diff --git a/package-lock.json b/package-lock.json index 2c30393..6e2cbb9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "obsidian-livesync", - "version": "0.24.25", + "version": "0.24.26", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "obsidian-livesync", - "version": "0.24.25", + "version": "0.24.26", "license": "MIT", "dependencies": { "@aws-sdk/client-s3": "^3.808.0", diff --git a/package.json b/package.json index bc5b10e..e64283a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "obsidian-livesync", - "version": "0.24.25", + "version": "0.24.26", "description": "Reflect your vault changes to some other devices immediately. Please make sure to disable other synchronize solutions to avoid content corruption or duplication.", "main": "main.js", "type": "module", diff --git a/updates.md b/updates.md index 40fb0cd..abce53b 100644 --- a/updates.md +++ b/updates.md @@ -1,14 +1,77 @@ -## 0.24.11 +## 0.24.26 -Peer-to-peer synchronisation has been implemented! +This update introduces an option to circumvent Cross-Origin Resource Sharing +(CORS) constraints for CouchDB requests, by leveraging Obsidian's native request +API. The implementation of such a feature had previously been deferred due to +significant security considerations. -Until now, I have not provided a synchronisation server. More people may not even know that I have shut down the test server. I confess that this is a bit repetitive, but I confess it is a cautionary tale. This is out of a sense of self-discipline that someone has occurred who could see your data. Even if the 'someone' is me. I should not be unaware of its superiority, even though well-meaning and am a servant of all. (Half joking, but also serious). -However, now I can provide you with a signalling server. Because, to the best of my knowledge, it is only the network that is connected to your device. -Also, this signalling server is just a Nostr relay, not my implementation. You can run your implementation, which you consider trustworthy, on a trustworthy server. You do not even have to trust me. Mate, it is great, isn't it? For your information, strfry is running on my signalling server. +CORS is a vital security mechanism, enabling servers like CouchDB -- which +functions as a sophisticated REST API -- to control access from different +origins, thereby ensuring secure communication across trust boundaries. I had +long hesitated to offer a CORS circumvention method, as it deviates from +security best practices; My preference was for users to configure CORS correctly +on the server-side. -Nevertheless, that being said, to be more honest, I still have not decided what to do with this signalling server if too much traffic comes in. +However, this policy has shifted due to specific reports of intractable +CORS-related configuration issues, particularly within enterprise proxy +environments where proxy servers can unpredictably alter or block +communications. Given that a primary objective of the "Self-hosted LiveSync" +plugin is to facilitate secure Obsidian usage within stringent corporate +settings, addressing these 'unavoidable' user-reported problems became +essential. Mostly raison d'être of this plugin. -Note: Already you have noticed this, but let me mention it again, this is a significantly large update. If you have noticed anything, please let me know. I will try to fix it as soon as possible (Some address is on my [profile](https://github.com/vrtmrz)). +Consequently, the option "Use Request API to avoid `inevitable` CORS problem" +has been implemented. Users are strongly advised to enable this _only_ when +operating within a trusted environment. We can enable this option in the `Patch` pane. + +However, just to whisper, this is tremendously fast. + +### New Features + +- Automatic display-language changing according to the Obsidian language + setting. + - We will be asked on the migration or first startup. + - **Note: Please revert to the default language if you report any issues.** + - Not all messages are translated yet. We welcome your contribution! +- Now we can limit files to be synchronised even in the hidden files. +- "Use Request API to avoid `inevitable` CORS problem" has been implemented. + - Less secure, please use it only if you are sure that you are in the trusted + environment and be able to ignore the CORS. No `Web viewer` or similar tools + are recommended. (To avoid the origin forged attack). If you are able to + configure the server setting, always that is recommended. +- `Show status icon instead of file warnings banner` has been implemented. + - If enabled, the ⛔ icon will be shown inside the status instead of the file + warnings banner. No details will be shown. + +### Improved + +- All regular expressions can be inverted by prefixing `!!` now. + +### Fixed + +- No longer unexpected files will be gathered during hidden file sync. +- No longer broken `\n` and new-line characters during the bucket + synchronisation. +- We can purge the remote bucket again if we using MinIO instead of AWS S3 or + Cloudflare R2. +- Purging the remote bucket is now more reliable. + - 100 files are purged at a time. +- Some wrong messages have been fixed. + +### Behaviour changed + +- Entering into the deeper directories to gather the hidden files is now limited + by `/` or `\/` prefixed ignore filters. (It means that directories are scanned + deeper than before). + - However, inside the these directories, the files are still limited by the + ignore filters. + +### Etcetera + +- Some code has been tidied up. +- Trying less warning-suppressing and be more safer-coding. +- Dependent libraries have been updated to the latest version. +- Some build processes have been separated to `pre` and `post` processes. ## 0.24.25 @@ -18,80 +81,58 @@ Note: Already you have noticed this, but let me mention it again, this is a sign ### Fixed -- No longer broken falsy values in settings during set-up by the QR code generation. +- No longer broken falsy values in settings during set-up by the QR code + generation. ### Refactored - Some `window` references now have pointed to `globalThis`. - Some sloppy-import has been fixed. -- A server side implementation `Synchromesh` has been suffixed with `deno` instead of `server` now. +- A server side implementation `Synchromesh` has been suffixed with `deno` + instead of `server` now. ## 0.24.24 ### Fixed -- No longer broken JSON files including `\n`, during the bucket synchronisation. (#623) -- Custom headers and JWT tokens are now correctly sent to the server during configuration checking. (#624) +- No longer broken JSON files including `\n`, during the bucket synchronisation. + (#623) +- Custom headers and JWT tokens are now correctly sent to the server during + configuration checking. (#624) ### Improved -- Bucket synchronisation has been enhanced for better performance and reliability. - - Now less duplicated chunks are sent to the server. - Note: If you have encountered about too less chunks, please let me know. However, you can send it to the server by `Overwrite remote`. - - Fetching conflicted files from the server is now more reliable. - - Dependent libraries have been updated to the latest version. - - Also, let me know if you have encountered any issues with this update. Especially you are using a device that has been in use for a little longer. +- Bucket synchronisation has been enhanced for better performance and + reliability. + - Now less duplicated chunks are sent to the server. Note: If you have + encountered about too less chunks, please let me know. However, you can send + it to the server by `Overwrite remote`. + - Fetching conflicted files from the server is now more reliable. + - Dependent libraries have been updated to the latest version. + - Also, let me know if you have encountered any issues with this update. + Especially you are using a device that has been in use for a little + longer. ## 0.24.23 ### New Feature - Now, we can send custom headers to the server. - - They can be sent to either CouchDB or Object Storage. + - They can be sent to either CouchDB or Object Storage. - Authentication with JWT in CouchDB is now supported. - - I will describe steps later, but please refer to the [CouchDB document](https://docs.couchdb.org/en/stable/config/auth.html#authentication-configuration). - - A JWT keypair for testing can be generated in the setting dialogue. + - I will describe steps later, but please refer to the + [CouchDB document](https://docs.couchdb.org/en/stable/config/auth.html#authentication-configuration). + - A JWT keypair for testing can be generated in the setting dialogue. ### Improved - The QR Code for set-up can be shown also from the setting dialogue now. -- Conflict checking for preventing unexpected overwriting on the boot-up process has been quite faster. +- Conflict checking for preventing unexpected overwriting on the boot-up process + has been quite faster. ### Fixed - Some bugs on Dev and Testing modules have been fixed. -## 0.24.22 ~~0.24.21~~ - -(Really sorry for the confusion. I have got a miss at releasing...). - -### Fixed - -- No longer conflicted files are handled in the boot-up process. No more unexpected overwriting. - - It ignores `Always overwrite with a newer file`, and always be prevented for the safety. Please pick it manually or open the file. -- Some log messages on conflict resolution has been corrected. -- Automatic merge notifications, displayed on the grounds of `same`, have been degraded to logs. - -### Improved - -- Now we can fetch the remote database with keeping local files completely intact. - - In new option, all files are stored into the local database before the fetching, and will be merged automatically or detected as conflicts. -- The dialogue presenting options when performing `Fetch` are now more informative. - -### Refactored - -- Some class methods have been fixed its arguments to be more consistent. -- Types have been defined for some conditional results. - -## 0.24.20 - -### Improved - -- Now we can see the detail of `TypeError` using Obsidian API during remote database access. - -### Behaviour and default changed - -- **NOW INDEED AND ACTUALLY** `Compute revisions for chunks` are backed into enabled again. it is necessary for garbage collection of chunks. - - As far as existing users are concerned, this will not automatically change, but the Doctor will inform us. - -Older notes are in [updates_old.md](https://github.com/vrtmrz/obsidian-livesync/blob/main/updates_old.md). +Older notes are in +[updates_old.md](https://github.com/vrtmrz/obsidian-livesync/blob/main/updates_old.md). diff --git a/updates_old.md b/updates_old.md index 93dcadb..6959c0c 100644 --- a/updates_old.md +++ b/updates_old.md @@ -13,6 +13,49 @@ Finally, I would like to once again express my respect and gratitude to all of y Thank you, and I hope your troubles will be resolved! --- + +## 0.24.22 ~~0.24.21~~ + +(Really sorry for the confusion. I have got a miss at releasing...). + +### Fixed + +- No longer conflicted files are handled in the boot-up process. No more + unexpected overwriting. + - It ignores `Always overwrite with a newer file`, and always be prevented for + the safety. Please pick it manually or open the file. +- Some log messages on conflict resolution has been corrected. +- Automatic merge notifications, displayed on the grounds of `same`, have been + degraded to logs. + +### Improved + +- Now we can fetch the remote database with keeping local files completely + intact. + - In new option, all files are stored into the local database before the + fetching, and will be merged automatically or detected as conflicts. +- The dialogue presenting options when performing `Fetch` are now more + informative. + +### Refactored + +- Some class methods have been fixed its arguments to be more consistent. +- Types have been defined for some conditional results. + +## 0.24.20 + +### Improved + +- Now we can see the detail of `TypeError` using Obsidian API during remote + database access. + +### Behaviour and default changed + +- **NOW INDEED AND ACTUALLY** `Compute revisions for chunks` are backed into + enabled again. it is necessary for garbage collection of chunks. + - As far as existing users are concerned, this will not automatically change, + but the Doctor will inform us. + ## 0.24.19 ### New Feature @@ -145,6 +188,29 @@ And, this is just a single web page, without any server-side code. It is a stati ## 0.24.11 +Peer-to-peer synchronisation has been implemented! + +Until now, I have not provided a synchronisation server. More people may not +even know that I have shut down the test server. I confess that this is a bit +repetitive, but I confess it is a cautionary tale. This is out of a sense of +self-discipline that someone has occurred who could see your data. Even if the +'someone' is me. I should not be unaware of its superiority, even though +well-meaning and am a servant of all. (Half joking, but also serious). However, +now I can provide you with a signalling server. Because, to the best of my +knowledge, it is only the network that is connected to your device. Also, this +signalling server is just a Nostr relay, not my implementation. You can run your +implementation, which you consider trustworthy, on a trustworthy server. You do +not even have to trust me. Mate, it is great, isn't it? For your information, +strfry is running on my signalling server. + +Nevertheless, that being said, to be more honest, I still have not decided what +to do with this signalling server if too much traffic comes in. + +Note: Already you have noticed this, but let me mention it again, this is a +significantly large update. If you have noticed anything, please let me know. I +will try to fix it as soon as possible (Some address is on my +[profile](https://github.com/vrtmrz)). + ### Improved - New Translation: `es` (Spanish) by @zeedif (Thank you so much)!