Commit Graph

1325 Commits

Author SHA1 Message Date
kolaente 62bb4c33cf fix(gantt): improve parent task bar styling and visual grouping
- Make parent task bars full height (32px) matching regular bars,
  instead of the thin 8px summary bar
- Move collapse/expand chevron to sit right before the bar start
  position so it moves with the task during drag/resize
- Remove fixed-position indent indicator lines
- Add light background band with rounded border to visually group
  parent tasks with their children, sized to fit the bars
2026-03-03 13:11:43 +01:00
kolaente 19d77157e2 fix(gantt): spread overlapping relation arrows at shared endpoints 2026-03-03 13:11:43 +01:00
kolaente bb5d6dee3f fix(gantt): make relation arrows smaller and dash precedes lines 2026-03-03 13:11:43 +01:00
kolaente 71a2cdbb28 fix(gantt): update relation arrows in real-time during drag and resize 2026-03-03 13:11:43 +01:00
kolaente df766a0636 fix(gantt): always show relation arrows and fix arrow Y positioning
Remove the toggle checkbox and always render relation arrows.
Wrap rows and arrow overlay in a position:relative container so
arrows anchor to the row area instead of the chart wrapper which
includes the timeline header.
2026-03-03 13:11:43 +01:00
kolaente 5731ce9c76 feat(gantt): wire relation arrows into GanttChart with toggle 2026-03-03 13:11:43 +01:00
kolaente cd42406850 feat(gantt): create arrow SVG overlay component for relations 2026-03-03 13:11:43 +01:00
kolaente 7fca56a927 feat(gantt): render parent summary bars with diamond endpoints 2026-03-03 13:11:43 +01:00
kolaente 8361c9f301 feat(gantt): add collapse/expand chevron and indent indicators 2026-03-03 13:11:43 +01:00
kolaente 07446dc4e1 feat(gantt): integrate task tree into Gantt rendering with collapse 2026-03-03 13:11:43 +01:00
kolaente 73ced5b7d2 feat(gantt): add dependency arrow data builder 2026-03-03 13:11:43 +01:00
kolaente 1358c87e98 feat(gantt): add task tree builder utility for hierarchy 2026-03-03 13:11:43 +01:00
kolaente 8005a2fb92 feat(gantt): add expand=subtasks to Gantt API params 2026-03-03 13:11:43 +01:00
Dominik Pschenitschni b92735b0e9 feat: mini tiptap improvements
The TipTap editor now uses Vue’s defineModel for its reactive value, simplifies editability control with watchEffect, and correctly types DOM image elements.

Summary

Imported watchEffect and switched to defineModel for the editor’s v-model, removing the old update:modelValue emit

Typed the retrieved image element as HTMLImageElement and removed debugging output from the paste handler

Replaced the watcher controlling editability with a simpler watchEffect and updated model handling to use the new model ref
2026-03-03 13:00:35 +01:00
Dominik Pschenitschni e8a5631ffe
feat(frontend): highlight overdue tasks consistently (#958) 2026-03-03 12:37:21 +01:00
Dominik Pschenitschni 0a9586e8d4
feat: use offical vite plugin for sentry (#873) 2026-03-03 12:30:49 +01:00
Dominik Pschenitschni e1d1e7c848
feat: ensure forms submit on Enter (#959) 2026-03-03 12:28:45 +01:00
kolaente 958bd133fd fix(frontend): use mbs-2 utility class instead of scoped CSS
Replace the scoped .notification-actions rule with the project's
mbs-2 utility class for margin-block-start spacing.
2026-03-03 11:46:18 +01:00
kolaente 59b3dd32ac fix(frontend): use semantic class instead of targeting Tailwind utility
Replace .tw\:flex CSS selector with a .notification-actions class
in Notification.vue, as suggested in review.
2026-03-03 11:46:18 +01:00
kolaente a08667b669 feat(frontend): upgrade Tailwind CSS from v3 to v4
- Replace tailwindcss v3 with tailwindcss v4 + @tailwindcss/vite plugin
- Create dedicated tailwind.css entry with granular imports (skip preflight)
- Use CSS-first config with prefix(tw) instead of JS config
- Switch from PostCSS plugin to Vite plugin for better performance
- Update class prefix from tw- (dash) to tw: (colon) in all Vue files
- Remove @tailwind directives from global.scss
- Delete tailwind.config.js (replaced by CSS directives)
- Update stylelint at-rules for v4 directives
2026-03-03 11:46:18 +01:00
kolaente 1ba6a74383
fix(nav): project drag handle position
Resolves https://community.vikunja.io/t/color-ordering-menu-overlapping/4289
2026-03-02 11:38:45 +01:00
Weijie Zhao 7297682cad
fix: remove invalidateAvatarCache call that broke request deduplication (#2317)
When multiple avatar components mount with alternating sizes (e.g. 48
and 20), invalidateAvatarCache clears pending requests for ALL sizes of
the same user, causing each call to create a new HTTP request instead of
reusing the pending one.

I noticed this issue when I open a task with 20 comments, the avatar
requests make the service OOM.

<img width="733" height="551" alt="image"
src="https://github.com/user-attachments/assets/db45db31-294c-4363-ad27-38d454b5a6a2"
/>

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-02 09:18:20 +01:00
kolaente 15aa773212
fix(frontend): add horizontal overflow handling to tables on mobile
Wraps all tables that were missing overflow handling in a
`has-horizontal-overflow` div to prevent horizontal overflow on mobile
viewports.

Affected components:
- Sessions.vue
- ApiTokens.vue
- ProjectSettingsWebhooks.vue
- LinkSharing.vue
- UserTeam.vue
- EditTeam.vue
- ProjectSettingsViews.vue

Fixes https://github.com/go-vikunja/vikunja/issues/2331
2026-03-02 08:35:35 +01:00
Frederick [Bot] 6076384b1f chore(i18n): update translations via Crowdin 2026-03-01 01:21:13 +00:00
Frederick [Bot] 059958b839 chore(i18n): update translations via Crowdin 2026-02-27 01:10:46 +00:00
kolaente 838254bb51
feat(multiselect): add green plus icon and always-visible hint to create option
Make the "create new" option in multiselect dropdowns visually distinct
from regular search results by adding a green plus icon and making the
hint text always visible instead of only on hover.
2026-02-26 17:37:11 +01:00
kolaente c4ec7f032f
feat(checklist): show green progress circle when all checkboxes are done 2026-02-26 17:07:03 +01:00
kolaente 80759831ec
fix(editor): use overflow-wrap instead of word-break for text wrapping
word-break: break-all breaks text at any character, causing mid-word
breaks even when the word could fit on the next line. overflow-wrap:
break-word wraps at word boundaries first and only breaks mid-word
when a single word exceeds the container width.
2026-02-26 16:30:55 +01:00
kolaente a11d705571 feat(frontend): use Password component in password update settings
Replace FormField with Password component for new password input:
- Provides real-time validation feedback (8-72 char requirement)
- Remove redundant password confirmation field
- Disable save button when form is invalid (validation errors or empty fields)
2026-02-25 13:44:56 +01:00
kolaente 111ac9c726 fix: prevent XSS via innerHTML injection in link edit prompt
Replace innerHTML with DOM API calls in inputPrompt.ts. The oldValue
parameter (sourced from a link's href attribute in the TipTap editor)
was interpolated directly into an HTML string, allowing stored XSS if
an attacker crafted a malicious href. Using document.createElement and
setting .value as a property ensures the value is never parsed as HTML.
2026-02-25 12:01:57 +01:00
kolaente a42b4f37bd fix: prevent reflected HTML injection via filter URL parameter
TipTap's setContent() parses strings as HTML via DOMParser, allowing
crafted ?filter= URL parameters to inject SVG phishing buttons, anchor
tags, and formatted content into the trusted UI.

Use ProseMirror JSON document format instead of raw strings so the
filter value is always set as a text node, bypassing HTML parsing
entirely.
2026-02-25 12:01:57 +01:00
kolaente be1db018fe feat: add frontend session management with refresh tokens
- Session model, type interface, and API service
- Sessions settings page showing active sessions with device info,
  IP address, last active time, and current session indicator
- Auth store updated to use cookie-based refresh tokens for user
  sessions and JWT-based renewal for link shares
- refreshToken() uses Web Locks API to coordinate across browser
  tabs — only one tab performs the refresh, others adopt the result
- 401 response interceptor with automatic retry: detects expired JWT
  (error code 11), refreshes the token, and replays the request
- Interceptor gated to user JWTs only (link shares skip refresh)
- checkAuth() attempts cookie refresh when JWT is expired, allowing
  seamless session resumption after short TTL expiry
- Proactive token refresh on page focus/visibility via composable
- renewToken() tolerates refresh failures when JWT is still valid
2026-02-25 10:30:25 +01:00
kolaente 4325eae4d4
fix(tasks): show drag handle icon on mobile devices (#2286)
Resolves https://github.com/go-vikunja/vikunja/issues/2228
2026-02-24 14:37:33 +01:00
kolaente 7c04d44e2e
fix: wait for router before dismissing loading screen
The loading screen was dismissed as soon as auth check completed, but
before Vue Router's initial navigation finished. This caused route.name
to be undefined momentarily, making showAuthLayout evaluate to false
and briefly flashing the NoAuthWrapper (login shell) before the
authenticated layout appeared.

Wait for router.isReady() before setting ready = true so the loading
screen stays visible until the route is fully resolved.
2026-02-24 13:13:30 +01:00
kolaente f7a93e4ca3
fix: prevent cursor reset when typing in filter input (#2287)
Fixes #2268
2026-02-24 11:50:45 +00:00
kolaente 9e633b3e82 fix(task): disable Confirm button when no date is selected in absolute reminder picker
Prevents emitting a reminder with reminder=null/relativeTo=null when
the user clicks Confirm without selecting a date first.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente b65773eb8f fix(task): require explicit confirmation before saving reminders
Prevent reminders from being saved to the API until the user clicks
Confirm, matching the behavior of the due/start/end date pickers.

- Remove @update:modelValue handler on DatepickerInline so date/time
  changes only update local state
- Change Confirm button condition from showFormSwitch to activeForm so
  it renders even when defaultRelativeTo is null
- Add confirmAndClose function that handles both absolute and relative
  reminder forms
- Remove debounce (useDebounceFn) since saves are now user-initiated

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 56eb5d3740
fix: show tasks spanning entire gantt date range
Tasks whose start date is before and end date is after the visible
gantt range were not shown because the API filter only checked whether
individual date fields fell within the range. Add a fourth filter
clause to match tasks that fully encompass the visible date range.

Fixes go-vikunja/vikunja#2269
2026-02-24 11:51:13 +01:00
kolaente a13ecbd3cc
fix: prevent browser from caching API responses
Without explicit Cache-Control headers, browsers may heuristically cache
API JSON responses. This causes stale data to be served on normal page
refresh (F5) — for example, projects newly shared with a team not
appearing until the user performs a hard refresh (Ctrl+Shift+R).

Add Cache-Control: no-store to all API responses via middleware and
configure the service worker's NetworkOnly strategy to explicitly bypass
the browser HTTP cache for API requests.

Ref: https://community.vikunja.io/t/team-members-cannot-see-project/1876
2026-02-24 10:37:49 +01:00
Frederick [Bot] 19ccc3cb8e chore(i18n): update translations via Crowdin 2026-02-24 01:13:27 +00:00
kolaente 4cee2cf128 fix: reset throttle on logout so checkAuth clears auth state
logout() calls checkAuth() to clear the authenticated flag and user
info. But since checkAuth() likely ran within the last minute (on the
navigation that triggered logout), the now-working throttle would
return early, leaving authenticated=true in the store despite the
token being removed. This could cause Login.vue to redirect back
to home.

Resetting lastUserInfoRefresh to null before checkAuth() ensures
the logout flow always runs fully.
2026-02-21 23:08:24 +01:00
kolaente 65806df605 fix: keep token expiry in sync when skipping setUser from JWT
When the setUser call is skipped for an already-loaded user,
info.value.exp was never updated with the renewed token's expiry.
This caused useRenewTokenOnFocus to compute a stale expiresIn,
eventually forcing a logout even though the token was still valid.

Now we always update exp from the JWT, even when skipping the
full setUser call.
2026-02-21 23:08:24 +01:00
kolaente 1d420dd1dc fix: don't overwrite user info with incomplete JWT data on navigation
The JWT token only contains id, username, type, and exp — not the
display name. Previously, every route navigation called setUser() with
this incomplete data, causing the display name to flash to the username
before the API call completed and restored the full name.

Now we skip setUser() if a complete user object with the same ID is
already loaded.

Fixes https://github.com/go-vikunja/vikunja/issues/2270
2026-02-21 23:08:24 +01:00
kolaente a11cde1afc fix: correct broken throttle in checkAuth that never triggered
The throttle checked `lastUserInfoRefresh > now + 1 minute` which is
never true since lastUserInfoRefresh is set to the current time.
Changed to `now - 1 minute` so the check actually prevents redundant
API calls within a one-minute window.
2026-02-21 23:08:24 +01:00
kolaente 1dc625f9e8 test: add unit tests for getDisplayName 2026-02-21 23:08:24 +01:00
Frederick [Bot] 05ff67b681 chore(i18n): update translations via Crowdin 2026-02-21 01:09:54 +00:00
Massimo Nadalin 8fd256a5d9
feat: clickable task notifications (#2258)
Make task-related notifications clickable, allowing users to directly
open the corresponding task.
2026-02-20 22:34:53 +00:00
Frederick [Bot] a8d3594ceb chore(i18n): update translations via Crowdin 2026-02-20 01:12:20 +00:00
kolaente bc2f7e5840
fix: break long continuous strings in editor to prevent overflow
Fixes https://github.com/go-vikunja/vikunja/issues/2266
2026-02-19 16:11:43 +01:00
kolaente df05c51457
fix: clamp gantt bar title position when task starts before visible range
Resolves go-vikunja/vikunja#149
2026-02-19 16:08:52 +01:00