Commit Graph

46 Commits

Author SHA1 Message Date
kolaente 2a10b22c5c fix: use session-aware file creation to avoid nested transactions
files.Create() and files.CreateWithMime() internally create their own
sessions and transactions. When called from within an existing
transaction (now that db.NewSession() auto-begins), this creates nested
transactions that deadlock on SQLite.

Switch to files.CreateWithSession() and files.CreateWithMimeAndSession()
to participate in the caller's existing transaction instead.
2026-02-25 11:03:02 +01:00
kolaente bcfde14b14 fix(backgrounds): stream unsplash download to temp file instead of memory
Use a temp file instead of io.ReadAll to avoid buffering the entire
Unsplash image in RAM, which could cause OOM with large images or
high maxsize configuration.
2026-02-08 15:31:25 +01:00
kolaente 56a0ea44cf fix(backgrounds): avoid integer overflow in max size calculation
Keep maxSize as uint64 and cast safely when comparing with
resp.ContentLength to avoid potential integer overflow.
2026-02-08 15:31:25 +01:00
kolaente 19f6e4b7c9 fix(backgrounds): enforce max file size for unsplash downloads
Check Content-Length and use io.LimitReader to prevent OOM from
unexpectedly large unsplash responses before buffering into memory.
2026-02-08 15:31:25 +01:00
kolaente dbd74491c4 fix(files): update all callers to provide seekable readers for S3 uploads
Update all code paths that pass file content to the storage layer to
provide io.ReadSeeker instead of io.Reader:

- Avatar upload: use bytes.NewReader instead of bytes.Buffer
- Background upload handler: use bytes.NewReader instead of bytes.Buffer
- Unsplash background: buffer response body into bytes.NewReader
- Dump restore: buffer zip entry into bytes.NewReader
- Migration structure: pass bytes.NewReader directly instead of wrapping
  in io.NopCloser
- Task attachment: change NewAttachment parameter from io.ReadCloser to
  io.ReadSeeker
2026-02-08 15:31:25 +01:00
renovate[bot] 9a61453e86
fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131)
Closes https://github.com/go-vikunja/vikunja/pull/2133

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2026-01-24 20:38:32 +01:00
kolaente 731b7c3001
fix: avoid mutating global http.DefaultClient in webhook proxy (#2145)
Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured.

Fixes #2144
2026-01-24 13:58:47 +01:00
kolaente 39b4568bc5
refactor: centralize HTTP error handling (#2062)
This changes the error handling to a centralized HTTP error handler in `pkg/routes/error_handler.go` that converts all error types to proper HTTP responses. This simplifies the overall error handling because http handler now only need to return the error instead of calling HandleHTTPError as previously.
It also removes the duplication between handling errors with and without Sentry.

🐰 Hop along, dear errors, no more wrapping today!
We've centralized handlers in a shiny new way,
From scattered to unified, the code flows so clean,
ValidationHTTPError marshals JSON supreme!
Direct propagation hops forward with glee,
A refactor so grand—what a sight to see! 🎉
2026-01-08 10:02:59 +00:00
kolaente a5591c1603 fix: correctly cache unsplash background
Resolves
https://vikunja.sentry.io/issues/6753151793/events/3d8773d79b9c4da0bf65140e4b7617b4/
2025-07-18 18:38:12 +02:00
kolaente fcdcdcf46a feat: use keyvalue.Remember where it makes sense 2025-07-17 16:19:13 +02:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente 68636f27da
fix(files): use absolute path everywhere 2024-09-06 12:59:48 +02:00
kolaente 329de3aab3
chore(web): remove unused echo context 2024-08-29 16:20:39 +02:00
kolaente 2063da9eec
chore(web): move web handler package to Vikunja 2024-08-29 16:15:28 +02:00
kolaente aec60f3591
feat(backgrounds): resize images to a maximum of 4K
Resolves https://kolaente.dev/vikunja/vikunja/issues/1373#issuecomment-43491
2024-04-22 18:29:58 +02:00
kolaente 1ee243f2bd
fix(project background): add more checks for whether a background file exists when duplicating or deleting a project
Related discussion: https://community.vikunja.io/t/500-internal-server-error-when-selecting-unsplash-background-image/778/18
2023-09-13 11:20:59 +02:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
Dominik Pschenitschni cca430810d fix(image): json type of struct property (#1469)
Co-authored-by: Dominik Pschenitschni <mail@celement.de>
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1469
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
Co-committed-by: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
2023-04-06 09:53:09 +00:00
kolaente 4d5ad8f50e
chore(deps): update golangci-lint to 1.52.1 2023-03-24 19:17:45 +01:00
kolaente 349e6a5905
feat: rename lists to projects 2023-03-13 14:28:06 +01:00
kolaente 96b5e93379
fix: swagger docs 2022-11-11 15:34:26 +01:00
kolaente 6b51fae093 fix: return BlurHash in unsplash search results 2022-03-30 16:36:07 +00:00
kolaente 6df865876d feat: return BlurHash for unsplash search results 2022-03-30 16:36:07 +00:00
kolaente 2ec7d7a8a8 feat: save BlurHash from unsplash when selecting a photo from unsplash 2022-03-30 16:36:07 +00:00
kolaente 88a2cede19
feat: use wallpaper topic for default unsplash background list 2021-11-14 20:47:15 +01:00
kolaente d48aa101cf
Refactor & fix storing struct-values in redis keyvalue 2021-05-28 10:52:51 +02:00
kolaente c4a71016b8
Update copyright year 2021-02-02 20:19:13 +01:00
kolaente 2e88600c93
Change keyvalue.Get to return if a value exists or not instead of an error 2021-01-31 12:32:46 +01:00
kolaente 9baf6d39bd
Change license to AGPLv3 2020-12-23 16:41:52 +01:00
konrad 8d1a09b5a2 Use db sessions everywere (#750)
Fix lint

Fix lint

Fix loading tasks with search

Fix loading lists

Fix loading task

Fix loading lists and namespaces

Fix tests

Fix user commands

Fix upload

Fix migration handlers

Fix all manual root handlers

Fix session in avatar

Fix session in list duplication & routes

Use sessions in migration code

Make sure the openid stuff uses a session

Add alias for db type in db package

Use sessions for file

Use a session for everything in users

Use a session for everything in users

Make sure to use a session everywhere in models

Create new session from db

Add session handling for user list

Add session handling for unsplash

Add session handling for teams and related

Add session handling for tasks and related entities

Add session handling for task reminders

Add session handling for task relations

Add session handling for task comments

Add session handling for task collections

Add session handling for task attachments

Add session handling for task assignees

Add session handling for saved filters

Add session handling for namespace and related types

Add session handling for namespace and related types

Add session handling for list users

Add session handling for list tests

Add session handling to list teams and related entities

Add session handling for link shares and related entities

Add session handling for labels and related entities

Add session handling for kanban and related entities

Add session handling for bulk task and related entities

Add session handling for lists and related entities

Add session configuration for web handler

Update web handler

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/750
Co-Authored-By: konrad <konrad@kola-entertainments.de>
Co-Committed-By: konrad <konrad@kola-entertainments.de>
2020-12-23 15:32:28 +00:00
konrad 699d3d6060 Add Golangci Lint (#676)
Increase golangci timeout

Fix installing golangci-lint in ci

Remove mage targets replaced by golangci

Run golint in ci

Add goheader linter

Enable & fix more linters

Fix lint issues

Add mage target to automagically fix issues found by golangci

golangci-lint run --fix

Add golangci config

Add golangci mage target

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/676
Co-Authored-By: konrad <konrad@kola-entertainments.de>
Co-Committed-By: konrad <konrad@kola-entertainments.de>
2020-10-11 20:10:03 +00:00
konrad d56a611be7 Key-Value Storages (#674)
Fix lint

Add docs for keyvalue config options

Use keyvalue store to cache unsplash photo results

Cleanup

Use keyvalue store for upload avatar

Use keyvalue store for initials avatar

Fix initializing metrics

Use keyvalue for metrics

Add IncryBy and DecrBy methods to increase or decrease a value

Fix lint

Return custom error if a key does not exist

Init keyvalue storage

Follow the keyvalue storage setting for things like cache and other

Add docs

Add configuration of the storage backend

Add redis keyvalue storage implementation

Add doc comments

Add methods to use storage through the package itself

Add memory implementation for keyvalue store

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/674
Co-Authored-By: konrad <konrad@kola-entertainments.de>
Co-Committed-By: konrad <konrad@kola-entertainments.de>
2020-10-10 16:53:59 +00:00
kolaente 3b2289c8fa
Fix swagger docs 2020-06-28 16:25:46 +02:00
kolaente be11362533
Fix searching for unsplash pictures with words that contain a space 2020-06-26 00:37:10 +02:00
konrad a0ffe89056 List Background upload (#582)
Add filesize check when uploading a new file

Fix error 500 if the uploaded background was not an unsplash one

Add upload background setting to info endpoint

Add config docs

Fix lint

Return list background type if it was uploaded

Add file upload

Add docs

Save uploaded backgrounds as file

Add background upload handler

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/582
2020-06-11 17:31:37 +00:00
kolaente d63666cece
Fix getting unsplash thumbnails for non "photo-*" urls 2020-05-31 22:40:27 +02:00
kolaente d8a6acda96
Fix proxying unsplash images (security) 2020-05-31 22:36:25 +02:00
kolaente 03ef48a0ae
Properly ping unsplash when using unsplash images 2020-05-31 22:06:59 +02:00
kolaente 8f35b9d579
Set unsplash empty collection caching to one hour 2020-05-31 20:50:51 +02:00
kolaente ebfa982c72
Fix misspell 2020-05-31 18:12:32 +02:00
kolaente 2fa4fcc202
Fix caching of initial unsplash results per page 2020-05-31 18:09:46 +02:00
kolaente ad67154e26
Add cache for initial unsplash collection 2020-05-31 17:59:39 +02:00
kolaente 42ddee8d6f
Add logging if downloading an image from unsplash fails 2020-05-29 22:11:49 +02:00
kolaente a0fb8bd32d
Add unsplash image proxy for images and thumbnails 2020-05-29 15:33:46 +02:00
kolaente 2ef2c7523d
Also return unsplash info when searching 2020-05-27 22:12:12 +02:00
konrad e5e30d0915 List Backgrounds (#568)
Return the updated list when setting a list background

Add swagger docs for unsplash methods

Add unsplash info to search results

Fix misspell

Fix lint

Add rights check for setting and getting backgrounds

Show unsplash information when loading a single list

Make application id for pingbacks configurable

Remove old backgrounds when setting a new one

Return 404 if the list does not have a background

Implement getting list backgrounds

Implement actually setting a photo from unsplash as list background

go mod tidy

Add migration for background file id

Roughly implement setting a list background from unsplash

Implement saving a background

Add migration for unsplash photo table

Add unsplash search

Fix parsing page param

Fix parsing page param

Fix background config

Add unsplash wrapper library

Add enabled background providers to info endpoint

Add config options for backgrounds

Add unsplash background provider

Add routing handler for backgrounds

Add basic background provider interface

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/568
2020-05-26 20:07:55 +00:00