bump

- CORS Checking messages now use replacements.
- Configuring CORS setting via the UI now respects the existing rules.
- Now startup-checking works correctly again, performs migration check serially and then it will also fix starting LiveSync or start-up sync. (#696)
- Statusline in editor now supported 'Bases'.

manifest.json

@@ -1,7 +1,7 @@
 {
     "id": "obsidian-livesync",
     "name": "Self-hosted LiveSync",
-    "version": "0.25.7",
+    "version": "0.25.9",
     "minAppVersion": "0.9.12",
     "description": "Community implementation of self-hosted livesync. Reflect your vault changes to some other devices immediately. Please make sure to disable other synchronize solutions to avoid content corruption or duplication.",
     "author": "vorotamoroz",

package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "obsidian-livesync",
-    "version": "0.25.7",
+    "version": "0.25.9",
     "lockfileVersion": 2,
     "requires": true,
     "packages": {
         "": {
             "name": "obsidian-livesync",
-            "version": "0.25.7",
+            "version": "0.25.9",
             "license": "MIT",
             "dependencies": {
                 "@aws-sdk/client-s3": "^3.808.0",

package.json

@@ -1,6 +1,6 @@
 {
     "name": "obsidian-livesync",
-    "version": "0.25.7",
+    "version": "0.25.9",
     "description": "Reflect your vault changes to some other devices immediately. Please make sure to disable other synchronize solutions to avoid content corruption or duplication.",
     "main": "main.js",
     "type": "module",

src/modules/core/ModuleFileHandler.ts

@@ -256,19 +256,20 @@ export class ModuleFileHandler extends AbstractModule implements ICoreModule {
             this._log(`File ${path} is not exist on the database`, LOG_LEVEL_VERBOSE);
             return false;
         }
+
+        // If we want to process size mismatched files -- in case of having files created by some integrations, enable the toggle.
+        if (!this.settings.processSizeMismatchedFiles) {
+            // Check the file is not corrupted
+            // (Zero is a special case, may be created by some APIs and it might be acceptable).
+            if (docRead.size != 0 && docRead.size !== readAsBlob(docRead).size) {
+                this._log(`File ${path} seems to be corrupted! Writing prevented.`, LOG_LEVEL_NOTICE);
+                return false;
+            }
+        }
+
         const docData = readContent(docRead);
 
         if (existOnStorage && !force) {
-            // If we want to process size mismatched files -- in case of having files created by some integrations, enable the toggle.
-            if (!this.settings.processSizeMismatchedFiles) {
-                // Check the file is not corrupted
-                // (Zero is a special case, may be created by some APIs and it might be acceptable).
-                if (docRead.size != 0 && docRead.size !== readAsBlob(docRead).size) {
-                    this._log(`File ${path} seems to be corrupted! Writing prevented.`, LOG_LEVEL_NOTICE);
-                    return false;
-                }
-            }
-
             // The file is exist on the storage. Let's check the difference between the file and the entry.
             // But, if force is true, then it should be updated.
             // Ok, we have to compare.

src/modules/essential/ModuleMigration.ts

@@ -15,6 +15,7 @@ import { performDoctorConsultation, RebuildOptions } from "../../lib/src/common/
 import { getPath, isValidPath } from "../../common/utils.ts";
 import { isMetaEntry } from "../../lib/src/common/types.ts";
 import { isDeletedEntry, isDocContentSame, isLoadedEntry, readAsBlob } from "../../lib/src/common/utils.ts";
+import { countCompromisedChunks } from "../../lib/src/pouchdb/negotiation.ts";
 
 export class ModuleMigration extends AbstractModule implements ICoreModule {
     async migrateUsingDoctor(skipRebuild: boolean = false, activateReason = "updated", forceRescan = false) {
@@ -36,11 +37,14 @@ export class ModuleMigration extends AbstractModule implements ICoreModule {
             if (shouldRebuild) {
                 await this.core.rebuilder.scheduleRebuild();
                 await this.core.$$performRestart();
+                return false;
             } else if (shouldRebuildLocal) {
                 await this.core.rebuilder.scheduleFetch();
                 await this.core.$$performRestart();
+                return false;
             }
         }
+        return true;
     }
 
     async migrateDisableBulkSend() {
@@ -100,7 +104,7 @@ export class ModuleMigration extends AbstractModule implements ICoreModule {
         return false;
     }
 
-    async checkIncompleteDocs(force: boolean = false): Promise<boolean> {
+    async hasIncompleteDocs(force: boolean = false): Promise<boolean> {
         const incompleteDocsChecked = (await this.core.kvDB.get<boolean>("checkIncompleteDocs")) || false;
         if (incompleteDocsChecked && !force) {
             this._log("Incomplete docs check already done, skipping.", LOG_LEVEL_VERBOSE);
@@ -215,15 +219,77 @@ export class ModuleMigration extends AbstractModule implements ICoreModule {
         return Promise.resolve(true);
     }
 
+    async hasCompromisedChunks(): Promise<boolean> {
+        Logger(`Checking for compromised chunks...`, LOG_LEVEL_VERBOSE);
+        if (!this.settings.encrypt) {
+            // If not encrypted, we do not need to check for compromised chunks.
+            return true;
+        }
+        // Check local database for compromised chunks
+        const localCompromised = await countCompromisedChunks(this.localDatabase.localDatabase);
+        const remote = this.core.$$getReplicator();
+        const remoteCompromised = await remote.countCompromisedChunks();
+        if (localCompromised === false) {
+            Logger(`Failed to count compromised chunks in local database`, LOG_LEVEL_NOTICE);
+            return false;
+        }
+        if (remoteCompromised === false) {
+            Logger(`Failed to count compromised chunks in remote database`, LOG_LEVEL_NOTICE);
+            return false;
+        }
+        if (remoteCompromised === 0 && localCompromised === 0) {
+            return true;
+        }
+        Logger(
+            `Found compromised chunks : ${localCompromised} in local, ${remoteCompromised} in remote`,
+            LOG_LEVEL_NOTICE
+        );
+        const title = $msg("moduleMigration.insecureChunkExist.title");
+        const msg = $msg("moduleMigration.insecureChunkExist.message");
+        const REBUILD = $msg("moduleMigration.insecureChunkExist.buttons.rebuild");
+        const FETCH = $msg("moduleMigration.insecureChunkExist.buttons.fetch");
+        const DISMISS = $msg("moduleMigration.insecureChunkExist.buttons.later");
+        const buttons = [REBUILD, FETCH, DISMISS];
+        if (remoteCompromised != 0) {
+            buttons.splice(buttons.indexOf(FETCH), 1);
+        }
+        const result = await this.core.confirm.askSelectStringDialogue(msg, buttons, {
+            title,
+            defaultAction: DISMISS,
+            timeout: 0,
+        });
+        if (result === REBUILD) {
+            // Rebuild the database
+            await this.core.rebuilder.scheduleRebuild();
+            await this.core.$$performRestart();
+            return false;
+        } else if (result === FETCH) {
+            // Fetch the latest data from remote
+            await this.core.rebuilder.scheduleFetch();
+            await this.core.$$performRestart();
+            return false;
+        } else {
+            // User chose to dismiss the issue
+            this._log($msg("moduleMigration.insecureChunkExist.laterMessage"), LOG_LEVEL_NOTICE);
+        }
+        return true;
+    }
+
     async $everyOnFirstInitialize(): Promise<boolean> {
         if (!this.localDatabase.isReady) {
             this._log($msg("moduleMigration.logLocalDatabaseNotReady"), LOG_LEVEL_NOTICE);
             return false;
         }
         if (this.settings.isConfigured) {
-            // TODO: Probably we have to check for insecure chunks
-            await this.checkIncompleteDocs();
-            await this.migrateUsingDoctor(false);
+            if (!(await this.hasCompromisedChunks())) {
+                return false;
+            }
+            if (!(await this.hasIncompleteDocs())) {
+                return false;
+            }
+            if (!(await this.migrateUsingDoctor(false))) {
+                return false;
+            }
             // await this.migrationCheck();
             await this.migrateDisableBulkSend();
         }
@@ -233,7 +299,9 @@ export class ModuleMigration extends AbstractModule implements ICoreModule {
                 this._log($msg("moduleMigration.logSetupCancelled"), LOG_LEVEL_NOTICE);
                 return false;
             }
-            await this.migrateUsingDoctor(true);
+            if (!(await this.migrateUsingDoctor(true))) {
+                return false;
+            }
         }
         return true;
     }
@@ -242,7 +310,7 @@ export class ModuleMigration extends AbstractModule implements ICoreModule {
             await this.migrateUsingDoctor(false, reason, true);
         });
         eventHub.onEvent(EVENT_REQUEST_RUN_FIX_INCOMPLETE, async () => {
-            await this.checkIncompleteDocs(true);
+            await this.hasIncompleteDocs(true);
         });
         return Promise.resolve(true);
     }

src/modules/features/SettingDialogue/PaneRemoteConfig.ts

@@ -199,12 +199,16 @@ export function paneRemoteConfig(
             ) {
                 addResult($msg("obsidianLiveSyncSettingTab.okCorsOrigins"));
             } else {
+                const fixedValue = [
+                    ...new Set([
+                        ...ConfiguredOrigins.map((e) => e.trim()),
+                        "app://obsidian.md",
+                        "capacitor://localhost",
+                        "http://localhost",
+                    ]),
+                ].join(",");
                 addResult($msg("obsidianLiveSyncSettingTab.errCorsOrigins"));
-                addConfigFixButton(
-                    $msg("obsidianLiveSyncSettingTab.msgSetCorsOrigins"),
-                    "cors/origins",
-                    "app://obsidian.md,capacitor://localhost,http://localhost"
-                );
+                addConfigFixButton($msg("obsidianLiveSyncSettingTab.msgSetCorsOrigins"), "cors/origins", fixedValue);
                 isSuccessful = false;
             }
             addResult($msg("obsidianLiveSyncSettingTab.msgConnectionCheck"), ["ob-btn-config-head"]);

styles.css

@@ -385,6 +385,18 @@ span.ls-mark-cr::after {
     font-size: 80%;
 }
 
+div.workspace-leaf-content[data-type=bases]  .livesync-status {
+    top: calc(var(--bases-header-height) + var(--header-height));
+    padding: 5px;
+    padding-right:18px;
+}
+
+.is-mobile div.workspace-leaf-content[data-type=bases]  .livesync-status {
+    top: calc(var(--bases-header-height) + var(--view-header-height));
+    padding: 6px;
+    padding-right:18px;
+}
+
 .livesync-status div {
     opacity: 0.6;
     -webkit-filter: grayscale(100%);
@@ -405,6 +417,7 @@ span.ls-mark-cr::after {
     filter: unset;
 }
 
+
 .menu-setting-poweruser-disabled .sls-setting-poweruser {
     display: none;
 }

updates.md

@@ -1,3 +1,35 @@
+## 0.25.9
+
+20th August, 2025
+
+### Fixed
+
+- CORS Checking messages now use replacements.
+- Configuring CORS setting via the UI now respects the existing rules.
+- Now startup-checking works correctly again, performs migration check serially and then it will also fix starting LiveSync or start-up sync. (#696)
+- Statusline in editor now supported 'Bases'.
+
+## 0.25.8
+
+18th August, 2025
+
+### New feature
+
+- Insecure chunk detection has been implemented.
+    - A notification dialogue will be shown if any insecure chunks are detected; these may have been created by v0.25.6 due to its issue. If this dialogue appears, please ensure you rebuild the database after backing it up.
+
+### Fixed
+
+- Unexpected `Failed to obtain PBKDF2 salt` or similar errors during bucket-synchronisation no longer occur.
+- Unexpected long delays for chunk-missing documents when using bucket-synchronisation have been resolved.
+- Fetched remote chunks are now properly stored in the local database if `Fetch chunks on demand` is enabled.
+- The 'fetch' dialogue's message has been refined.
+- No longer overwriting any corrupted documents to the storage on boot-sequence.
+
+### Refactored
+
+- Type errors have been corrected.
+
 ## 0.25.7
 
 15th August, 2025
@@ -86,55 +118,6 @@ In next version, insecure chunk detection will be implemented.
 
 Side note: Although class-oriented programming is sometimes considered an outdated style, However, I have come to re-evaluate it as valuable from the perspectives of maintainability and readability.
 
-## 0.25.4
-
-29th July, 2025
-
-### Fixed
-
-- The PBKDF2Salt is no longer corrupted when attempting replication while the device is offline. (#686)
-    - If this issue has already occurred, please use `Maintenance` -> `Rebuilding Operations (Remote Only)` -> `Overwrite Remote` and `Send` to resolve it.
-    - Please perform this operation on the device that is most reliable.
-    - I am so sorry for the inconvenience; there are no patching workarounds. The rebuilding operation is the only solution.
-        - This issue only affects the encryption of the remote database and does not impact the local databases on any devices.
-        - (Preventing synchronisation is by design and expected behaviour, even if it is sometimes inconvenient. This is also why we should avoid using workarounds; it is, admittedly, an excuse).
-        - In any case, we can unlock the remote from the warning dialogue on receiving devices. We are performing replication, instead of simple synchronisation at the expense of a little complexity (I would love to express thank you again for your every effort to manage and maintain the settings! Your all understanding saves our notes).
-    - This process may require considerable time and bandwidth (as usual), so please wait patiently and ensure a stable network connection.
-
-### Side note
-
-The PBKDF2Salt will be referred to as the `Security Seed`, and it is used to derive the encryption key for replication. Therefore, it should be stored on the server prior to synchronisation. We apologise for the lack of explanation in previous updates!
-
-## 0.25.3
-
-22nd July, 2025
-
-### Fixed
-
-- Now the `Doctor` at migration will save the configuration.
-
-## 0.25.2 ~~0.25.1~~
-
-(0.25.1 was missed due to a mistake in the versioning process).
-19th July, 2025
-
-### Refined and New Features
-
-- Fetching the remote database on `RedFlag` now also retrieves remote configurations optionally.
-    - This is beneficial if we have already set up another device and wish to use the same configuration. We will see a much less frequent `Unmatched` dialogue.
-- The setup wizard using Set-up URI and QR code has been improved.
-    - The message is now more user-friendly.
-    - The obsolete method (manual setting application) has been removed.
-    - The `Cancel` button has been added to the setup wizard.
-    - We can now fetch the remote configuration from the server if it exists, which is useful for adding new devices.
-        - Mostly same as a `RedFlag` fetching remote configuration.
-    - We can also use the `Doctor` to check and fix the imported (and fetched) configuration before applying it.
-
-### Changes
-
-- The Set-up URI is now encrypted with a new encryption algorithm (mostly the same as `V2`).
-    - The new Set-up URI is not compatible with version 0.24.x or earlier.
-
 ## 0.25.0
 
 19th July, 2025 (beta1 in 0.25.0-beta1, 13th July, 2025)

updates_old.md

@@ -9,6 +9,60 @@ I have now rewritten the E2EE code to be more robust and easier to understand. I
 
 As a result, this is the first time in a while that forward compatibility has been broken. We have also taken the opportunity to change all metadata to use encryption rather than obfuscation. Furthermore, the `Dynamic Iteration Count` setting is now redundant and has been moved to the `Patches` pane in the settings. Thanks to Rabin-Karp, the eden setting is also no longer necessary and has been relocated accordingly. Therefore, v0.25.0 represents a legitimate and correct evolution.
 
+---
+
+## 0.25.4
+
+29th July, 2025
+
+### Fixed
+
+- The PBKDF2Salt is no longer corrupted when attempting replication while the device is offline. (#686)
+    - If this issue has already occurred, please use `Maintenance` -> `Rebuilding Operations (Remote Only)` -> `Overwrite Remote` and `Send` to resolve it.
+    - Please perform this operation on the device that is most reliable.
+    - I am so sorry for the inconvenience; there are no patching workarounds. The rebuilding operation is the only solution.
+        - This issue only affects the encryption of the remote database and does not impact the local databases on any devices.
+        - (Preventing synchronisation is by design and expected behaviour, even if it is sometimes inconvenient. This is also why we should avoid using workarounds; it is, admittedly, an excuse).
+        - In any case, we can unlock the remote from the warning dialogue on receiving devices. We are performing replication, instead of simple synchronisation at the expense of a little complexity (I would love to express thank you again for your every effort to manage and maintain the settings! Your all understanding saves our notes).
+    - This process may require considerable time and bandwidth (as usual), so please wait patiently and ensure a stable network connection.
+
+### Side note
+
+The PBKDF2Salt will be referred to as the `Security Seed`, and it is used to derive the encryption key for replication. Therefore, it should be stored on the server prior to synchronisation. We apologise for the lack of explanation in previous updates!
+
+## 0.25.3
+
+22nd July, 2025
+
+### Fixed
+
+- Now the `Doctor` at migration will save the configuration.
+
+## 0.25.2 ~~0.25.1~~
+
+(0.25.1 was missed due to a mistake in the versioning process).
+19th July, 2025
+
+### Refined and New Features
+
+- Fetching the remote database on `RedFlag` now also retrieves remote configurations optionally.
+    - This is beneficial if we have already set up another device and wish to use the same configuration. We will see a much less frequent `Unmatched` dialogue.
+- The setup wizard using Set-up URI and QR code has been improved.
+    - The message is now more user-friendly.
+    - The obsolete method (manual setting application) has been removed.
+    - The `Cancel` button has been added to the setup wizard.
+    - We can now fetch the remote configuration from the server if it exists, which is useful for adding new devices.
+        - Mostly same as a `RedFlag` fetching remote configuration.
+    - We can also use the `Doctor` to check and fix the imported (and fetched) configuration before applying it.
+
+### Changes
+
+- The Set-up URI is now encrypted with a new encryption algorithm (mostly the same as `V2`).
+    - The new Set-up URI is not compatible with version 0.24.x or earlier.
+
+
+## 0.25.0
+
 ### Fixed
 
 - The encryption algorithm now uses HKDF with a master key.
@@ -38,8 +92,6 @@ As a result, this is the first time in a while that forward compatibility has be
 - `couchdb_utils.ts` has been separated into several explicitly named files.
 - Some missing functions in `bgWorker.mock.ts` have been added.
 
-
-
 ## 0.24.0
 
 I know that we have been waiting for a long time. It is finally released!