Awesome Privacy

Recent Commits

• Jakob Borg (05 Apr 24)

  lib/db: Hold update lock while taking snapshot (#9496)

• Jakob Borg (05 Apr 24)

  build: Update dependencies (#9497)

• Syncthing Release Automation (01 Apr 24)

  gui, man, authors: Update docs, translations, and contributors

• Syncthing Release Automation (25 Mar 24)

  gui, man, authors: Update docs, translations, and contributors

• Tim Nordenfur (22 Mar 24)

  Removed no longer relevant Bountysource link (#9480) ### Purpose Bountysource no longer exists and the readme link 404s. This removes the Bountysource link and corresponding readme section. Perhaps the section should instead be replaced by other instructions for voting on features.

• Jakob Borg (21 Mar 24)

  lib/api: Missing return after HTTP error

• Emil Lundberg (21 Mar 24)

  lib/api: Extract session store (#9425) This is an extract from PR #9175, which can be reviewed in isolation to reduce the volume of changes to review all at once in #9175. There are about to be several services and API handlers that read and set cookies and session state, so this abstraction will prove helpful. In particular a motivating cause for this is that with the current architecture in PR #9175, in `api.go` the [`webauthnService` needs to access the session](https://github.com/syncthing/syncthing/pull/9175/files#diff-e2e14f22d818b8e635572ef0ee7718dee875c365e07225d760a6faae8be7772dR309-R310) for authentication purposes but needs to be instantiated before the `configMuxBuilder` for config purposes, because the WebAuthn additions to config management need to perform WebAuthn registration ceremonies, but currently the session management is embedded in the `basicAuthAndSessionMiddleware` which is [instantiated much later](https://github.com/syncthing/syncthing/pull/9175/files#diff-e2e14f22d818b8e635572ef0ee7718dee875c365e07225d760a6faae8be7772dL371-R380) and only if authentication is enabled in `guiCfg`. This refactorization extracts the session management out from `basicAuthAndSessionMiddleware` so that `basicAuthAndSessionMiddleware` and `webauthnService` can both use the same shared session management service to perform session management logic. ### Testing This is a refactorization intended to not change any externally observable behaviour, so existing tests (e.g., `api_auth_test.go`) should cover this where appropriate. I have manually verified that: - Appending `+ "foo"` to the cookie name in `createSession` causes `TestHtmlFormLogin/invalid_URL_returns_403_before_auth_and_404_after_auth` and `TestHtmlFormLogin/UTF-8_auth_works` to fail - Inverting the return value of `hasValidSession` cases a whole bunch of tests in `TestHTTPLogin` and `TestHtmlFormLogin` to fail - (Fixed) Changing the cookie to `MaxAge: 1000` in `destroySession` does NOT cause any tests to fail! - Added tests `TestHtmlFormLogin/Logout_removes_the_session_cookie`, `TestHTTPLogin/*/Logout_removes_the_session_cookie`, `TestHtmlFormLogin/Session_cookie_is_invalid_after_logout` and `TestHTTPLogin/200_path#01/Session_cookie_is_invalid_after_logout` to cover this. - Manually verified that these tests pass both before and after the changes in this PR, and that changing the cookie to `MaxAge: 1000` or not calling `m.tokens.Delete(cookie.Value)` in `destroySession` makes the respective pair of tests fail.

• Syncthing Release Automation (18 Mar 24)

  gui, man, authors: Update docs, translations, and contributors

• Jaspitta (17 Mar 24)

  gui: Open devices on click in Shared With list in folder info (fixes #8972) (#9472)

• Simon Frei (11 Mar 24)

  lib/model: Don't bump seq on error in index handler (#9459)

• Simon Frei (10 Mar 24)

  lib/model: Prevent infinite index sending loop (fixes #9407) (#9458) Explanation of what/why in a code comment. Fixes https://github.com/syncthing/syncthing/issues/9407

• Simon Frei (05 Mar 24)

  lib/scanner: Fix ticker leak in scanner (fixes #9417) (#9451) Move the ticker closer to where it's used and defer stop it to avoid missing a branch. Fixes regression introduced in https://github.com/syncthing/syncthing/commit/2f3eacdb6c1c33650ccdd91f42e842c116200d92 Fixes https://github.com/syncthing/syncthing/issues/9417

• Jakob Borg (04 Mar 24)

  build: Update dependencies (#9448)

• Syncthing Release Automation (04 Mar 24)

  gui, man, authors: Update docs, translations, and contributors

• André Colomb (03 Mar 24)

  gui: Show encryption status for devices sharing folder (ref #8808) (#9355) This re-implements the stalled enhancement from #8808. Thanks @Craeckie for the idea and first implementation draft! If a folder is shared to a device with encryption, add a lock icon in front of the device name under "Shared With" in the folder details panel. Be careful not to add whitespace caused by line wraps in HTML source code, which would defeat the purpose of keeping the icon glued to the name by a non-breaking space. Apply the same lock icon for the list of folders shared with a device.

• André Colomb (03 Mar 24)

  gui: Fix wrapping in "Shared With" / "Folders" lists. (#9438) This change was split off from #9355 as an independent clean-up / fix. See that PR for review discussion, testing, and screenshots. Improve the wrapping of folder labels / device names by going back to word-wrapping, but making sure other spans, such as the trailing comma, do not get separated from the label span. * Avoid adding whitespace caused by line wraps in HTML source code. The different cases within the ng-switch block are separated by newlines for readability, but that gets parsed as whitespace. For wrapping purposes, this should not happen, because then there is no way to keep other HTML parts glued to the name / label in each list entry. * Simplify redundant conditional comma code. The separating comma after a device name or folder label (all but the last) should always stick to it. Use the HTML comment trick to avoid whitespace and therefore a wrapping opportunity caused by the code formatting newline. Thus the conditional comma only needs to be defined once, not in each ng-switch case. * Wrap at word boundaries and only break up words if necessary. Use the overflow-wrap: break-word; style instead of word-break: break-all;. While the latter is suitable for longish paths, breaking device names or folder labels arbitrarily within words is ugly. This also makes the the <sup> numbers actually stay glued to their respective neighboring words. Include legacy CSS alias "word-wrap" in the class definition. * Fix indentation (unrelated).

• Jakob Borg (02 Mar 24)

  github: Convert issue templates into forms (fixes #9442)

• Luke Hamburg (02 Mar 24)

  lib/model: Ignore difference in extended attributes & ownership when deleting (fixes #9371) (#9430) Adds a bool flag to `scanIfItemChanged()` to indicate when the scan was initiated from a delete function, and if so, tell `IsEquivalentOptional()` to ignore Xattrs and Ownership regardless of the global setting. I tested this with my sledgehammer and it seems to pass.

• Jakob Borg (27 Feb 24)

  all: Use own automaxprocs package that doesn't log (ref #9436) (#9437) ### Purpose 🤫

• Thomas (26 Feb 24)

  all: Use Linux container CPU quota (fixes #9357, fixes #9435) (#9436) Go is not cgroup aware and by default will set GOMAXPROCS to the number of available threads, regardless of whether it is within the allocated quota. This behaviour causes high amount of CPU throttling and degraded application performance.

• Jakob Borg (26 Feb 24)

  cmd/syncthing: Remove legacy GOMAXPROCS handling (ref #9436)

• Syncthing Release Automation (26 Feb 24)

  gui, man, authors: Update docs, translations, and contributors

• Beat Reichenbach (22 Feb 24)

  docker: Add support for setting umask (#9429) Add support for setting umask value in the Docker `entrypoint.sh` script. This is useful when not syncing permissions and working with groups, and needing umask values like `002` instead of `022`.

• Syncthing Release Automation (19 Feb 24)

  gui, man, authors: Update docs, translations, and contributors

• Syncthing Release Automation (12 Feb 24)

  gui, man, authors: Update docs, translations, and contributors

• Jakob Borg (11 Feb 24)

  build: Use correct Go version also for script runs (#9414) The changes to go.mod in latest Go 1.21/1.22 are not fully understood by older Go that might be pre-installed on builds, so make sure we always have a modern one in place even for running small release scripts etc.

• Jakob Borg (11 Feb 24)

  lib/api: Deflake TestAPIServiceRequests (#9413) Somewhere along the way, the non-parallel test became parallel, and at that point, timeouts occurred. Parallel is better, so increase the timeout on the offending call a bit...

• Jakob Borg (11 Feb 24)

  lib/model: Deflake new IndexHandlerTest (#9412) The new test has a flakiness factor on slow platforms, where the close on the sending connection races with the last index message, potentially messing up the count. This adds a wait to ensure that all sent messages are received, or the test will eventually fail with a timeout.

• Jakob Borg (10 Feb 24)

  all: Use some Go 1.21 features (#9409)

• Jakob Borg (10 Feb 24)

  lib/model, lib/protocol: Remove FileInfoBatch reuse behavior (#9399)