Commit Graph

1341 Commits

Author SHA1 Message Date
Claude 8a4f3a916f fix: remove duplicate close button on mobile task detail view
When viewing a task in modal mode on mobile, both a back button and a close button were displayed, causing confusion. The back button condition `!isModal || isMobile` meant it would show on mobile even in modal mode.

This fix changes the back button to only display when not in modal mode (`!isModal`), ensuring only the close button appears when viewing tasks in a modal on mobile devices.

Also removed the now-unused `isMobile` variable and its import.
2026-03-03 16:04:37 +01:00
Copilot c6f0d8babe
feat: surface API validation errors to registration form fields (#1902)
This PR surfaces API validation errors from the registration endpoint
directly onto the corresponding form fields, instead of only showing a
generic "invalid data" message. A new `parseValidationErrors` helper
extracts field names and messages from the API's `invalid_fields` array
(e.g. `["email: email is not a valid email address"]`) and maps them to
the appropriate form fields. The Register component integrates this
parser into its error handling, prioritizing client-side validation but
falling back to server-side field errors when present. Errors are
cleared as the user types.

A follow-up commit addressed PR review feedback: the `ValidationError`
interface is now exported from the parser module and reused in
`Register.vue` (eliminating a duplicate `ApiValidationError` interface),
the type guard was tightened to check specifically for `invalid_fields`
rather than broadly matching any object with a `message` property, the
fallback error message always uses the localized translation key instead
of potentially surfacing raw backend messages, and the
`serverValidationErrors` ref uses `Partial<Record>` to accurately
reflect that keys are optional.

🐰 A parser hops through error fields,
Catching field names as each one yields,
Client and server now both agree,
Validation flows harmoniously free!
Whitespace trimmed, no colon? It hops along,
Register form now validated strong! 

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2026-03-03 14:27:24 +01:00
kolaente da9cb87448 fix(shortcuts): track active sequences explicitly to prevent misfires
Replace the global sequenceBuffer (which only tracked key count) with
per-candidate ActiveSequence tracking. This fixes two bugs:

- Sequences with different prefixes could misfire once any sequence
  started, since only buffer length was checked, not which sequence
  was being matched.
- Single-key shortcuts could fire during an in-progress sequence,
  preempting sequence completion depending on binding iteration order.
2026-03-03 14:00:25 +01:00
kolaente 8bf0d581ce test(shortcuts): add unit tests for shortcut parsing logic
Add 46 tests covering:
- parseKey: single keys, modifiers, multi-modifier combos, special keys
- matchesKey: code matching, modifier matching, Mod platform-adaptive behavior
- eventToShortcutString: plain keys, modifiers, modifier-only filtering, non-Latin layouts
- isFormField: input/textarea/select/contentEditable detection

Export parseKey, matchesKey, and isFormField for testability.
2026-03-03 14:00:25 +01:00
kolaente c5703acedf fix(shortcuts): resolve lint errors in shortcut module
Replace `any` type assertions with proper types:
- Use WeakMap for element-to-binding mapping instead of expando properties
- Use typed intersection for Firefox's explicitOriginalTarget property
2026-03-03 14:00:25 +01:00
kolaente 79cd3433f5 refactor(shortcuts): use event.code for raw keyboard handlers
Change e.key to e.code in global keyboard shortcut handlers for
consistency with the new event.code-based shortcut system:
- ProjectList.vue: 'j'/'k'/'Enter' -> 'KeyJ'/'KeyK'/'Enter'
- useGanttBar.ts: 'ArrowLeft'/'ArrowRight' (identical values, for consistency)
- Modal.vue: 'Escape' (identical value, for consistency)
2026-03-03 14:00:25 +01:00
kolaente e3fdaed94a refactor(shortcuts): replace eventToHotkeyString with eventToShortcutString
Migrate all imperative shortcut matching from @github/hotkey's
eventToHotkeyString to the new event.code-based eventToShortcutString.

Updated comparison strings:
- 'Meta+k'/'Control+k' -> 'Meta+KeyK'/'Control+KeyK'
- 'Control+s'/'Meta+s' -> 'Control+KeyS'/'Meta+KeyS'
- 'Control+.' -> 'Control+Period'
- '.' -> 'Period'
- 'Enter' stays 'Enter' (identical in event.code)
2026-03-03 14:00:25 +01:00
kolaente f2901deb00 refactor(shortcuts): update v-shortcut values to event.code format
Change all shortcut strings from character-based format to event.code
format:
- Single letters: 't' -> 'KeyT', 's' -> 'KeyS', etc.
- Sequences: 'g o' -> 'KeyG KeyO', etc.
- Modifiers: 'Mod+e' -> 'Mod+KeyE', 'Shift+?' -> 'Shift+Slash'
- edit-shortcut prop: 'e' -> 'KeyE'

Shortcuts like 'Escape' and 'Shift+Delete' remain unchanged as their
event.code values are identical.
2026-03-03 14:00:25 +01:00
kolaente 8dc6e77ba0 refactor(shortcuts): update directive to use new shortcut module
Change import in the v-shortcut directive from @github/hotkey to the
new @/helpers/shortcut module. The install/uninstall API is identical.
2026-03-03 14:00:25 +01:00
kolaente 61c1d9332d feat(shortcuts): add event.code-based shortcut module
Replace the character-based @github/hotkey matching with a custom module
that matches against event.code (physical key position). This makes
shortcuts layout-independent so they work on non-Latin keyboard layouts
(Russian, Greek, Arabic, etc.).

The module provides:
- install/uninstall for declarative element shortcuts (v-shortcut)
- eventToShortcutString for imperative event matching
- Sequence support with 1500ms timeout
- Form field, IME, shadow DOM, and event.repeat guards
2026-03-03 14:00:25 +01:00
kolaente 4e79fde17d fix(gantt): render collapse chevron after bars for correct SVG paint order 2026-03-03 13:11:43 +01:00
kolaente 092e8fe45a fix(gantt): remove unreachable hover rule on relation arrows 2026-03-03 13:11:43 +01:00
kolaente aa6c3d85a7 fix(gantt): clamp collapse chevron x position to prevent negative offset 2026-03-03 13:11:43 +01:00
kolaente ca808c7a4f fix(gantt): only set hasDerivedDates when children have actual dates 2026-03-03 13:11:43 +01:00
kolaente f1ab9edf29 fix(gantt): move parent diamonds outward with stroke and remove hover effect 2026-03-03 13:11:43 +01:00
kolaente f6cac275e2 fix(gantt): make collapse/expand triangle smaller 2026-03-03 13:11:43 +01:00
kolaente 62bb4c33cf fix(gantt): improve parent task bar styling and visual grouping
- Make parent task bars full height (32px) matching regular bars,
  instead of the thin 8px summary bar
- Move collapse/expand chevron to sit right before the bar start
  position so it moves with the task during drag/resize
- Remove fixed-position indent indicator lines
- Add light background band with rounded border to visually group
  parent tasks with their children, sized to fit the bars
2026-03-03 13:11:43 +01:00
kolaente 19d77157e2 fix(gantt): spread overlapping relation arrows at shared endpoints 2026-03-03 13:11:43 +01:00
kolaente bb5d6dee3f fix(gantt): make relation arrows smaller and dash precedes lines 2026-03-03 13:11:43 +01:00
kolaente 71a2cdbb28 fix(gantt): update relation arrows in real-time during drag and resize 2026-03-03 13:11:43 +01:00
kolaente df766a0636 fix(gantt): always show relation arrows and fix arrow Y positioning
Remove the toggle checkbox and always render relation arrows.
Wrap rows and arrow overlay in a position:relative container so
arrows anchor to the row area instead of the chart wrapper which
includes the timeline header.
2026-03-03 13:11:43 +01:00
kolaente 5731ce9c76 feat(gantt): wire relation arrows into GanttChart with toggle 2026-03-03 13:11:43 +01:00
kolaente cd42406850 feat(gantt): create arrow SVG overlay component for relations 2026-03-03 13:11:43 +01:00
kolaente 7fca56a927 feat(gantt): render parent summary bars with diamond endpoints 2026-03-03 13:11:43 +01:00
kolaente 8361c9f301 feat(gantt): add collapse/expand chevron and indent indicators 2026-03-03 13:11:43 +01:00
kolaente 07446dc4e1 feat(gantt): integrate task tree into Gantt rendering with collapse 2026-03-03 13:11:43 +01:00
kolaente 73ced5b7d2 feat(gantt): add dependency arrow data builder 2026-03-03 13:11:43 +01:00
kolaente 1358c87e98 feat(gantt): add task tree builder utility for hierarchy 2026-03-03 13:11:43 +01:00
kolaente 8005a2fb92 feat(gantt): add expand=subtasks to Gantt API params 2026-03-03 13:11:43 +01:00
Dominik Pschenitschni b92735b0e9 feat: mini tiptap improvements
The TipTap editor now uses Vue’s defineModel for its reactive value, simplifies editability control with watchEffect, and correctly types DOM image elements.

Summary

Imported watchEffect and switched to defineModel for the editor’s v-model, removing the old update:modelValue emit

Typed the retrieved image element as HTMLImageElement and removed debugging output from the paste handler

Replaced the watcher controlling editability with a simpler watchEffect and updated model handling to use the new model ref
2026-03-03 13:00:35 +01:00
Dominik Pschenitschni e8a5631ffe
feat(frontend): highlight overdue tasks consistently (#958) 2026-03-03 12:37:21 +01:00
Dominik Pschenitschni 0a9586e8d4
feat: use offical vite plugin for sentry (#873) 2026-03-03 12:30:49 +01:00
Dominik Pschenitschni e1d1e7c848
feat: ensure forms submit on Enter (#959) 2026-03-03 12:28:45 +01:00
kolaente 958bd133fd fix(frontend): use mbs-2 utility class instead of scoped CSS
Replace the scoped .notification-actions rule with the project's
mbs-2 utility class for margin-block-start spacing.
2026-03-03 11:46:18 +01:00
kolaente 59b3dd32ac fix(frontend): use semantic class instead of targeting Tailwind utility
Replace .tw\:flex CSS selector with a .notification-actions class
in Notification.vue, as suggested in review.
2026-03-03 11:46:18 +01:00
kolaente a08667b669 feat(frontend): upgrade Tailwind CSS from v3 to v4
- Replace tailwindcss v3 with tailwindcss v4 + @tailwindcss/vite plugin
- Create dedicated tailwind.css entry with granular imports (skip preflight)
- Use CSS-first config with prefix(tw) instead of JS config
- Switch from PostCSS plugin to Vite plugin for better performance
- Update class prefix from tw- (dash) to tw: (colon) in all Vue files
- Remove @tailwind directives from global.scss
- Delete tailwind.config.js (replaced by CSS directives)
- Update stylelint at-rules for v4 directives
2026-03-03 11:46:18 +01:00
kolaente 1ba6a74383
fix(nav): project drag handle position
Resolves https://community.vikunja.io/t/color-ordering-menu-overlapping/4289
2026-03-02 11:38:45 +01:00
Weijie Zhao 7297682cad
fix: remove invalidateAvatarCache call that broke request deduplication (#2317)
When multiple avatar components mount with alternating sizes (e.g. 48
and 20), invalidateAvatarCache clears pending requests for ALL sizes of
the same user, causing each call to create a new HTTP request instead of
reusing the pending one.

I noticed this issue when I open a task with 20 comments, the avatar
requests make the service OOM.

<img width="733" height="551" alt="image"
src="https://github.com/user-attachments/assets/db45db31-294c-4363-ad27-38d454b5a6a2"
/>

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-02 09:18:20 +01:00
kolaente 15aa773212
fix(frontend): add horizontal overflow handling to tables on mobile
Wraps all tables that were missing overflow handling in a
`has-horizontal-overflow` div to prevent horizontal overflow on mobile
viewports.

Affected components:
- Sessions.vue
- ApiTokens.vue
- ProjectSettingsWebhooks.vue
- LinkSharing.vue
- UserTeam.vue
- EditTeam.vue
- ProjectSettingsViews.vue

Fixes https://github.com/go-vikunja/vikunja/issues/2331
2026-03-02 08:35:35 +01:00
Frederick [Bot] 6076384b1f chore(i18n): update translations via Crowdin 2026-03-01 01:21:13 +00:00
Frederick [Bot] 059958b839 chore(i18n): update translations via Crowdin 2026-02-27 01:10:46 +00:00
kolaente 838254bb51
feat(multiselect): add green plus icon and always-visible hint to create option
Make the "create new" option in multiselect dropdowns visually distinct
from regular search results by adding a green plus icon and making the
hint text always visible instead of only on hover.
2026-02-26 17:37:11 +01:00
kolaente c4ec7f032f
feat(checklist): show green progress circle when all checkboxes are done 2026-02-26 17:07:03 +01:00
kolaente 80759831ec
fix(editor): use overflow-wrap instead of word-break for text wrapping
word-break: break-all breaks text at any character, causing mid-word
breaks even when the word could fit on the next line. overflow-wrap:
break-word wraps at word boundaries first and only breaks mid-word
when a single word exceeds the container width.
2026-02-26 16:30:55 +01:00
kolaente a11d705571 feat(frontend): use Password component in password update settings
Replace FormField with Password component for new password input:
- Provides real-time validation feedback (8-72 char requirement)
- Remove redundant password confirmation field
- Disable save button when form is invalid (validation errors or empty fields)
2026-02-25 13:44:56 +01:00
kolaente 111ac9c726 fix: prevent XSS via innerHTML injection in link edit prompt
Replace innerHTML with DOM API calls in inputPrompt.ts. The oldValue
parameter (sourced from a link's href attribute in the TipTap editor)
was interpolated directly into an HTML string, allowing stored XSS if
an attacker crafted a malicious href. Using document.createElement and
setting .value as a property ensures the value is never parsed as HTML.
2026-02-25 12:01:57 +01:00
kolaente a42b4f37bd fix: prevent reflected HTML injection via filter URL parameter
TipTap's setContent() parses strings as HTML via DOMParser, allowing
crafted ?filter= URL parameters to inject SVG phishing buttons, anchor
tags, and formatted content into the trusted UI.

Use ProseMirror JSON document format instead of raw strings so the
filter value is always set as a text node, bypassing HTML parsing
entirely.
2026-02-25 12:01:57 +01:00
kolaente be1db018fe feat: add frontend session management with refresh tokens
- Session model, type interface, and API service
- Sessions settings page showing active sessions with device info,
  IP address, last active time, and current session indicator
- Auth store updated to use cookie-based refresh tokens for user
  sessions and JWT-based renewal for link shares
- refreshToken() uses Web Locks API to coordinate across browser
  tabs — only one tab performs the refresh, others adopt the result
- 401 response interceptor with automatic retry: detects expired JWT
  (error code 11), refreshes the token, and replays the request
- Interceptor gated to user JWTs only (link shares skip refresh)
- checkAuth() attempts cookie refresh when JWT is expired, allowing
  seamless session resumption after short TTL expiry
- Proactive token refresh on page focus/visibility via composable
- renewToken() tolerates refresh failures when JWT is still valid
2026-02-25 10:30:25 +01:00
kolaente 4325eae4d4
fix(tasks): show drag handle icon on mobile devices (#2286)
Resolves https://github.com/go-vikunja/vikunja/issues/2228
2026-02-24 14:37:33 +01:00
kolaente 7c04d44e2e
fix: wait for router before dismissing loading screen
The loading screen was dismissed as soon as auth check completed, but
before Vue Router's initial navigation finished. This caused route.name
to be undefined momentarily, making showAuthLayout evaluate to false
and briefly flashing the NoAuthWrapper (login shell) before the
authenticated layout appeared.

Wait for router.isReady() before setting ready = true so the loading
screen stays visible until the route is fully resolved.
2026-02-24 13:13:30 +01:00