| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-01-20 | Remove Obsidian integration for public server deployment | Peter Stone | |
| Obsidian relied on local filesystem access which is incompatible with public server deployment. This removes all Obsidian-related code including: - API client and interface - Store layer methods (SaveNotes, GetNotes, SearchNotes) - Handler methods and routes - UI tab and templates - Configuration fields - Related tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> | |||
| 2026-01-12 | Add security tests for path traversal and SQL injection fixes | Peter Stone | |
| Created comprehensive test coverage for security fixes: - internal/api/obsidian_test.go: * TestGetNotes_SymlinkSecurity: Verifies symlinks are not followed * TestGetNotes_BasicFunctionality: Tests basic limit and ordering * Uses t.TempDir() for isolated test environments - internal/store/sqlite_test.go: * TestGetNotes_LimitClause: Validates LIMIT parameter handling * TestGetNotes_EmptyDatabase: Tests empty state * TestSaveNotes_Upsert: Verifies INSERT OR REPLACE behavior * TestGetNotes_SQLInjectionAttempt: Confirms parameterized queries * All tests use temporary SQLite databases for isolation All tests passing (7 new test cases). Security fixes from commits 325811c and 4c03e9c now have full test coverage. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> | |||
 |
index : doot.git | |
| doot — personal productivity web app | www-data |
| summaryrefslogtreecommitdiff |