Commit Graph

14220 Commits

Author SHA1 Message Date
kolaente 7c021dd663 feat(time-tracking): configure the smart-fill start time in settings 2026-06-08 13:54:09 +00:00
kolaente e948b191b0 feat(time-tracking): add the time-tracking view 2026-06-08 13:54:09 +00:00
kolaente 2ef898e89d feat(time-tracking): add the task-detail time-tracking section 2026-06-08 13:54:09 +00:00
kolaente 8febfac742 feat(time-tracking): add the sidebar navigation entry 2026-06-08 13:54:09 +00:00
kolaente 212d891fa1 feat(time-tracking): show a running-elsewhere badge in the header 2026-06-08 13:54:09 +00:00
kolaente 1832d0d3ee feat(time-tracking): add the timer badge 2026-06-08 13:54:09 +00:00
kolaente bb4f19da27 feat(time-tracking): add the time-entry list 2026-06-08 13:54:09 +00:00
kolaente ab8189e927 feat(time-tracking): add the time-entry form 2026-06-08 13:54:09 +00:00
kolaente 8c34676946 feat(time-tracking): extract the smart-fill start computation 2026-06-08 13:54:09 +00:00
kolaente e4b0a487fc feat(date): accept a null modelValue in DatepickerWithRange 2026-06-08 13:54:09 +00:00
kolaente 8839c296a2 feat(date): show the matching preset name on the date-range button 2026-06-08 13:54:09 +00:00
kolaente 27bb80d11a feat(input): add quick-select shortcuts to the Datepicker 2026-06-08 13:54:09 +00:00
kolaente 43d0203358 feat(time-tracking): add the time-tracking store 2026-06-08 13:54:09 +00:00
kolaente 80c21e6f40 feat(time-tracking): add the v2 time-entry service 2026-06-08 13:54:09 +00:00
kolaente 565bf97294 refactor(config): add PRO_FEATURE constants for licensed features 2026-06-08 13:54:09 +00:00
kolaente 4a558fc57a fix(api/v2): expose v2-only token route groups via the routes endpoint 2026-06-08 13:54:09 +00:00
kolaente 74510bb00a fix(api/v2): group time-entries token routes under their own scope 2026-06-08 13:54:09 +00:00
kolaente 2858b8b827 test(time-tracking): cover the v2 time-entry routes 2026-06-08 13:54:09 +00:00
kolaente b8b376c53a test(time-tracking): cover the time_entries model 2026-06-08 13:54:09 +00:00
kolaente aef584c9fa feat(time-tracking): let clients subscribe to timer events 2026-06-08 13:54:09 +00:00
kolaente cf22f08974 feat(time-tracking): broadcast timer changes over websocket 2026-06-08 13:54:09 +00:00
kolaente e197b1912f feat(time-tracking): count tracked time entries per task 2026-06-08 13:54:09 +00:00
kolaente 0c5a0a99ec feat(time-tracking): dispatch time-entry events 2026-06-08 13:54:09 +00:00
kolaente 9454cd3ec5 feat(time-tracking): expose time entries on the v2 API 2026-06-08 13:54:09 +00:00
kolaente 4bd6a6c4f7 feat(time-tracking): filter time entries with the task DSL 2026-06-08 13:54:09 +00:00
kolaente 42795518e9 feat(time-tracking): add the time_entries model 2026-06-08 13:54:09 +00:00
kolaente 26c067cc38 refactor: extract preprocessFilterString from task filter parsing 2026-06-08 13:54:09 +00:00
kolaente 6387d8138a feat(time-tracking): add the time_entries table migration 2026-06-08 13:54:09 +00:00
renovate[bot] 8ff97a61de chore(deps): update dev-dependencies 2026-06-08 07:23:10 +00:00
Weijie Zhao 89ed627800 fix(auth): remove stale OIDC callback lock
The OpenID callback view used a localStorage "authenticating" flag to avoid submitting the same authorization code twice when the route was remounted during an auth layout swap.

That layout swap is now guarded by AUTH_ROUTE_NAMES, so openid.auth stays in the unauthenticated shell until redirectIfSaved() navigates away. The persistent flag can instead get stranded when the page is refreshed, closed, or interrupted during the callback, making future OIDC callbacks silently return before exchanging the code.

Remove the flag so each valid callback URL is processed normally while keeping the existing state validation and TOTP retry handling.
2026-06-08 07:22:54 +00:00
kolaente c2e1b078ce feat(api/v2): add project team shares CRUD on /api/v2 2026-06-07 15:33:20 +00:00
kolaente 627cd0a6f4 docs(api/v2): tag project team share fields for the v2 schema 2026-06-07 15:33:20 +00:00
Frederick [Bot] a2be36b5fe [skip ci] Updated swagger docs 2026-06-07 11:36:48 +00:00
kolaente c2d1e48c8c feat(api/v2): add team members (add/remove/admin-toggle) on /api/v2
The admin-toggle handler delegates to handler.DoUpdate — the same pipeline
v1's UpdateWeb wraps — instead of re-implementing the session/permission/commit
orchestration. TeamMember.Update now carries the persisted row back onto the
receiver so both v1 and v2 responses include id/created.
2026-06-07 10:48:23 +00:00
kolaente ef256273e0 docs(api/v2): annotate TeamMember fields for the v2 schema 2026-06-07 10:48:23 +00:00
kolaente ed4ae0cd43 feat(api/v2): add saved filter CRUD on /api/v2 2026-06-07 10:40:20 +00:00
kolaente a52ee1593a docs(api/v2): tag SavedFilter fields for the v2 schema 2026-06-07 10:40:20 +00:00
kolaente 9cddc137c5 feat(api/v2): add project user shares CRUD on /api/v2 2026-06-07 10:37:59 +00:00
kolaente 2c0608e47b docs(api/v2): tag project user share fields for the v2 schema 2026-06-07 10:37:59 +00:00
kolaente 7158334699 fix(api/v2): return 200 from notifications mark-all (creates nothing) 2026-06-07 10:05:24 +00:00
kolaente 604e5850bc docs: trim wordy comments in v2 notifications 2026-06-07 10:05:24 +00:00
kolaente 1ca5367f27 feat(api/v2): add notifications list/mark-read + mark-all on /api/v2
Ports the v1 DatabaseNotifications routes to the Huma /api/v2 API:
- GET /notifications lists the caller's own notifications (paginated)
- PUT /notifications/{notificationid} marks one (un-)read
- POST /notifications is a custom action marking all as read; the
  link-share guard, session and commit live in the handler since there
  is no CRUDable Do* for a bulk mark.

Adds fixture rows and a webtest matrix mirroring the v1 model behaviour
(own-only visibility, mark-(un)read, link-share refusal on every route).
2026-06-07 10:05:24 +00:00
kolaente 05c9c07e19 docs(api/v2): add doc/readOnly tags to notification model fields 2026-06-07 10:05:24 +00:00
kolaente fb4bca34dd docs: trim wordy comments to load-bearing whys 2026-06-07 09:57:51 +00:00
kolaente 1b47932916 feat(api/v2): add subscribe/unsubscribe on /api/v2
Port the Subscription resource from /api/v1 to the Huma-backed /api/v2:
POST /subscriptions/{entity}/{entityID} subscribes, DELETE unsubscribes.

The {entity} discriminator is bound as a string path param with an
enum:"project,task" tag; the model's CanCreate/CanDelete derive the numeric
EntityType from it and reject unknown kinds. Permissions and the
already-subscribed/forbidden checks come from the shared model via DoCreate/
DoDelete, identical to v1's generic handler. Mark the model's server-controlled
fields readOnly and add doc tags for the v2 schema.
2026-06-07 09:57:51 +00:00
kolaente 67bc3ff4f1 test(api/v2): cover central validation (422, invalid_fields, full-body webhook updates) 2026-06-06 21:09:56 +00:00
kolaente 24188480c4 feat(api/v2): return 422 with invalid_fields for validation errors 2026-06-06 21:09:56 +00:00
kolaente 45e05a5d27 feat(api/v2): enforce validation centrally in the Register wrapper 2026-06-06 21:09:56 +00:00
kolaente 5855ccc1d4 docs(webhooks): version-qualify the events endpoint link in the events field doc
In the v2 OpenAPI context a bare /webhooks/events reads as /api/v2/webhooks/events,
which does not exist — the events listing endpoint lives only on /api/v1. Point the
doc string at the absolute v1 path so v2 clients are not misled.
2026-06-06 19:50:41 +00:00
kolaente aac0322975 refactor(webhooks): mask write-only credentials in the model so create/update never echo them
Webhook.ReadAll already cleared the secret and basic-auth from responses,
but Create and Update did not, so the v2 handler patched the gap with a
maskWebhookCredentials helper. Centralize the masking in the model via a
maskCredentials helper called after every DB write (ReadAll, Create,
Update) and drop the v2 handler helper.

The credentials are client-provided, not server-generated: the DB row
keeps them and outgoing deliveries reload + HMAC-sign from the DB copy,
so clearing the returned in-memory struct is correct write-only handling.

Webhook is a shared model, so v1's create/update responses also stop
echoing the submitted secret/auth — intended, and approved by the
maintainer.
2026-06-06 19:50:41 +00:00