github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 8c85ea3644 fix: restrict trip listing and access to own/shared trips only (#250) Maurice 2026-04-01 09:29:28 +02:00
  • 19350fbc3e fix: point upgraders to ./data/.jwt_secret in ENCRYPTION_KEY error and docs jubnl 2026-04-01 08:43:10 +02:00
  • 358afd2428 fix: require ENCRYPTION_KEY at startup instead of auto-generating jubnl 2026-04-01 08:38:02 +02:00
  • 7a314a92b1 fix: add SSRF protection for link preview and Immich URL jubnl 2026-04-01 07:53:46 +02:00
  • e03505dca2 fix: enforce consistent password policy across all auth flows jubnl 2026-04-01 07:02:53 +02:00
  • ce8d498f2d fix: add independent rate limiter for MFA verification endpoints jubnl 2026-04-01 06:47:20 +02:00
  • b109c1340a fix: prevent ICS header injection in calendar export jubnl 2026-04-01 06:43:01 +02:00
  • e10f6bf9af fix: remove JWT_SECRET env var — server manages it exclusively jubnl 2026-04-01 06:38:38 +02:00
  • 6f5550dc50 fix: decouple at-rest encryption from JWT_SECRET, add JWT rotation jubnl 2026-04-01 06:31:45 +02:00
  • dfdd473eca fix: validate uploaded backup DB before restore jubnl 2026-04-01 05:54:03 +02:00
  • b515880adb fix: encrypt Immich API key at rest using AES-256-GCM jubnl 2026-04-01 05:50:28 +02:00
  • 78695b4e03 fix: replace JWT tokens in URL query params with short-lived ephemeral tokens jubnl 2026-04-01 05:42:27 +02:00
  • 0ee53e7b38 fix: prevent OIDC redirect URI construction from untrusted X-Forwarded-Host jubnl 2026-04-01 04:36:27 +02:00
  • 1b28bd96d4 fix: encrypt SMTP password at rest using AES-256-GCM jubnl 2026-04-01 04:33:17 +02:00
  • bba50f038b fix: encrypt OIDC client secret at rest using AES-256-GCM jubnl 2026-04-01 04:27:50 +02:00
  • 701a8ab03a fix: route db helper functions through the null-safe proxy jubnl 2026-04-01 04:22:57 +02:00
  • ccb5f9df1f fix: wrap each migration in a transaction and surface swallowed errors jubnl 2026-04-01 04:19:52 +02:00
  • c9341eda3f fix: remove RCE vector from admin update endpoint. jubnl 2026-04-01 04:09:09 +02:00
  • fb2e8d8209 fix: keep marker tooltip visible on touch devices when selected Maurice 2026-04-01 00:11:06 +02:00
  • 27fb9246e6 Merge pull request #238 from slashwarm/feat/permissions-admin-panel Maurice 2026-04-01 00:05:14 +02:00
  • 9a2c7c5db6 fix: address PR review feedback Gérnyi Márk 2026-03-31 23:56:19 +02:00
  • d1ad5da919 fix: tighten trip_edit and member_manage defaults to trip_owner Gérnyi Márk 2026-03-31 23:52:29 +02:00
  • 1fbc19ad4f fix: add missing permission checks to file routes and map context menu Gérnyi Márk 2026-03-31 23:45:11 +02:00
  • 23edfe3dfc fix: harden permissions system after code review Gérnyi Márk 2026-03-31 23:33:27 +02:00
  • 1ff8546484 fix: i18n chat reply/delete titles, gate collab category settings Gérnyi Márk 2026-03-31 23:15:43 +02:00
  • 6d18d5ed2d fix: gate collab notes category settings button with collab_edit Gérnyi Márk 2026-03-31 23:05:51 +02:00
  • 6d5067247c refactor: remove dead isAdmin prop from dashboard cards Gérnyi Márk 2026-03-31 23:02:43 +02:00
  • 5e05bcd0db Revert "fix: change trip_edit to trip_owner" Gérnyi Márk 2026-03-31 22:35:00 +02:00
  • 5f71b85c06 feat: add client-side permission gating to all write-action UIs Gérnyi Márk 2026-03-31 22:06:52 +02:00
  • d74133745a chore: update package-lock.json and .gitignore Gérnyi Márk 2026-03-31 21:57:17 +02:00
  • eee2bbe47a fix: change trip_edit to trip_owner Gérnyi Márk 2026-03-31 21:47:30 +02:00
  • c1bce755ca refactor: dedupe database requests Gérnyi Márk 2026-03-31 21:47:10 +02:00
  • 015be3d53a fix: incorrect hook order Gérnyi Márk 2026-03-31 20:53:08 +02:00
  • 7d3b37a2a3 feat: add configurable permissions system with admin panel Gérnyi Márk 2026-03-31 20:30:12 +02:00
  • ff1c1ed56a Merge branch 'dev' of https://github.com/mauriceboe/TREK into dev Maurice 2026-03-31 23:18:12 +02:00
  • d5674e9a11 fix: archive restore/delete buttons not visible in dark mode Maurice 2026-03-31 23:18:04 +02:00
  • 7eabe65bcf Merge pull request #240 from Summerfeeling/feat/more-currencies Maurice 2026-03-31 23:12:32 +02:00
  • 3444e3f446 Merge branch 'perf-test' of https://github.com/jubnl/TREK into dev Maurice 2026-03-31 23:10:02 +02:00
  • 9e3ac1e490 fix: increase max trip duration from 90 to 365 days Maurice 2026-03-31 22:58:27 +02:00
  • c38e70e244 fix: toggle switches not reflecting state in admin settings Maurice 2026-03-31 22:49:31 +02:00
  • ce7215341f fix: 12h time format input and display in bookings Maurice 2026-03-31 22:40:59 +02:00
  • 4733955531 fix: render Lucide category icons on map markers instead of text/emoji Maurice 2026-03-31 22:35:43 +02:00
  • 36267de117 fix: bag modal cut off on small screens Maurice 2026-03-31 22:23:44 +02:00
  • cd13399da5 fix: show selected map template in settings dropdown Maurice 2026-03-31 22:18:42 +02:00
  • 36cd2feca5 fix: use Nominatim reverse geocoding for accurate country detection in atlas Maurice 2026-03-31 21:58:20 +02:00
  • fbe3b5b17e Merge pull request #225 from andreibrebene/improvements/various-improvements Maurice 2026-03-31 21:40:26 +02:00
  • 10107ecf31 fix: require auth for file downloads, localize atlas search, use flag images Maurice 2026-03-31 21:38:16 +02:00
  • 94d698e39f docs: simplify README docker-compose example to essential env vars only Andrei Brebene 2026-03-31 17:00:15 +03:00
  • 6c88a01123 docs: document all env vars and remove SMTP/webhook from docker config Andrei Brebene 2026-03-31 16:59:11 +03:00
  • 75af89de30 docs: remove SMTP and webhook env vars (configured via Admin UI only) Andrei Brebene 2026-03-31 16:48:56 +03:00
  • ed8518aca4 docs: document all environment variables in docker-compose, .env.example, and README Andrei Brebene 2026-03-31 16:45:20 +03:00
  • 7522f396e7 feat: configurable trip reminders, admin full access, and enhanced audit logging Andrei Brebene 2026-03-31 16:42:37 +03:00
  • 9b2f083e4b feat: notifications, audit logging, and admin improvements Andrei Brebene 2026-03-31 15:01:33 +03:00
  • 9a949d7391 Performance on trip planner (Maybe ?) jubnl 2026-03-31 21:13:29 +02:00
  • 13904fb702 feat: added all supported currencies from exchangerate-api (#229) Summerfeeling | Timo 2026-03-31 21:04:59 +02:00
  • f7160e6dec Merge pull request #179 from shanelord01/audit/remediation-clean Maurice 2026-03-31 20:53:48 +02:00
  • 1983691950 Merge branch 'feat/add-searchbar-in-atlas' of https://github.com/Akashic101/NOMAD into dev Maurice 2026-03-31 20:29:23 +02:00
  • 6866644d0c Merge pull request #189 from M-Enderle/feat/gpx-full-route-import Maurice 2026-03-31 20:17:22 +02:00
  • b120aabaa3 Merge pull request #191 from M-Enderle/feat/mcp-improvements Maurice 2026-03-31 20:16:04 +02:00
  • 1d442c1d7a Merge pull request #182 from BKSalman/mobile-fixes Maurice 2026-03-31 20:14:30 +02:00
  • 9a0294360c Merge pull request #181 from BKSalman/accom-fix Maurice 2026-03-31 20:10:42 +02:00
  • 9de0c5b051 Merge remote-tracking branch 'origin/dev' into asteriskyg/main Maurice 2026-03-31 20:08:42 +02:00
  • 9e9b86f1b4 Merge branch 'fix/encrypt-api-keys' of https://github.com/Akashic101/NOMAD into dev Maurice 2026-03-31 20:03:55 +02:00
  • 8ff5ec486f Merge branch 'main' into feat/add-searchbar-in-atlas David Moll 2026-03-31 12:31:14 +02:00
  • 5576339bcc feat(atlas): add searchbar David Moll 2026-03-31 12:27:13 +02:00
  • e668e80f1c feat: add search_place, list_categories tools + fix opening hours in MCP Moritz Enderle 2026-03-31 10:38:29 +02:00
  • 3aaa6e916b feat: adds better gpx track views Moritz Enderle 2026-03-31 00:10:33 +02:00
  • ad329eddb9 Merge pull request #176 from jubnl/main Maurice 2026-03-31 10:00:37 +02:00
  • 990e804bd3 fix(server): encrypt api keys David Moll 2026-03-31 09:00:35 +02:00
  • 299e26bebe make day plan side bar icons more readable Salman Abuhaimed 2026-03-31 06:13:31 +03:00
  • 96b6d7d81f fix: note modal hidden behind mobile sidebar due to z-index Salman Abuhaimed 2026-03-31 06:01:41 +03:00
  • 27d5c3400c fix: update dayAccommodations state after create/edit/delete Salman Abuhaimed 2026-03-31 05:51:09 +03:00
  • bb9c0c9b68 fix: day details on mobile not showing Salman Abuhaimed 2026-03-31 05:44:59 +03:00
  • 483190e7c1 fix: XSS in GitHubPanel markdown renderer and RouteCalculator profile bug Claude 2026-03-30 23:42:40 +00:00
  • c89ff8b551 fix: critical Immich SSRF and API key exposure vulnerabilities Claude 2026-03-30 23:39:42 +00:00
  • 63232e56a3 fix: prevent OIDC token data leaking to logs, update audit findings Claude 2026-03-30 23:36:29 +00:00
  • 643504d89b fix: infrastructure hardening and documentation improvements Claude 2026-03-30 23:35:12 +00:00
  • 2288f9d2fc fix: harden PWA caching and client-side auth security Claude 2026-03-30 23:35:05 +00:00
  • 804c2586a9 fix: tighten CSP, fix API key exposure, improve error handling Claude 2026-03-30 23:34:55 +00:00
  • fedd559fd6 fix: pin JWT algorithm to HS256 and harden token security Claude 2026-03-30 23:34:47 +00:00
  • 5f07bdaaf1 docs: add comprehensive security and code quality audit findings Claude 2026-03-30 23:34:37 +00:00
  • fb643a1ade fix: stop drop event bubbling causing duplicate place assignment jubnl 2026-03-31 01:32:20 +02:00
  • 069fd99341 Merge branch 'pr-169' Maurice 2026-03-30 23:46:32 +02:00
  • 3dc760484a Merge pull request #166 from fgbona/feat/#155 Maurice 2026-03-30 23:42:45 +02:00
  • 13580ea5fb Merge branch 'main' into feat/#155 Fernando Bona 2026-03-30 18:36:18 -03:00
  • aa5dd1abc6 Merge branch 'main' into fix/mfa-backup-codes Fernando Bona 2026-03-30 18:27:46 -03:00
  • de444bf770 fix(mfa-backup-codes): persist backup codes panel after enable and refresh fgbona 2026-03-30 18:22:45 -03:00
  • 821f71ac28 fix: add MCP translation keys for cs, hu, it languages Maurice 2026-03-30 23:14:05 +02:00
  • faebc62917 Merge branch 'pr-125' Maurice 2026-03-30 23:10:34 +02:00
  • 41e572445c Merge branch 'main' into feat/#155 Fernando Bona 2026-03-30 17:52:07 -03:00
  • 66f5ea50c5 feat(require-mfa): #155 enforce MFA via admin policy toggle across app access fgbona 2026-03-30 17:42:40 -03:00
  • ce4b8088ec fix: force light mode on shared trip page Maurice 2026-03-30 22:32:58 +02:00
  • b1138eb9db fix: shared page language redirect + skip TLS for self-signed certs — closes #163 #164 Maurice 2026-03-30 22:26:09 +02:00
  • 8412f303dd fix: Dockerfile volume permissions — fix SQLITE_READONLY on upgrade Maurice 2026-03-30 21:38:28 +02:00
  • 7272e0bbfd chore: bump version to 2.7.1 Maurice 2026-03-30 21:25:35 +02:00
  • c7eaf3aa79 feat: add Italian, Czech, Hungarian + sync all 12 languages Maurice 2026-03-30 21:22:53 +02:00
  • deef5e6b81 Merge branch 'pr-130' into dev Maurice 2026-03-30 21:02:32 +02:00
  • 6d72006b28 Merge branch 'pr-158' into dev Maurice 2026-03-30 21:02:18 +02:00
  • 26c1676cdd revert: remove auth from file uploads — breaks img/pdf rendering in browser Maurice 2026-03-30 20:56:56 +02:00
  • 4ddfa92c14 security: require auth for file and photo uploads Maurice 2026-03-30 20:51:38 +02:00