025-02-26 09:03:35 -05:00
subnub 5bbad0b5ef moved demo up higher on readme 2025-02-25 18:53:42 -05:00
subnub a02cf945ea Merge pull request #69 from subnub/mydrive-4-upgrade
Mydrive 4 upgrade
2025-02-25 18:21:38 -05:00
subnub e0d4473649 readme updated 2025-02-25 18:21:19 -05:00
subnub f0aad6ffb7 readme fixes 2025-02-25 15:30:40 -05:00
subnub cec4b2ec66 updated readme 2025-02-25 14:58:10 -05:00
subnub bb6bbd9078 readme updates 2025-02-25 14:29:28 -05:00
subnub b3609df781 readme updates 2025-02-25 12:22:40 -05:00
subnub 321c232711 updated images and readme 2025-02-25 11:26:00 -05:00
subnub da88212c1f started updating readme 2025-02-25 10:18:03 -05:00
subnub 16a65fa6c5 updated env examples 2025-02-25 09:06:56 -05:00
subnub e29d8ba678 updated example .env 2025-02-24 14:48:35 -05:00
subnub a5ec0ff0c2 added prod docker config 2025-02-24 13:31:27 -05:00
subnub f973ce3d3c made expose ports wow with env variables 2025-02-24 11:43:05 -05:00
subnub 11bed01c50 added dev docker file 2025-02-24 11:29:21 -05:00
subnub 28bcc44ea2 improved reset and change password pages 2025-02-24 09:49:11 -05:00
subnub 56f0fe934f added more user test, improved validation, and added validation to login screen 2025-02-24 02:14:57 -05:00
subnub 1c7315b443 start user tests, improved user error messages 2025-02-24 00:36:43 -05:00
subnub cb28a1ad1c added more folder tests 2025-02-24 00:01:18 -05:00