Commit Graph

203 Commits

Author SHA1 Message Date
kolaente 98f2893ffe fix(db): use WAL mode for SQLite and temp file for ephemeral databases
Three SQLite connection issues are fixed:

1. The refactoring in 26c0f71 accidentally dropped _busy_timeout from
   the file-based SQLite connection string. Without it, concurrent
   transactions get instant SQLITE_BUSY errors instead of waiting.

2. _txlock=immediate forced ALL transactions (including reads) to
   acquire the write lock at BEGIN, serializing all database access.
   WAL mode makes this unnecessary: readers use snapshots and never
   block writers, so the SHARED-to-RESERVED deadlock cannot occur.

3. In-memory shared cache (file::memory:?cache=shared) uses table-level
   locking where _busy_timeout is ineffective (returns SQLITE_LOCKED,
   not SQLITE_BUSY) and concurrent connections deadlock. Replace with a
   temp file using WAL mode for proper concurrency.
2026-03-03 10:41:19 +01:00
kolaente 26c0f71b6c
fix(db): use immediate txlock for SQLite instead of MaxOpenConns(1)
MaxOpenConns(1) caused Go-level deadlocks: when two goroutines needed
database connections concurrently, the second blocked forever waiting
for the single connection pool slot. This broke CI (sqlite web tests
timed out after 45min, e2e tests hung).

The actual "database is locked" errors were caused by SQLite's default
deferred transaction locking: two connections both acquire SHARED locks,
then deadlock when both try to promote to RESERVED for writing. SQLite
detects this instantly and returns SQLITE_BUSY, bypassing busy_timeout.

_txlock=immediate fixes this by acquiring the write lock at BEGIN time.
The second concurrent transaction waits (up to busy_timeout) instead of
deadlocking. Combined with WAL mode (concurrent readers + single writer),
this handles concurrency correctly without restricting the Go connection
pool.
2026-03-02 14:03:33 +01:00
kolaente 79dbb40985
fix(db): prevent SQLite "database is locked" errors under concurrent writes
Configure SQLite connections with WAL journal mode, a 5-second busy
timeout, shared cache, and a max of 1 open connection. SQLite only
supports a single writer at a time, so without these settings concurrent
API requests (e.g. bulk task creation) would immediately fail with
"database is locked" instead of waiting and retrying.
2026-03-02 12:37:55 +01:00
kolaente 7e7e778d49 fix(db): validate table names and quote identifiers in raw SQL 2026-02-25 13:01:00 +01:00
kolaente 9e050fe40e test: add orphaned project fixture for repair-projects command 2026-02-25 11:56:25 +01:00
kolaente 1167b08e70 fix: handle Begin() error in db.NewSession() instead of ignoring it 2026-02-25 11:03:02 +01:00
kolaente fd77e041a1 fix: add transaction begin to db.NewSession()
All sessions now start with an active transaction. This makes
multi-statement write operations atomic — if any step fails, all
changes are rolled back instead of leaving the database in an
inconsistent state.

Callers must call s.Commit() for writes to persist. s.Close()
auto-rollbacks uncommitted transactions.
2026-02-25 11:03:02 +01:00
kolaente b3d0b2f697 feat: add Session model with CRUD, permissions, and cleanup cron
- Session struct with UUID primary key, hashed refresh token, device
  info, IP address, and last-active tracking
- Token generation via generateHashedToken (SHA-256, 128 random bytes)
- CreateSession, GetSessionByRefreshToken, GetSessionByID
- Atomic RotateRefreshToken with WHERE on old hash to prevent replays
- ReadAll scoped to authenticated user (link shares rejected)
- Delete scoped to owning user (link shares rejected)
- Hourly cleanup cron for expired sessions based on is_long_session
- ErrSessionNotFound error type with HTTP 404 mapping
2026-02-25 10:30:25 +01:00
kolaente 6733ac4e22 test: add task #47 with reminders outside window for bug #2245
Add a second reminder to task 2 (in 2019, outside the test window)
and create task #47 with two reminders that straddle the test window
(2018-08-01 and 2019-03-01) but neither falls inside it. This exposes
the multi-row matching bug where separate EXISTS subqueries can match
different rows in the same sub-table.
2026-02-19 12:40:29 +01:00
John Starich 591a646f84 refactor: remove environment variable requirements for go test 2026-02-17 18:01:05 +01:00
kolaente 7fce4694fa
refactor(db): extract testable ResolveDatabasePath function (#2193)
Add DatabasePathConfig struct and ResolveDatabasePath function that
takes all dependencies as parameters, making it easier to test path
resolution logic in isolation. Should also fix the reported cases.

Resolves #2189
2026-02-08 10:47:57 +00:00
Biagio00 5b42724205
fix(kanban): repeating tasks dates won't update when moved in done bucket (#1638) 2025-11-14 16:57:53 +00:00
kolaente 7da2942ca6
fix: correctly set database path on windows (#1616) 2025-10-09 08:38:01 +00:00
kolaente ec89b08fd5
fix(attachments): extend upload file size to form data (#1577)
Resolves https://github.com/go-vikunja/vikunja/issues/1494
2025-09-30 22:23:07 +00:00
kolaente a81a3ee0e5
feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
kolaente 4042f66efa
feat: show user export status in settings (#1200) 2025-07-30 15:50:26 +00:00
kolaente 4faf50a91f
fix(user): ensure deletion tokens can only be used by the user who created them 2025-07-23 11:18:37 +02:00
Copilot 9712dbe2ab
fix: MySQL constraint violations returning HTTP 500 instead of 400 for task bucket duplicates (#1154)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-07-22 08:59:12 +00:00
kolaente ca83ad1f98 feat: move to slog for logging 2025-07-21 18:15:39 +02:00
kolaente 7985a6500a fix: use assertions which are more specific 2025-07-18 23:18:04 +02:00
kolaente 07d83e67d7 feat(projects): add support for ParadeDB when searching for project 2025-07-18 23:18:04 +02:00
kolaente 1e3a68210a chore(db): simplify MultiFieldSearch 2025-07-18 23:18:04 +02:00
kolaente 22579dffae chore: cleanup unused helper 2025-07-18 23:18:04 +02:00
kolaente a571d42f46 chore: refactor searching for link shares 2025-07-18 23:18:04 +02:00
kolaente 3db1ddcee4 feat(tasks): add support for ParadeDB when searching tasks 2025-07-18 23:18:04 +02:00
Dominik Pschenitschni d48d88d442 fix: comment typo and misspellings 2025-07-02 17:46:21 +02:00
Dominik Pschenitschni 5b9d4fcc72
chore: add missing eof newlines (#969) 2025-06-17 09:11:32 +00:00
kolaente 6671ce38a8
chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
kolaente 0145a8ba50
feat!(config): store sqlite file relative to rootpath (#934)
Moderately breaking change since in most cases the root path was already set next to the binary.
2025-06-13 09:16:25 +02:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente b010e3851c
fix(project): add position in test fixtures 2025-03-20 14:00:18 +01:00
kolaente 7e1aba7606
fix(kanban): correctly set default bucket id when duplicating project
Partially resolves https://community.vikunja.io/t/bugs-around-project-duplication-with-kanban-buckets/3433
2025-03-19 17:28:59 +01:00
kolaente 99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente 62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
kolaente 4e90c6bb78
chore(deps): update golangci-lint 2025-03-02 13:00:18 +01:00
kolaente 6673adf0b5
fix(filter): do not show tasks in filter results when they are filtered out by labels
This fixes a bug where tasks which were filtered out by their label would still be shown. That was caused by the way the filter query was translated to sql under the hood.

Resolves https://github.com/go-vikunja/vikunja/issues/394
2025-01-20 14:05:42 +01:00
John Doe 28d5cd7b28 feat: allow setting schema for connection in postgres (#2777)
This PR introduce a new config for database, `database.schema`, allowing user to specify a specific schema to use for their postgres database connection. As the default value is set, it will be backward compatible.

Related discussion: https://community.vikunja.io/t/postgres-database-has-error-pq-relation-tasks-does-not-exist/1333

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2777
Co-authored-by: John Doe <hugosum.dev@protonmail.com>
Co-committed-by: John Doe <hugosum.dev@protonmail.com>
2024-10-26 16:06:47 +00:00
kolaente a88124cfce
feat: make used bcrypt rounds configurable
This allows to configure the used bcrypt rounds and set it to 4 in tests, greatly speeding up the tests. It's not really required to set this to another value but it might be in the future as computers get faster.
2024-10-13 15:38:04 +02:00
kolaente 06305eb6b3
fix(subscriptions): correctly inherit subscriptions
Resolves https://community.vikunja.io/t/e-mail-notification-twice/2740/20
2024-09-03 22:04:11 +02:00
kolaente 8bfd0493b2 fix(deps): update golangci 2024-08-25 14:30:46 +00:00
kolaente fa6546b6b2
feat(tasks): add tests for moving a task out of the done bucket 2024-06-18 13:40:41 +02:00
kolaente 9075a45cb8
fix(views): update test fixtures for new structure 2024-03-19 00:47:51 +01:00
kolaente a5c51d4b1e feat: emoji reactions for tasks and comments (#2196)
This PR adds reactions for tasks and comments, similar to what you can do on Gitea, GitHub, Slack and plenty of other tools.

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2196
Co-authored-by: kolaente <k@knt.li>
Co-committed-by: kolaente <k@knt.li>
2024-03-12 19:25:58 +00:00
waza-ari ffa82556e0 feat(teams): add public flags to teams to allow easier sharing with other teams (#2179)
Resolves #2173
Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2179
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
2024-03-10 14:04:32 +00:00
kolaente 9624cc9e97
fix(filter): translate all tests 2024-03-09 19:06:35 +01:00
waza-ari a3154e805c fix(auth): use (issuer, name) to check for uniqueness of oidc teams (#2152)
The change introduced in #2150 introduces a bug where a Team would be re-created every time a user logs in, as the check if a team already exists was based on both the unique `oidcID` and the `name`. This PR proposes to only base the check on the ID, as this should be unique.

Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2152
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
2024-03-04 20:26:45 +00:00
kolaente ac8751e1be
fix(task): move done tasks to the done bucket when they are moved between projects and the new project has a done bucket 2024-03-03 18:13:47 +01:00
viehlieb ed4da96ab1 feat: assign users to teams via OIDC claims (#1393)
This change adds the ability to sync teams via a custom openid claim. Vikunja will automatically create and delete teams as necessary, it will also add and remove users when they log in. These teams are fully managed by Vikunja and cannot be updated by a user.

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/1393
Resolves https://kolaente.dev/vikunja/vikunja/issues/1279
Resolves https://github.com/go-vikunja/vikunja/issues/42
Resolves https://kolaente.dev/vikunja/vikunja/issues/950
Co-authored-by: viehlieb <pf@pragma-shift.net>
Co-committed-by: viehlieb <pf@pragma-shift.net>
2024-03-02 08:47:10 +00:00
kolaente 6b1e67485b
feat: fetch all projects with a recursive cte instead of recursive query
This change modifies the fetching of all projects to use a recursive common table expression instead of recursively calling the method.
2024-02-28 13:42:45 +01:00
kolaente 2dab2ccedd
feat: allow using sqlite in memory database
This allows running vikunja for testing purposes. You almost never want to run this in production.
2024-02-15 10:48:48 +01:00
kolaente c05f51b923
chore(deps): update golangci-lint rules 2023-12-19 13:34:31 +01:00
Miguel Arroyo 225d65268d feat(caldav): Add support for subtasks (i.e. `RELATED-TO` property) in CalDAV (#1634)
As I mentioned [here](https://kolaente.dev/vikunja/api/pulls/1442#issuecomment-55215), this is mainly a cleanup of @zewaren 's original [PR](https://kolaente.dev/vikunja/api/pulls/1442).

It adds support for the `RELATED-TO` property in CalDAV's `VTODO` and the `RELTYPE=PARENT` and `RELTYPE=CHILD` relationships. In other words, it allows for `ParentTask->SubTask` relations to be handled supported through CalDAV.

In addition to the included tests, this has been tested by both @zewaren & myself with DAVx5 & Tasks (Android) and it's been working great.

Resolves https://kolaente.dev/vikunja/api/issues/1345

Co-authored-by: Miguel A. Arroyo <miguel@codeheads.dev>
Co-authored-by: Erwan Martin <public@fzwte.net>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1634
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Miguel Arroyo <mayanez@noreply.kolaente.de>
Co-committed-by: Miguel Arroyo <mayanez@noreply.kolaente.de>
2023-11-10 22:44:03 +00:00
Peter H0ffmann ad04d302af chore: reverse the coupling of module log and config (#1606)
This way the config module can already use the log module with the same result (default logging to StdOut with Level INFO, same output as before) but ENV variables can already change the logging of config file related log output). It is now possible to dump as a cronjob without having to filter the default log about the used config file.

Also:
- all logging modules are now configurable when initializing which makes testing easier
- viper dependency removed from logging
- log correct settings when configured error level is invalid
- deprecation of value "false" for log.standard and log.events (already not mentioned in https://vikunja.io/docs/config-options/)

Co-authored-by: Berengar W. Lehr <Berengar.Lehr@uni-jena.de>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1606
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Peter H0ffmann <hoffmannp@noreply.kolaente.de>
Co-committed-by: Peter H0ffmann <hoffmannp@noreply.kolaente.de>
2023-10-03 09:28:28 +00:00
kolaente 60bd5c8a79
feat: make default bucket configurable 2023-09-03 15:17:17 +02:00
kolaente bbbb45d224
feat: move done bucket setting to project 2023-09-03 15:01:35 +02:00
kolaente e3c5a93f4f
chore(api tokens): remove updated date from tokens as it can't be updated anyway 2023-09-01 11:16:36 +02:00
kolaente d9bfcdab8e
feat(api tokens): add tests 2023-09-01 10:19:31 +02:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
kolaente acb03c430e
fix(user): allow deleting a user if they have a default project
Resolves https://github.com/go-vikunja/api/issues/78
2023-08-23 16:10:51 +02:00
kolaente d83e3a0a03
chore: remove cache options
Cache was not working correctly, added more complexity and actually made response times slower. Because of this, I'm removing all cache options until we figure out a better solution.

Resolves https://kolaente.dev/vikunja/api/issues/1496
Resolves https://kolaente.dev/vikunja/api/issues/907
2023-06-08 17:05:36 +02:00
kolaente ef94e0cf86
feat(projects): don't allow deleting or archiving the default project 2023-06-07 21:29:46 +02:00
kolaente 4b00f224d9
fix: reminder fixture 2023-05-24 15:52:33 +02:00
kolaente 353279cbff
fix: fetch all tasks for all projects 2023-05-24 15:52:33 +02:00
kolaente 746ac1098f
fix(test): adjust fixture bucket and list ids 2023-05-24 15:52:32 +02:00
kolaente 3b00a5c200
fix(test): fixtures 2023-05-24 15:52:32 +02:00
kolaente 017f771783
chore(test): show table content when db assertion failed 2023-05-24 15:51:56 +02:00
kolaente 03b7fa6dd3
fix(tests): subscription test fixtures 2023-05-24 15:51:56 +02:00
kolaente 5e6bff20f8
fix(tests): task permissions from parents 2023-05-24 15:51:56 +02:00
kolaente 03eb4ecd07
fix(tests): permission tests for parent projects 2023-05-24 15:51:56 +02:00
kolaente 0cd633981a
fix(project): recursively get all users from all parent projects 2023-05-24 15:51:56 +02:00
kolaente 537ba60f2d
fix(tasks): get all tasks from parent projects 2023-05-24 15:51:55 +02:00
kolaente ceaa9c0e03
feat(subscriptions): make sure all subscriptions are inherited properly 2023-05-24 15:51:55 +02:00
kolaente afe756e4c1
fix(tests): make the tests compile again 2023-05-24 15:51:55 +02:00
kolaente 7ad256f6cd
fix: correctly pass unix socket to xorm 2023-04-17 19:39:38 +02:00
kolaente 0a6bbc2efd fix: using mysql via a socket 2023-04-17 10:48:59 +00:00
kolaente dff4e01327
fix: ILIKE helper 2023-04-03 19:19:51 +02:00
kolaente a7231e197e
feat: allow to find users with access to a project more freely
Related to https://kolaente.dev/vikunja/frontend/issues/2196
2023-04-03 18:49:04 +02:00
cernst f45648a6f7 feat(caldav): Sync Reminders / VALARM (#1415)
Co-authored-by: ce72 <christoph.ernst72@googlemail.com>
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1415
Reviewed-by: konrad <k@knt.li>
Co-authored-by: cernst <ce72@noreply.kolaente.de>
Co-committed-by: cernst <ce72@noreply.kolaente.de>
2023-04-01 11:09:11 +00:00
cernst 3f5252dc24 feat: Add relative Reminders (#1427)
Partially resolves #1416

Co-authored-by: ce72 <christoph.ernst72@googlemail.com>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1427
Reviewed-by: konrad <k@knt.li>
Co-authored-by: cernst <ce72@noreply.kolaente.de>
Co-committed-by: cernst <ce72@noreply.kolaente.de>
2023-03-27 20:07:06 +00:00
kolaente 7a9611c2da
chore: cleanup 2023-03-13 14:28:36 +01:00
kolaente 06f1d2e912
fix: test fixtures 2023-03-13 14:28:07 +01:00
kolaente 8f4abd2fe8
feat: rename all list files 2023-03-13 14:28:06 +01:00
cernst a62b57ac62 feat(caldav): import caldav categories as Labels (#1413)
Resolves #1274

Co-authored-by: ce72 <christoph.ernst72@googlemail.com>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1413
Reviewed-by: konrad <k@knt.li>
Co-authored-by: cernst <ce72@noreply.kolaente.de>
Co-committed-by: cernst <ce72@noreply.kolaente.de>
2023-03-02 15:25:26 +00:00
clos afdceb0aff fix(list): when list background is removed, delete file from file system and DB (#1372)
Co-authored-by: testinho.testador <testinho.testador@noreply.kolaente.de>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1372
Reviewed-by: konrad <k@knt.li>
Co-authored-by: clos <clos@noreply.kolaente.de>
Co-committed-by: clos <clos@noreply.kolaente.de>
2023-02-01 11:38:23 +00:00
kolaente 491a142378
fix: lint 2023-01-29 22:42:24 +01:00
kolaente 40411e4100
chore(task): add test to check if a task's reminders are duplicated 2023-01-26 16:06:49 +01:00
kolaente b8c3b570a4
fix(restore): check if we're really dealing with a string 2022-12-02 14:49:32 +01:00
kolaente 47aae115df
fix(tasks): don't include undone overdue tasks from archived lists or namespaces in notification mails
Resolves https://kolaente.dev/vikunja/api/issues/1324
2022-12-01 18:07:30 +01:00
kolaente fbc4b91e0f
fix(dump): make sure null dates are properly set when restoring from a dump 2022-12-01 17:53:02 +01:00
konrad 641a9da93d fix: usage with postgres over unix socket (#1308)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1308
2022-11-04 12:25:06 +00:00
kolaente 622f2f0562
fix: look for the default bucket based on the position instead of the index 2022-11-03 15:10:20 +01:00
kolaente fcb205a842
fix: use connection string for postgres 2022-10-01 16:57:06 +02:00
kolaente b1fd13bbcb
feat: upgrade xorm 2022-10-01 16:25:29 +02:00
kolaente 1feb62cc45
fix: lint 2022-07-31 15:50:38 +02:00
kolaente 0f555b7ec7
fix: reset id sequence when importing a dump from postgres 2022-07-21 14:54:52 +02:00
kolaente 54348c5891
fix(restore): make sure to reset sequences after importing a dump when using postgres
Related to https://kolaente.dev/vikunja/api/issues/1199
2022-07-13 23:43:53 +02:00
kolaente 230478aae9
fix: remove credential escaping for postgres connections to allow for passwords with special characters
Resolves https://github.com/go-vikunja/api/issues/22
2022-07-07 18:04:16 +02:00
tuxthepenguin 4960a498ff Add client-cert parameters of the Go pq driver to the Vikunja config (#1161)
Co-authored-by: tuxthepenguin <tux@saturnv.uphus-internal.de>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1161
Reviewed-by: konrad <k@knt.li>
Co-authored-by: tuxthepenguin <tuxthepenguin@noreply.kolaente.de>
Co-committed-by: tuxthepenguin <tuxthepenguin@noreply.kolaente.de>
2022-04-23 15:46:00 +00:00
kolaente 5cf263a86f
feat: upgrade golangci-lint to 1.45.2 2022-03-27 16:55:37 +02:00
konrad 27119ad6d4 User account deletion (#937)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/937
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-08-11 19:08:10 +00:00