fix

rename current device property
don't cache index
2026-05-09 07:43:06 +08:00 · 2026-03-26 19:43:34 +00:00 · 2026-03-26 19:40:25 +00:00 · 2026-03-26 18:56:27 +00:00 · 2026-03-26 18:55:58 +00:00 · 2026-03-26 18:33:12 +00:00
67 changed files with 5588 additions and 4109 deletions
@@ -10,76 +10,76 @@
    "format": "prettier --write \"src/**/*.tsx\" \"src/**/*.ts\""
  },
  "dependencies": {
-    "@casl/react": "^4.0.0",
+    "@casl/react": "^5.0.1",
    "@docmost/editor-ext": "workspace:*",
    "@emoji-mart/data": "^1.2.1",
    "@emoji-mart/react": "^1.1.1",
    "@excalidraw/excalidraw": "0.18.0-3a5ef40",
-    "@mantine/core": "^8.3.14",
+    "@mantine/core": "^8.3.18",
-    "@mantine/dates": "^8.3.14",
+    "@mantine/dates": "^8.3.18",
-    "@mantine/form": "^8.3.14",
+    "@mantine/form": "^8.3.18",
-    "@mantine/hooks": "^8.3.14",
+    "@mantine/hooks": "^8.3.18",
-    "@mantine/modals": "^8.3.14",
+    "@mantine/modals": "^8.3.18",
-    "@mantine/notifications": "^8.3.14",
+    "@mantine/notifications": "^8.3.18",
-    "@mantine/spotlight": "^8.3.14",
+    "@mantine/spotlight": "^8.3.18",
-    "@tabler/icons-react": "^3.36.1",
+    "@tabler/icons-react": "^3.40.0",
-    "@tanstack/react-query": "^5.90.17",
+    "@tanstack/react-query": "5.90.17",
    "alfaaz": "^1.1.0",
-    "axios": "^1.13.5",
+    "axios": "^1.13.6",
    "blueimp-load-image": "^5.16.0",
    "clsx": "^2.1.1",
    "emoji-mart": "^5.6.0",
    "file-saver": "^2.0.5",
    "highlightjs-sap-abap": "^0.3.0",
-    "i18next": "^23.16.8",
+    "i18next": "^25.10.1",
-    "i18next-http-backend": "^2.7.3",
+    "i18next-http-backend": "^3.0.2",
-    "jotai": "^2.16.2",
+    "jotai": "^2.18.1",
    "jotai-optics": "^0.4.0",
    "js-cookie": "^3.0.5",
    "jwt-decode": "^4.0.0",
-    "katex": "0.16.27",
+    "katex": "0.16.40",
    "lowlight": "^3.3.0",
    "mantine-form-zod-resolver": "^1.3.0",
-    "mermaid": "^11.12.2",
+    "mermaid": "^11.13.0",
    "mitt": "^3.0.1",
-    "posthog-js": "1.345.5",
+    "posthog-js": "1.363.1",
    "react": "^18.3.1",
    "react-arborist": "3.4.0",
-    "react-clear-modal": "^2.0.17",
+    "react-clear-modal": "^2.0.18",
    "react-dom": "^18.3.1",
    "react-drawio": "^1.0.7",
-    "react-error-boundary": "^4.1.2",
+    "react-error-boundary": "^6.1.1",
-    "react-helmet-async": "^2.0.5",
+    "react-helmet-async": "^3.0.0",
-    "react-i18next": "^15.0.1",
+    "react-i18next": "^16.5.8",
-    "react-router-dom": "^7.12.0",
+    "react-router-dom": "^7.13.1",
-    "semver": "^7.7.3",
+    "semver": "^7.7.4",
    "socket.io-client": "^4.8.3",
    "tiptap-extension-global-drag-handle": "^0.1.18",
    "zod": "^4.3.6"
  },
  "devDependencies": {
-    "@eslint/js": "^9.16.0",
+    "@eslint/js": "^9.28.0",
-    "@tanstack/eslint-plugin-query": "^5.62.1",
+    "@tanstack/eslint-plugin-query": "^5.94.4",
-    "@types/blueimp-load-image": "^5.16.0",
+    "@types/blueimp-load-image": "^5.16.6",
    "@types/file-saver": "^2.0.7",
    "@types/js-cookie": "^3.0.6",
-    "@types/katex": "^0.16.7",
+    "@types/katex": "^0.16.8",
    "@types/node": "22.19.1",
    "@types/react": "^18.3.12",
    "@types/react-dom": "^18.3.1",
-    "@vitejs/plugin-react": "^5.1.1",
+    "@vitejs/plugin-react": "^6.0.0",
-    "eslint": "^9.39.2",
+    "eslint": "^9.28.0",
-    "eslint-plugin-react": "^7.37.2",
+    "eslint-plugin-react": "^7.37.5",
-    "eslint-plugin-react-hooks": "^5.1.0",
+    "eslint-plugin-react-hooks": "^7.0.1",
-    "eslint-plugin-react-refresh": "^0.4.16",
+    "eslint-plugin-react-refresh": "^0.5.2",
    "globals": "^15.13.0",
    "optics-ts": "^2.4.1",
-    "postcss": "^8.4.49",
+    "postcss": "^8.5.8",
-    "postcss-preset-mantine": "^1.17.0",
+    "postcss-preset-mantine": "^1.18.0",
    "postcss-simple-vars": "^7.0.1",
-    "prettier": "^3.4.1",
+    "prettier": "^3.8.1",
-    "typescript": "^5.7.2",
+    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.17.0",
+    "typescript-eslint": "^8.57.1",
-    "vite": "^7.2.4"
+    "vite": "^8.0.1"
  }
 }
@@ -708,5 +708,20 @@
  "Resend verification email": "Resend verification email",
  "Verification email sent. Please check your inbox.": "Verification email sent. Please check your inbox.",
  "Failed to resend verification email. Please try again.": "Failed to resend verification email. Please try again.",
-  "We've sent you an email with your associated workspaces.": "We've sent you an email with your associated workspaces."
+  "We've sent you an email with your associated workspaces.": "We've sent you an email with your associated workspaces.",
  "Load more": "Load more",
  "Log out of all devices": "Log out of all devices",
  "Log out of all sessions except this device": "Log out of all sessions except this device",
  "This Device": "This Device",
  "Unknown device": "Unknown device",
  "No active sessions": "No active sessions",
  "Session revoked": "Session revoked",
  "All other sessions revoked": "All other sessions revoked",
  "Last used": "Last used",
  "Created": "Created",
  "Rename": "Rename",
  "Publish": "Publish",
  "Security": "Security",
  "Enforce SSO": "Enforce SSO",
  "Once enforced, members will not be able to login with email and password.": "Once enforced, members will not be able to login with email and password."
 }
@@ -21,6 +21,7 @@ import { useTranslation } from "react-i18next";
 import JoinedWorkspaces from "@/ee/components/joined-workspaces.tsx";
 import { useJoinedWorkspacesQuery } from "@/ee/cloud/query/cloud-query.ts";
 import { findWorkspacesByEmail } from "@/ee/cloud/service/cloud-service.ts";
 import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";
 const formSchema = z.object({
  hostname: z.string().min(1, { message: "subdomain is required" }),
@@ -82,7 +83,7 @@ export function CloudLoginForm() {
  }
  return (
-    <div>
+    <AuthLayout>
      <Container size={420} className={classes.container}>
        <Box p="xl" className={classes.containerBox}>
          <Title order={2} ta="center" fw={500} mb="md">
@@ -145,12 +146,12 @@ export function CloudLoginForm() {
        </Box>
      </Container>
-      <Text ta="center">
+      <Text ta="center" mb="xl">
        {t("Don't have a workspace?")}{" "}
        <Anchor component={Link} to={APP_ROUTE.AUTH.CREATE_WORKSPACE} fw={500}>
          {t("Create new workspace")}
        </Anchor>
      </Text>
-    </div>
+    </AuthLayout>
  );
 }
@@ -1,6 +1,6 @@
 import { z } from "zod/v4";
-import React from "react";
+import React, { useRef } from "react";
-import { Button, Group, Modal, Textarea } from "@mantine/core";
+import { Button, Divider, Group, Modal, Stack, Textarea } from "@mantine/core";
 import { useForm } from "@mantine/form";
 import { zod4Resolver } from "mantine-form-zod-resolver";
 import { useTranslation } from "react-i18next";
@@ -49,6 +49,7 @@ interface ActivateLicenseFormProps {
 export function ActivateLicenseForm({ onClose }: ActivateLicenseFormProps) {
  const { t } = useTranslation();
  const activateLicenseMutation = useActivateMutation();
  const fileInputRef = useRef<HTMLInputElement>(null);
  const form = useForm<FormValues>({
    validate: zod4Resolver(formSchema),
@@ -63,29 +64,68 @@ export function ActivateLicenseForm({ onClose }: ActivateLicenseFormProps) {
    onClose?.();
  }
  function handleFileUpload(event: React.ChangeEvent<HTMLInputElement>) {
    const file = event.target.files?.[0];
    if (!file) return;
    const reader = new FileReader();
    reader.onload = (e) => {
      const content = (e.target?.result as string)?.trim();
      if (content) {
        form.setFieldValue("licenseKey", content);
        handleSubmit({ licenseKey: content });
      }
    };
    reader.readAsText(file);
    if (fileInputRef.current) {
      fileInputRef.current.value = "";
    }
  }
  return (
    <form onSubmit={form.onSubmit(handleSubmit)}>
-      <Textarea
+      <input
-        label={t("License key")}
+        type="file"
-        description="Enter a valid enterprise license key. Contact sales@docmost.com to purchase one."
+        accept=".txt"
-        placeholder={t("e.g eyJhb.....")}
+        ref={fileInputRef}
-        variant="filled"
+        onChange={handleFileUpload}
-        autosize
+        hidden
        minRows={3}
        maxRows={5}
        data-autofocus
        {...form.getInputProps("licenseKey")}
      />
-      <Group justify="flex-end" mt="md">
+      <Stack gap="xs">
-        <Button
+        <Textarea
-          type="submit"
+          label={t("License key")}
-          disabled={activateLicenseMutation.isPending}
+          placeholder={t("e.g eyJhb.....")}
-          loading={activateLicenseMutation.isPending}
+          variant="filled"
-        >
+          autosize
-          {t("Save")}
+          minRows={3}
-        </Button>
+          maxRows={5}
-      </Group>
+          data-autofocus
          {...form.getInputProps("licenseKey")}
        />
        <Group justify="flex-end">
          <Button
            type="submit"
            disabled={activateLicenseMutation.isPending}
            loading={activateLicenseMutation.isPending}
          >
            {t("Save")}
          </Button>
        </Group>
        <Divider label={t("Or")} labelPosition="center" />
        <Group justify="center">
          <Button
            variant="light"
            onClick={() => fileInputRef.current?.click()}
          >
            {t("Upload license file")}
          </Button>
        </Group>
      </Stack>
    </form>
  );
 }
@@ -68,7 +68,11 @@ export default function OssDetails() {
        </List>
        <Text size="sm" c="dimmed">
-          Contact <a href="mailto:sales@docmost.com?subject=Enterprise%20License%20Inquiry">sales@docmost.com </a> to purchase an enterprise license.
+          Get an enterprise trial key at <a href="https://customers.docmost.com/" target="_blank" rel="noopener noreferrer">customers.docmost.com</a>.
        </Text>
        <Text size="sm" c="dimmed">
          Visit <a href="https://docmost.com/pricing" target="_blank" rel="noopener noreferrer">docmost.com/pricing</a> to purchase an enterprise license.
        </Text>
      </Stack>
    </Stack>
@@ -22,6 +22,7 @@ import APP_ROUTE, { getPostLoginRedirect } from "@/lib/app-route";
 import { useTranslation } from "react-i18next";
 import { z } from "zod/v4";
 import { MfaBackupCodeInput } from "./mfa-backup-code-input";
 import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";
 const formSchema = z.object({
  code: z
@@ -66,6 +67,7 @@ export function MfaChallenge() {
  };
  return (
    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Paper radius="lg" p={40} className={classes.paper}>
        <Stack align="center" gap="xl">
@@ -157,5 +159,6 @@ export function MfaChallenge() {
        </Stack>
      </Paper>
    </Container>
    </AuthLayout>
  );
 }
@@ -5,6 +5,7 @@ import { useTranslation } from "react-i18next";
 import { MfaSetupModal } from "@/ee/mfa";
 import APP_ROUTE, { getPostLoginRedirect } from "@/lib/app-route.ts";
 import { useNavigate } from "react-router-dom";
 import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";
 export default function MfaSetupRequired() {
  const { t } = useTranslation();
@@ -15,6 +16,7 @@ export default function MfaSetupRequired() {
  };
  return (
    <AuthLayout>
    <Container size="sm" py="xl">
      <Paper shadow="sm" p="xl" radius="md" withBorder>
        <Stack>
@@ -44,5 +46,6 @@ export default function MfaSetupRequired() {
        </Stack>
      </Paper>
    </Container>
    </AuthLayout>
  );
 }
@@ -9,6 +9,7 @@ import {
 import { notifications } from "@mantine/notifications";
 import APP_ROUTE from "@/lib/app-route.ts";
 import { useTranslation } from "react-i18next";
 import { AuthLayout } from "@/features/auth/components/auth-layout.tsx";
 export default function VerifyEmail() {
  const { t } = useTranslation();
@@ -59,20 +60,23 @@ export default function VerifyEmail() {
  if (token) {
    return (
-      <Container size={420} className={classes.container}>
+      <AuthLayout>
-        <Box p="xl" className={classes.containerBox}>
+        <Container size={420} className={classes.container}>
-          <Title order={2} ta="center" fw={500} mb="md">
+          <Box p="xl" className={classes.containerBox}>
-            {t("Verifying your email")}
+            <Title order={2} ta="center" fw={500} mb="md">
-          </Title>
+              {t("Verifying your email")}
-          <Text ta="center" c="dimmed">
+            </Title>
-            {t("Please wait...")}
+            <Text ta="center" c="dimmed">
-          </Text>
+              {t("Please wait...")}
-        </Box>
+            </Text>
-      </Container>
+          </Box>
        </Container>
      </AuthLayout>
    );
  }
  return (
    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -103,5 +107,6 @@ export default function VerifyEmail() {
        )}
      </Box>
    </Container>
    </AuthLayout>
  );
 }
@@ -0,0 +1,26 @@
 import React from "react";
 import { Group, Text } from "@mantine/core";
 import classes from "./auth.module.css";
 type AuthLayoutProps = {
  children: React.ReactNode;
 };
 export function AuthLayout({ children }: AuthLayoutProps) {
  return (
    <>
      <Group justify="center" gap={8} className={classes.logo}>
        <img
          src="/icons/favicon-32x32.png"
          alt="Docmost"
          width={22}
          height={22}
        />
        <Text size="28px" fw={700} style={{ userSelect: "none" }}>
          Docmost
        </Text>
      </Group>
      {children}
    </>
  );
 }
@@ -1,12 +1,20 @@
 .logo {
    margin-top: 80px;
    @media (max-width: $mantine-breakpoint-sm) {
        margin-top: 30px;
    }
 }
 .container {
    box-shadow: rgba(0, 0, 0, 0.07) 0px 2px 45px 4px;
    border-radius: 4px;
    background: light-dark(var(--mantine-color-body), rgba(0, 0, 0, 0.1));
-    margin-top: 150px;
+    margin-top: 40px;
    margin-bottom: 20px;
    @media (max-width: $mantine-breakpoint-sm) {
-        margin-top: 50px;
+        margin-top: 20px;
        margin-bottom: 20px;
    }
 }
@@ -7,6 +7,7 @@ import { Box, Button, Container, Text, TextInput, Title } from "@mantine/core";
 import classes from "./auth.module.css";
 import { useRedirectIfAuthenticated } from "@/features/auth/hooks/use-redirect-if-authenticated.ts";
 import { useTranslation } from "react-i18next";
 import { AuthLayout } from "./auth-layout.tsx";
 const formSchema = z.object({
  email: z
@@ -35,6 +36,7 @@ export function ForgotPasswordForm() {
  }
  return (
    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -69,5 +71,6 @@ export function ForgotPasswordForm() {
        </form>
      </Box>
    </Container>
    </AuthLayout>
  );
 }
@@ -19,6 +19,7 @@ import { useGetInvitationQuery } from "@/features/workspace/queries/workspace-qu
 import { useRedirectIfAuthenticated } from "@/features/auth/hooks/use-redirect-if-authenticated.ts";
 import { useTranslation } from "react-i18next";
 import SsoLogin from "@/ee/components/sso-login.tsx";
 import { AuthLayout } from "./auth-layout.tsx";
 const formSchema = z.object({
  name: z.string().trim().min(1),
@@ -66,6 +67,7 @@ export function InviteSignUpForm() {
  }
  return (
    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -111,5 +113,6 @@ export function InviteSignUpForm() {
        )}
      </Box>
    </Container>
    </AuthLayout>
  );
 }
@@ -21,6 +21,7 @@ import SsoLogin from "@/ee/components/sso-login.tsx";
 import { useWorkspacePublicDataQuery } from "@/features/workspace/queries/workspace-query.ts";
 import { Error404 } from "@/components/ui/error-404.tsx";
 import React from "react";
 import { AuthLayout } from "./auth-layout.tsx";
 const formSchema = z.object({
  email: z
@@ -62,52 +63,54 @@ export function LoginForm() {
  }
  return (
-    <Container size={420} className={classes.container}>
+    <AuthLayout>
-      <Box p="xl" className={classes.containerBox}>
+      <Container size={420} className={classes.container}>
-        <Title order={2} ta="center" fw={500} mb="md">
+        <Box p="xl" className={classes.containerBox}>
-          {t("Login")}
+          <Title order={2} ta="center" fw={500} mb="md">
-        </Title>
+            {t("Login")}
          </Title>
-        <SsoLogin />
+          <SsoLogin />
-        {!data?.enforceSso && (
+          {!data?.enforceSso && (
-          <>
+            <>
-            <form onSubmit={form.onSubmit(onSubmit)}>
+              <form onSubmit={form.onSubmit(onSubmit)}>
-              <TextInput
+                <TextInput
-                id="email"
+                  id="email"
-                type="email"
+                  type="email"
-                label={t("Email")}
+                  label={t("Email")}
-                placeholder="email@example.com"
+                  placeholder="email@example.com"
-                variant="filled"
+                  variant="filled"
-                {...form.getInputProps("email")}
+                  {...form.getInputProps("email")}
-              />
+                />
-              <PasswordInput
+                <PasswordInput
-                label={t("Password")}
+                  label={t("Password")}
-                placeholder={t("Your password")}
+                  placeholder={t("Your password")}
-                variant="filled"
+                  variant="filled"
-                mt="md"
+                  mt="md"
-                {...form.getInputProps("password")}
+                  {...form.getInputProps("password")}
-              />
+                />
-              <Group justify="flex-end" mt="sm">
+                <Group justify="flex-end" mt="sm">
-                <Anchor
+                  <Anchor
-                  to={APP_ROUTE.AUTH.FORGOT_PASSWORD}
+                    to={APP_ROUTE.AUTH.FORGOT_PASSWORD}
-                  component={Link}
+                    component={Link}
-                  underline="never"
+                    underline="never"
-                  size="sm"
+                    size="sm"
-                >
+                  >
-                  {t("Forgot your password?")}
+                    {t("Forgot your password?")}
-                </Anchor>
+                  </Anchor>
-              </Group>
+                </Group>
-              <Button type="submit" fullWidth mt="md" loading={isLoading}>
+                <Button type="submit" fullWidth mt="md" loading={isLoading}>
-                {t("Sign In")}
+                  {t("Sign In")}
-              </Button>
+                </Button>
-            </form>
+              </form>
-          </>
+            </>
-        )}
+          )}
-      </Box>
+        </Box>
-    </Container>
+      </Container>
    </AuthLayout>
  );
 }
@@ -6,6 +6,7 @@ import { Box, Button, Container, PasswordInput, Title } from "@mantine/core";
 import classes from "./auth.module.css";
 import { useRedirectIfAuthenticated } from "@/features/auth/hooks/use-redirect-if-authenticated.ts";
 import { useTranslation } from "react-i18next";
 import { AuthLayout } from "./auth-layout.tsx";
 const formSchema = z.object({
  newPassword: z
@@ -38,6 +39,7 @@ export function PasswordResetForm({ resetToken }: PasswordResetFormProps) {
  }
  return (
    <AuthLayout>
    <Container size={420} className={classes.container}>
      <Box p="xl" className={classes.containerBox}>
        <Title order={2} ta="center" fw={500} mb="md">
@@ -59,5 +61,6 @@ export function PasswordResetForm({ resetToken }: PasswordResetFormProps) {
        </form>
      </Box>
    </Container>
    </AuthLayout>
  );
 }
@@ -19,6 +19,7 @@ import SsoCloudSignup from "@/ee/components/sso-cloud-signup.tsx";
 import { isCloud } from "@/lib/config.ts";
 import { Link } from "react-router-dom";
 import APP_ROUTE from "@/lib/app-route.ts";
 import { AuthLayout } from "./auth-layout.tsx";
 const formSchema = z.object({
  workspaceName: z.string().trim().max(50).optional(),
@@ -50,7 +51,7 @@ export function SetupWorkspaceForm() {
  }
  return (
-    <div>
+    <AuthLayout>
      <Container size={420} className={classes.container}>
        <Box p="xl" className={classes.containerBox}>
          <Title order={2} ta="center" fw={500} mb="md">
@@ -117,6 +118,6 @@ export function SetupWorkspaceForm() {
          </Anchor>
        </Text>
      )}
-    </div>
+    </AuthLayout>
  );
 }
@@ -8,6 +8,7 @@ import {
 } from "@/features/editor/components/table/types/types.ts";
 import {
  ActionIcon,
  LoadingOverlay,
  Modal,
  Text,
  Tooltip,
@@ -46,6 +47,8 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
  const computedColorScheme = useComputedColorScheme();
  const isDirtyRef = useRef(false);
  const isSavingRef = useRef(false);
  const [isSaving, setIsSaving] = useState(false);
  const [isLoading, setIsLoading] = useState(false);
  const editorState = useEditorState({
    editor,
@@ -140,6 +143,7 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
    if (isSavingRef.current) return;
    isSavingRef.current = true;
    setIsSaving(true);
    try {
      const svgString = decodeBase64ToSvgString(svgXml);
@@ -167,6 +171,7 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
      isDirtyRef.current = false;
    } finally {
      isSavingRef.current = false;
      setIsSaving(false);
    }
  }, [editor, editorState?.attachmentId]);
@@ -196,6 +201,7 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
  const handleOpen = useCallback(async () => {
    if (!editorState?.src) return;
    setIsLoading(true);
    try {
      const url = getFileUrl(editorState.src);
      const request = await fetch(url, {
@@ -213,6 +219,7 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
    } catch (err) {
      console.error(err);
    } finally {
      setIsLoading(false);
      isDirtyRef.current = false;
      open();
    }
@@ -307,6 +314,7 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
              size="lg"
              aria-label={t("Edit")}
              variant="subtle"
              loading={isLoading}
            >
              <IconEdit size={18} />
            </ActionIcon>
@@ -339,7 +347,8 @@ export function DrawioMenu({ editor }: EditorMenuProps) {
      <Modal.Root opened={opened} onClose={handleClose} fullScreen closeOnEscape={false}>
        <Modal.Overlay />
        <Modal.Content style={{ overflow: "hidden" }}>
-          <Modal.Body>
+          <Modal.Body pos="relative">
            <LoadingOverlay visible={isSaving} />
            <div style={{ height: "100vh" }}>
              <DrawIoEmbed
                ref={drawioRef}
@@ -2,6 +2,7 @@ import { NodeViewProps, NodeViewWrapper } from "@tiptap/react";
 import {
  ActionIcon,
  Card,
  LoadingOverlay,
  Modal,
  Text,
  useComputedColorScheme,
@@ -34,6 +35,7 @@ export default function DrawioView(props: NodeViewProps) {
  const computedColorScheme = useComputedColorScheme();
  const isDirtyRef = useRef(false);
  const isSavingRef = useRef(false);
  const [isSaving, setIsSaving] = useState(false);
  const handleOpen = async () => {
    if (!editor.isEditable) {
@@ -47,6 +49,7 @@ export default function DrawioView(props: NodeViewProps) {
    if (isSavingRef.current) return;
    isSavingRef.current = true;
    setIsSaving(true);
    try {
      const svgString = decodeBase64ToSvgString(svgXml);
@@ -79,6 +82,7 @@ export default function DrawioView(props: NodeViewProps) {
      isDirtyRef.current = false;
    } finally {
      isSavingRef.current = false;
      setIsSaving(false);
    }
  };
@@ -136,7 +140,8 @@ export default function DrawioView(props: NodeViewProps) {
      <Modal.Root opened={opened} onClose={handleClose} fullScreen closeOnEscape={false}>
        <Modal.Overlay />
        <Modal.Content style={{ overflow: "hidden" }}>
-          <Modal.Body>
+          <Modal.Body pos="relative">
            <LoadingOverlay visible={isSaving} />
            <div style={{ height: "100vh" }}>
              <DrawIoEmbed
                ref={drawioRef}
@@ -56,6 +56,8 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
  const computedColorScheme = useComputedColorScheme();
  const isDirtyRef = useRef(false);
  const isSavingRef = useRef(false);
  const [isSaving, setIsSaving] = useState(false);
  const [isLoading, setIsLoading] = useState(false);
  const isInitialLoadRef = useRef(true);
  const lastFingerprintRef = useRef("");
@@ -153,6 +155,7 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
  const handleOpen = useCallback(async () => {
    if (!editorState?.src) return;
    setIsLoading(true);
    try {
      const url = getFileUrl(editorState.src);
      const request = await fetch(url, {
@@ -166,6 +169,7 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
    } catch (err) {
      console.error(err);
    } finally {
      setIsLoading(false);
      isDirtyRef.current = false;
      isInitialLoadRef.current = true;
      open();
@@ -178,6 +182,7 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
    }
    isSavingRef.current = true;
    setIsSaving(true);
    try {
      const { exportToSvg } = await import("@excalidraw/excalidraw");
@@ -223,6 +228,7 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
      isDirtyRef.current = false;
    } finally {
      isSavingRef.current = false;
      setIsSaving(false);
    }
  }, [editor, excalidrawAPI, editorState?.attachmentId]);
@@ -339,6 +345,7 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
              size="lg"
              aria-label={t("Edit")}
              variant="subtle"
              loading={isLoading}
            >
              <IconEdit size={18} />
            </ActionIcon>
@@ -390,7 +397,7 @@ export function ExcalidrawMenu({ editor }: EditorMenuProps) {
          bg="var(--mantine-color-body)"
          p="xs"
        >
-          <Button onClick={handleSaveAndExit} size={"compact-sm"}>
+          <Button onClick={handleSaveAndExit} size={"compact-sm"} loading={isSaving}>
            {t("Save & Exit")}
          </Button>
          <Button onClick={handleClose} color="red" size={"compact-sm"}>
@@ -52,6 +52,7 @@ export default function ExcalidrawView(props: NodeViewProps) {
  const isDirtyRef = useRef(false);
  const isSavingRef = useRef(false);
  const [isSaving, setIsSaving] = useState(false);
  const isInitialLoadRef = useRef(true);
  const lastFingerprintRef = useRef("");
@@ -70,6 +71,7 @@ export default function ExcalidrawView(props: NodeViewProps) {
    }
    isSavingRef.current = true;
    setIsSaving(true);
    try {
      const { exportToSvg } = await import("@excalidraw/excalidraw");
@@ -120,6 +122,7 @@ export default function ExcalidrawView(props: NodeViewProps) {
      isDirtyRef.current = false;
    } finally {
      isSavingRef.current = false;
      setIsSaving(false);
    }
  }, [excalidrawAPI, editor, attachmentId, updateAttributes]);
@@ -191,7 +194,7 @@ export default function ExcalidrawView(props: NodeViewProps) {
          bg="var(--mantine-color-body)"
          p="xs"
        >
-          <Button onClick={handleSaveAndExit} size={"compact-sm"}>
+          <Button onClick={handleSaveAndExit} size={"compact-sm"} loading={isSaving}>
            {t("Save & Exit")}
          </Button>
          <Button onClick={handleClose} color="red" size={"compact-sm"}>
@@ -5,7 +5,7 @@ import { useAtom } from "jotai";
 import { isTextSelected } from "@docmost/editor-ext";
 import { showLinkMenuAtom } from "@/features/editor/atoms/editor-atoms";
 import { LinkEditorPanel } from "@/features/editor/components/link/link-editor-panel";
-import { normalizeUrl } from "@/features/editor/components/link/link-view";
+import { normalizeUrl } from "@/lib/utils";
 import { TextSelection } from "@tiptap/pm/state";
 import { Paper } from "@mantine/core";
@@ -29,12 +29,7 @@ import { useSharePageQuery } from "@/features/share/queries/share-query.ts";
 import { buildSharedPageUrl } from "@/features/page/page.utils.ts";
 import { extractPageSlugId } from "@/lib";
 import { sanitizeUrl, copyToClipboard } from "@docmost/editor-ext";
-
+import { normalizeUrl } from "@/lib/utils";
 export const normalizeUrl = (url: string): string => {
  if (!url) return url;
  if (url.startsWith("/") || /^(\S+):(\/\/)?\S+$/.test(url)) return url;
  return `https://${url}`;
 };
 const parseInternalLink = (
  href: string,
@@ -110,15 +110,7 @@ export function useUpdatePageMutation() {
  return useMutation<IPage, Error, Partial<IPageInput>>({
    mutationFn: (data) => updatePage(data),
    onSuccess: (data) => {
-      updatePage(data);
+      updatePageData(data);
      invalidateOnUpdatePage(
        data.spaceId,
        data.parentPageId,
        data.id,
        data.title,
        data.icon,
      );
    },
  });
 }
@@ -0,0 +1,165 @@
 import { useState } from "react";
 import {
  Button,
  Divider,
  Group,
  Skeleton,
  Stack,
  Table,
  Text,
 } from "@mantine/core";
 import { IconDevices } from "@tabler/icons-react";
 import { useTranslation } from "react-i18next";
 import {
  useGetSessionsQuery,
  useRevokeSessionMutation,
  useRevokeAllSessionsMutation,
 } from "@/features/session/queries/session-query";
 import { formattedDate } from "@/lib/time";
 const PAGE_SIZE = 5;
 export default function SessionList() {
  const { t } = useTranslation();
  const { data: sessions, isLoading } = useGetSessionsQuery();
  const revokeSessionMutation = useRevokeSessionMutation();
  const revokeAllSessionsMutation = useRevokeAllSessionsMutation();
  const [visibleCount, setVisibleCount] = useState(PAGE_SIZE);
  const otherSessions = sessions?.filter((s) => !s?.isCurrentDevice) ?? [];
  const visibleSessions = sessions?.slice(0, visibleCount) ?? [];
  const hasMore = sessions && visibleCount < sessions.length;
  if (isLoading) {
    return (
      <Table verticalSpacing="md">
        <Table.Thead>
          <Table.Tr>
            <Table.Th>{t("Device Name")}</Table.Th>
            <Table.Th>{t("Last Active")}</Table.Th>
            <Table.Th />
          </Table.Tr>
        </Table.Thead>
        <Table.Tbody>
          {[1, 2, 3].map((i) => (
            <Table.Tr key={i}>
              <Table.Td>
                <Group gap="xs">
                  <Skeleton height={18} width={18} radius="sm" />
                  <Skeleton height={14} width={140} radius="xs" />
                </Group>
              </Table.Td>
              <Table.Td>
                <Skeleton height={14} width={120} radius="xs" />
              </Table.Td>
              <Table.Td>
                <Skeleton height={30} width={70} radius="sm" />
              </Table.Td>
            </Table.Tr>
          ))}
        </Table.Tbody>
      </Table>
    );
  }
  return (
    <Stack>
      {otherSessions.length > 0 && (
        <>
          <div>
            <Text fw={500}>{t("Log out of all devices")}</Text>
            <Group justify="space-between" align="center" mt={4}>
              <Text size="sm" c="dimmed">
                {t(
                  "Log out of all sessions except this device",
                )}
              </Text>
              <Button
                variant="outline"
                color="red"
                size="xs"
                loading={revokeAllSessionsMutation.isPending}
                onClick={() => revokeAllSessionsMutation.mutate()}
              >
                {t("Log out of all devices")}
              </Button>
            </Group>
          </div>
          <Divider />
        </>
      )}
      <Table verticalSpacing="md">
        <Table.Thead>
          <Table.Tr>
            <Table.Th>{t("Device Name")}</Table.Th>
            <Table.Th>{t("Last Active")}</Table.Th>
            {otherSessions.length > 0 && <Table.Th />}
          </Table.Tr>
        </Table.Thead>
        <Table.Tbody>
          {visibleSessions.map((session) => (
            <Table.Tr key={session.id}>
              <Table.Td>
                <Group gap="xs">
                  <IconDevices size={18} stroke={1.5} />
                  <div>
                    <Text size="sm">
                      {session.deviceName || t("Unknown device")}
                    </Text>
                    {session?.isCurrentDevice && (
                      <Text size="xs" c="blue">
                        {t("This Device")}
                      </Text>
                    )}
                  </div>
                </Group>
              </Table.Td>
              <Table.Td>
                <Text size="sm">
                  {session?.isCurrentDevice
                    ? t("Now")
                    : formattedDate(new Date(session.lastActiveAt))}
                </Text>
              </Table.Td>
              {otherSessions.length > 0 && (
                <Table.Td>
                  {!session?.isCurrentDevice && (
                    <Button
                      variant="outline"
                      size="xs"
                      loading={revokeSessionMutation.isPending}
                      onClick={() =>
                        revokeSessionMutation.mutate({
                          sessionId: session.id,
                        })
                      }
                    >
                      {t("Log out")}
                    </Button>
                  )}
                </Table.Td>
              )}
            </Table.Tr>
          ))}
        </Table.Tbody>
      </Table>
      {hasMore && (
        <Button
          variant="subtle"
          size="xs"
          onClick={() => setVisibleCount((c) => c + PAGE_SIZE)}
        >
          {t("Load more")}
        </Button>
      )}
      {(!sessions || sessions.length === 0) && (
        <Text size="sm" c="dimmed" ta="center">
          {t("No active sessions")}
        </Text>
      )}
    </Stack>
  );
 }
@@ -0,0 +1,55 @@
 import {
  useMutation,
  useQuery,
  useQueryClient,
  UseQueryResult,
 } from "@tanstack/react-query";
 import {
  getSessions,
  revokeSession,
  revokeAllSessions,
 } from "@/features/session/services/session-service";
 import { ISession } from "@/features/session/types/session.types";
 import { notifications } from "@mantine/notifications";
 import { useTranslation } from "react-i18next";
 export function useGetSessionsQuery(): UseQueryResult<ISession[], Error> {
  return useQuery({
    queryKey: ["session-list"],
    queryFn: () => getSessions(),
  });
 }
 export function useRevokeSessionMutation() {
  const queryClient = useQueryClient();
  const { t } = useTranslation();
  return useMutation<void, Error, { sessionId: string }>({
    mutationFn: (data) => revokeSession(data),
    onSuccess: () => {
      notifications.show({ message: t("Session revoked") });
      queryClient.invalidateQueries({ queryKey: ["session-list"] });
    },
    onError: (error) => {
      const errorMessage = error["response"]?.data?.message;
      notifications.show({ message: errorMessage, color: "red" });
    },
  });
 }
 export function useRevokeAllSessionsMutation() {
  const queryClient = useQueryClient();
  const { t } = useTranslation();
  return useMutation<void, Error, void>({
    mutationFn: () => revokeAllSessions(),
    onSuccess: () => {
      notifications.show({ message: t("All other sessions revoked") });
      queryClient.invalidateQueries({ queryKey: ["session-list"] });
    },
    onError: (error) => {
      const errorMessage = error["response"]?.data?.message;
      notifications.show({ message: errorMessage, color: "red" });
    },
  });
 }
@@ -0,0 +1,17 @@
 import api from "@/lib/api-client";
 import { ISession } from "@/features/session/types/session.types";
 export async function getSessions(): Promise<ISession[]> {
  const req = await api.post<{ sessions: ISession[] }>("/sessions");
  return req.data.sessions;
 }
 export async function revokeSession(data: {
  sessionId: string;
 }): Promise<void> {
  await api.post("/sessions/revoke", data);
 }
 export async function revokeAllSessions(): Promise<void> {
  await api.post("/sessions/revoke-all");
 }
@@ -0,0 +1,8 @@
 export type ISession = {
  id: string;
  deviceName: string | null;
  geoLocation: string | null;
  lastActiveAt: string;
  createdAt: string;
  isCurrentDevice?: boolean;
 };
@@ -1,9 +1,8 @@
 import { useAtom } from "jotai";
 import { focusAtom } from "jotai-optics";
 import { z } from "zod/v4";
 import { useForm } from "@mantine/form";
 import { zod4Resolver } from "mantine-form-zod-resolver";
-import { currentUserAtom } from "@/features/user/atoms/current-user-atom.ts";
+import { userAtom } from "@/features/user/atoms/current-user-atom.ts";
 import { updateUser } from "@/features/user/services/user-service.ts";
 import { IUser } from "@/features/user/types/user.types.ts";
 import { useState } from "react";
@@ -17,18 +16,15 @@ const formSchema = z.object({
 type FormValues = z.infer<typeof formSchema>;
 const userAtom = focusAtom(currentUserAtom, (optic) => optic.prop("user"));
 export default function AccountNameForm() {
  const { t } = useTranslation();
  const [isLoading, setIsLoading] = useState(false);
-  const [currentUser] = useAtom(currentUserAtom);
+  const [user, setUser] = useAtom(userAtom);
  const [, setUser] = useAtom(userAtom);
  const form = useForm<FormValues>({
    validate: zod4Resolver(formSchema),
    initialValues: {
-      name: currentUser?.user.name,
+      name: user?.name,
    },
  });
@@ -74,8 +74,12 @@ function redirectToLogin() {
  ];
  if (!exemptPaths.some((path) => window.location.pathname.startsWith(path))) {
    const redirectTo = window.location.pathname;
-    const params = new URLSearchParams({ redirect: redirectTo });
+    if (redirectTo === APP_ROUTE.HOME) {
-    window.location.href = `${APP_ROUTE.AUTH.LOGIN}?${params.toString()}`;
+      window.location.href = APP_ROUTE.AUTH.LOGIN;
    } else {
      const params = new URLSearchParams({ redirect: redirectTo });
      window.location.href = `${APP_ROUTE.AUTH.LOGIN}?${params.toString()}`;
    }
  }
 }
@@ -1,6 +1,7 @@
 import bytes from "bytes";
 import { castToBoolean } from "@/lib/utils.tsx";
 import { AvatarIconType } from "@/features/attachments/types/attachment.types.ts";
 import { sanitizeUrl } from "@docmost/editor-ext";
 declare global {
  interface Window {
@@ -66,7 +67,7 @@ export function getFileUrl(src: string) {
  if (src.startsWith("/files/")) {
    return getBackendUrl() + src;
  }
-  return src;
+  return sanitizeUrl(src);
 }
 export function getFileUploadSizeLimit() {
@@ -94,6 +94,12 @@ export function getPageIcon(icon: string, size = 18): string | ReactNode {
  );
 }
 export const normalizeUrl = (url: string): string => {
  if (!url) return url;
  if (url.startsWith("/") || /^[a-zA-Z][a-zA-Z0-9+.-]*:/.test(url)) return url;
  return `https://${url}`;
 };
 export function castToBoolean(value: unknown): boolean {
  if (value == null) {
    return false;
@@ -8,6 +8,7 @@ import { getAppName } from "@/lib/config.ts";
 import { Helmet } from "react-helmet-async";
 import { useTranslation } from "react-i18next";
 import { AccountMfaSection } from "@/features/user/components/account-mfa-section";
 import SessionList from "@/features/session/components/session-list";
 export default function AccountSettings() {
  const { t } = useTranslation();
@@ -36,6 +37,10 @@ export default function AccountSettings() {
      <Divider my="lg" />
      <AccountMfaSection />
      <Divider my="lg" />
      <SessionList />
    </>
  );
 }
@@ -2,7 +2,7 @@ import { defineConfig, loadEnv } from "vite";
 import react from "@vitejs/plugin-react";
 import * as path from "path";
-export const envPath = path.resolve(process.cwd(), "..", "..");
+const envPath = path.resolve(process.cwd(), "..", "..");
 export default defineConfig(({ mode }) => {
  const {
@@ -35,6 +35,20 @@ export default defineConfig(({ mode }) => {
      APP_VERSION: JSON.stringify(process.env.npm_package_version),
    },
    plugins: [react()],
    build: {
      rolldownOptions: {
        output: {
          codeSplitting: {
            groups: [
              { name: "vendor-mantine", test: /@mantine/ },
              { name: "vendor-mermaid", test: /mermaid|cytoscape|elkjs/ },
              { name: "vendor-excalidraw", test: /excalidraw/ },
              { name: "vendor-katex", test: /katex/ },
            ],
          },
        },
      },
    },
    resolve: {
      alias: {
        "@": "/src",
@@ -30,123 +30,124 @@
    "test:e2e": "jest --config test/jest-e2e.json"
  },
  "dependencies": {
-    "@ai-sdk/google": "^3.0.29",
+    "@ai-sdk/google": "^3.0.52",
-    "@ai-sdk/openai": "^3.0.29",
+    "@ai-sdk/openai": "^3.0.47",
-    "@ai-sdk/openai-compatible": "^2.0.30",
+    "@ai-sdk/openai-compatible": "^2.0.37",
-    "@aws-sdk/client-s3": "3.1000.0",
+    "@aws-sdk/client-s3": "3.1014.0",
-    "@aws-sdk/lib-storage": "3.1000.0",
+    "@aws-sdk/lib-storage": "3.1014.0",
-    "@aws-sdk/s3-request-presigner": "3.1000.0",
+    "@aws-sdk/s3-request-presigner": "3.1014.0",
-    "@clickhouse/client": "^1.17.0",
+    "@clickhouse/client": "^1.18.2",
    "@fastify/cookie": "^11.0.2",
    "@fastify/multipart": "^9.4.0",
    "@fastify/static": "^9.0.0",
    "@keyv/redis": "^5.1.6",
-    "@langchain/core": "1.1.29",
+    "@langchain/core": "1.1.34",
    "@langchain/textsplitters": "1.0.1",
    "@modelcontextprotocol/sdk": "^1.27.1",
    "@nestjs-labs/nestjs-ioredis": "^11.0.4",
    "@nestjs/bullmq": "^11.0.4",
    "@nestjs/cache-manager": "^3.1.0",
-    "@nestjs/common": "^11.1.14",
+    "@nestjs/common": "^11.1.17",
    "@nestjs/config": "^4.0.3",
-    "@nestjs/core": "^11.1.14",
+    "@nestjs/core": "^11.1.17",
    "@nestjs/event-emitter": "^3.0.1",
-    "@nestjs/jwt": "11.0.0",
+    "@nestjs/jwt": "11.0.2",
    "@nestjs/mapped-types": "^2.1.0",
    "@nestjs/passport": "^11.0.5",
-    "@nestjs/platform-fastify": "^11.1.14",
+    "@nestjs/platform-fastify": "^11.1.17",
-    "@nestjs/platform-socket.io": "^11.1.14",
+    "@nestjs/platform-socket.io": "^11.1.17",
    "@nestjs/schedule": "^6.1.1",
    "@nestjs/terminus": "^11.1.1",
-    "@nestjs/websockets": "^11.1.14",
+    "@nestjs/websockets": "^11.1.17",
    "@node-saml/passport-saml": "^5.1.0",
-    "@react-email/components": "1.0.7",
+    "@react-email/components": "1.0.10",
    "@react-email/render": "2.0.4",
    "@socket.io/redis-adapter": "^8.3.0",
-    "ai": "^6.0.86",
+    "ai": "^6.0.134",
-    "ai-sdk-ollama": "^3.7.0",
+    "ai-sdk-ollama": "^3.8.1",
    "bcrypt": "^6.0.0",
-    "bullmq": "^5.70.1",
+    "bowser": "^2.14.1",
    "bullmq": "^5.71.0",
    "cache-manager": "^7.2.8",
    "cheerio": "^1.2.0",
    "class-transformer": "^0.5.1",
    "class-validator": "^0.15.1",
    "cookie": "^1.1.1",
-    "fs-extra": "^11.3.3",
+    "fs-extra": "^11.3.4",
-    "happy-dom": "20.1.0",
+    "happy-dom": "20.8.4",
-    "ioredis": "^5.4.1",
+    "ioredis": "^5.10.1",
    "jsonwebtoken": "^9.0.3",
-    "kysely": "^0.28.2",
+    "kysely": "^0.28.14",
    "kysely-migration-cli": "^0.4.2",
    "kysely-postgres-js": "^3.0.0",
-    "ldapts": "^7.4.0",
+    "ldapts": "^8.1.7",
    "lib0": "^0.2.117",
-    "mammoth": "^1.11.0",
+    "mammoth": "^1.12.0",
-    "mime-types": "^2.1.35",
+    "mime-types": "^3.0.2",
-    "msgpackr": "^1.11.8",
+    "msgpackr": "^1.11.9",
-    "nanoid": "3.3.11",
+    "nanoid": "5.1.7",
    "nestjs-cls": "^6.2.0",
-    "nestjs-kysely": "^1.2.0",
+    "nestjs-kysely": "^3.1.2",
-    "nestjs-pino": "^4.5.0",
+    "nestjs-pino": "^4.6.1",
-    "nodemailer": "^7.0.12",
+    "nodemailer": "^8.0.3",
-    "openid-client": "^5.7.1",
+    "openid-client": "^6.8.2",
-    "otpauth": "^9.4.1",
+    "otpauth": "^9.5.0",
-    "p-limit": "^6.2.0",
+    "p-limit": "^7.3.0",
    "passport-google-oauth20": "^2.0.0",
    "passport-jwt": "^4.0.1",
-    "pdfjs-dist": "^5.4.394",
+    "pdfjs-dist": "^5.5.207",
    "pg-tsquery": "^8.4.2",
    "pgvector": "^0.2.1",
    "pino-http": "^11.0.0",
    "pino-pretty": "^13.1.3",
    "postgres": "^3.4.8",
-    "postmark": "^4.0.5",
+    "postmark": "^4.0.7",
    "react": "^18.3.1",
    "reflect-metadata": "^0.2.2",
    "rxjs": "^7.8.2",
    "sanitize-filename-ts": "1.0.2",
    "socket.io": "^4.8.3",
-    "stripe": "^17.5.0",
+    "stripe": "^17.7.0",
    "tlds": "^1.261.0",
    "tmp-promise": "^3.0.3",
    "tseep": "^1.3.1",
-    "typesense": "^2.1.0",
+    "typesense": "^3.0.3",
    "ws": "^8.19.0",
-    "yauzl": "^3.2.0",
+    "yauzl": "^3.2.1",
    "zod": "^4.3.6"
  },
  "devDependencies": {
-    "@eslint/js": "^9.20.0",
+    "@eslint/js": "^9.28.0",
    "@nestjs/cli": "^11.0.16",
-    "@nestjs/schematics": "^11.0.1",
+    "@nestjs/schematics": "^11.0.9",
-    "@nestjs/testing": "^11.0.10",
+    "@nestjs/testing": "^11.1.17",
-    "@types/bcrypt": "^5.0.2",
+    "@types/bcrypt": "^6.0.0",
    "@types/debounce": "^1.2.4",
    "@types/fs-extra": "^11.0.4",
    "@types/jest": "^30.0.0",
-    "@types/mime-types": "^2.1.4",
+    "@types/mime-types": "^3.0.1",
-    "@types/node": "^22.13.4",
+    "@types/node": "^25.5.0",
-    "@types/nodemailer": "^6.4.17",
+    "@types/nodemailer": "^7.0.11",
-    "@types/passport-google-oauth20": "^2.0.16",
+    "@types/passport-google-oauth20": "^2.0.17",
    "@types/passport-jwt": "^4.0.1",
    "@types/supertest": "^6.0.3",
    "@types/ws": "^8.18.1",
    "@types/yauzl": "^2.10.3",
-    "eslint": "^9.39.2",
+    "eslint": "^9.28.0",
-    "eslint-config-prettier": "^10.0.1",
+    "eslint-config-prettier": "^10.1.8",
-    "globals": "^15.15.0",
+    "globals": "^17.4.0",
-    "jest": "^30.2.0",
+    "jest": "^30.3.0",
    "kysely-codegen": "^0.20.0",
-    "prettier": "^3.5.1",
+    "prettier": "^3.8.1",
-    "react-email": "5.2.8",
+    "react-email": "5.2.10",
    "source-map-support": "^0.5.21",
    "supertest": "^7.2.2",
    "ts-jest": "^29.4.6",
    "ts-loader": "^9.5.4",
    "ts-node": "^10.9.2",
    "tsconfig-paths": "^4.2.0",
-    "typescript": "^5.7.3",
+    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.24.1"
+    "typescript-eslint": "^8.57.1"
  },
  "jest": {
    "moduleFileExtensions": [
@@ -116,7 +116,7 @@ export class CollaborationGateway {
      // Forward close events
      client.on('close', (code: number, reason: Buffer) => {
-        this.redisSync!.onSocketClose(socketId, code, reason);
+        this.redisSync!.onSocketClose(socketId, code, reason.buffer as ArrayBuffer);
      });
      // Forward pong events for keepalive
@@ -7,6 +7,7 @@ export interface AuditContext {
  actorId: string | null;
  actorType: 'user' | 'system' | 'api_key';
  ipAddress: string | null;
  userAgent: string | null;
 }
 export const AUDIT_CONTEXT_KEY = 'auditContext';
@@ -19,11 +20,15 @@ export class AuditContextMiddleware implements NestMiddleware {
    const workspaceId = (req as any).workspaceId ?? null;
    const ipAddress = this.extractIpAddress(req);
    const userAgent =
      (req.headers['user-agent'] as string) ?? null;
    const auditContext: AuditContext = {
      workspaceId,
      actorId: null,
      actorType: 'user',
      ipAddress,
      userAgent,
    };
    this.cls.set(AUDIT_CONTEXT_KEY, auditContext);
@@ -70,8 +70,8 @@ export class AttachmentService {
      }
      if (
-        existingAttachment.pageId !== pageId &&
+        existingAttachment.pageId !== pageId ||
-        existingAttachment.fileExt !== preparedFile.fileExtension &&
+        existingAttachment.fileExt !== preparedFile.fileExtension ||
        existingAttachment.workspaceId !== workspaceId
      ) {
        throw new BadRequestException('File attachment does not match');
@@ -5,12 +5,14 @@ import {
  HttpStatus,
  Inject,
  Post,
  Req,
  Res,
  UseGuards,
  Logger,
 } from '@nestjs/common';
 import { LoginDto } from './dto/login.dto';
 import { AuthService } from './services/auth.service';
 import { SessionService } from '../session/session.service';
 import { SetupGuard } from './guards/setup.guard';
 import { EnvironmentService } from '../../integrations/environment/environment.service';
 import { CreateAdminUserDto } from './dto/create-admin-user.dto';
@@ -22,7 +24,7 @@ import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { ForgotPasswordDto } from './dto/forgot-password.dto';
 import { PasswordResetDto } from './dto/password-reset.dto';
 import { VerifyUserTokenDto } from './dto/verify-user-token.dto';
-import { FastifyReply } from 'fastify';
+import { FastifyReply, FastifyRequest } from 'fastify';
 import { validateSsoEnforcement } from './auth.util';
 import { ModuleRef } from '@nestjs/core';
 import { AuditEvent, AuditResource } from '../../common/events/audit-events';
@@ -37,6 +39,7 @@ export class AuthController {
  constructor(
    private authService: AuthService,
    private sessionService: SessionService,
    private environmentService: EnvironmentService,
    private moduleRef: ModuleRef,
    @Inject(AUDIT_SERVICE) private readonly auditService: IAuditService,
@@ -115,8 +118,15 @@ export class AuthController {
    @Body() dto: ChangePasswordDto,
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
    @Req() req: FastifyRequest,
  ) {
-    return this.authService.changePassword(dto, user.id, workspace.id);
+    const currentSessionId = (req.raw as any).sessionId;
    return this.authService.changePassword(
      dto,
      user.id,
      workspace.id,
      currentSessionId,
    );
  }
  @HttpCode(HttpStatus.OK)
@@ -178,8 +188,18 @@ export class AuthController {
  @Post('logout')
  async logout(
    @AuthUser() user: User,
    @Req() req: FastifyRequest,
    @Res({ passthrough: true }) res: FastifyReply,
  ) {
    const sessionId = (req.raw as any).sessionId;
    if (sessionId) {
      await this.sessionService.revokeSession(
        sessionId,
        user.id,
        user.workspaceId,
      );
    }
    res.clearCookie('authToken');
    this.auditService.log({
@@ -192,6 +212,7 @@ export class AuthController {
  setAuthCookie(res: FastifyReply, token: string) {
    res.setCookie('authToken', token, {
      httpOnly: true,
      sameSite: 'lax',
      path: '/',
      expires: this.environmentService.getCookieExpiresIn(),
      secure: this.environmentService.isHttps(),
@@ -11,6 +11,7 @@ export type JwtPayload = {
  email: string;
  workspaceId: string;
  type: 'access';
  sessionId?: string;
 };
 export type JwtCollabPayload = {
@@ -8,6 +8,8 @@ import {
 import { LoginDto } from '../dto/login.dto';
 import { CreateUserDto } from '../dto/create-user.dto';
 import { TokenService } from './token.service';
 import { SessionService } from '../../session/session.service';
 import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { SignupService } from './signup.service';
 import { CreateAdminUserDto } from '../dto/create-admin-user.dto';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
@@ -44,6 +46,8 @@ export class AuthService {
  constructor(
    private signupService: SignupService,
    private tokenService: TokenService,
    private sessionService: SessionService,
    private userSessionRepo: UserSessionRepo,
    private userRepo: UserRepo,
    private userTokenRepo: UserTokenRepo,
    private mailService: MailService,
@@ -90,19 +94,19 @@ export class AuthService {
      metadata: { source: 'password' },
    });
-    return this.tokenService.generateAccessToken(user);
+    return this.sessionService.createSessionAndToken(user);
  }
  async register(createUserDto: CreateUserDto, workspaceId: string) {
    const user = await this.signupService.signup(createUserDto, workspaceId);
-    return this.tokenService.generateAccessToken(user);
+    return this.sessionService.createSessionAndToken(user);
  }
  async setup(createAdminUserDto: CreateAdminUserDto) {
    const { workspace, user } =
      await this.signupService.initialSetup(createAdminUserDto);
-    const authToken = await this.tokenService.generateAccessToken(user);
+    const authToken = await this.sessionService.createSessionAndToken(user);
    return { workspace, authToken };
  }
@@ -110,6 +114,7 @@ export class AuthService {
    dto: ChangePasswordDto,
    userId: string,
    workspaceId: string,
    currentSessionId?: string,
  ): Promise<void> {
    const user = await this.userRepo.findById(userId, workspaceId, {
      includePassword: true,
@@ -138,6 +143,16 @@ export class AuthService {
      workspaceId,
    );
    if (currentSessionId) {
      await this.userSessionRepo.deleteAllExceptCurrent(
        currentSessionId,
        userId,
        workspaceId,
      );
    } else {
      await this.userSessionRepo.deleteByUserId(userId, workspaceId);
    }
    this.auditService.log({
      event: AuditEvent.USER_PASSWORD_CHANGED,
      resourceType: AuditResource.USER,
@@ -244,6 +259,8 @@ export class AuthService {
        .execute();
    });
    await this.userSessionRepo.deleteByUserId(user.id, workspace.id);
    this.auditService.setActorId(user.id);
    this.auditService.log({
      event: AuditEvent.USER_PASSWORD_RESET,
@@ -276,7 +293,7 @@ export class AuthService {
      };
    }
-    const authToken = await this.tokenService.generateAccessToken(user);
+    const authToken = await this.sessionService.createSessionAndToken(user);
    return { authToken };
  }
@@ -4,6 +4,7 @@ import {
  UnauthorizedException,
 } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import type { StringValue } from 'ms';
 import { EnvironmentService } from '../../../integrations/environment/environment.service';
 import {
  JwtApiKeyPayload,
@@ -24,7 +25,7 @@ export class TokenService {
    private environmentService: EnvironmentService,
  ) {}
-  async generateAccessToken(user: User): Promise<string> {
+  async generateAccessToken(user: User, sessionId: string): Promise<string> {
    if (isUserDisabled(user)) {
      throw new ForbiddenException();
    }
@@ -34,6 +35,7 @@ export class TokenService {
      email: user.email,
      workspaceId: user.workspaceId,
      type: JwtType.ACCESS,
      sessionId,
    };
    return this.jwtService.sign(payload);
  }
@@ -96,7 +98,7 @@ export class TokenService {
    apiKeyId: string;
    user: User;
    workspaceId: string;
-    expiresIn?: string | number;
+    expiresIn?: StringValue | number;
  }): Promise<string> {
    const { apiKeyId, user, workspaceId, expiresIn } = opts;
    if (isUserDisabled(user)) {
@@ -5,6 +5,8 @@ import { EnvironmentService } from '../../../integrations/environment/environmen
 import { JwtApiKeyPayload, JwtPayload, JwtType } from '../dto/jwt-payload';
 import { WorkspaceRepo } from '@docmost/db/repos/workspace/workspace.repo';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
 import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { SessionActivityService } from '../../session/session-activity.service';
 import { FastifyRequest } from 'fastify';
 import { extractBearerTokenFromHeader, isUserDisabled } from '../../../common/helpers';
 import { ModuleRef } from '@nestjs/core';
@@ -16,6 +18,8 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
  constructor(
    private userRepo: UserRepo,
    private workspaceRepo: WorkspaceRepo,
    private userSessionRepo: UserSessionRepo,
    private sessionActivityService: SessionActivityService,
    private readonly environmentService: EnvironmentService,
    private moduleRef: ModuleRef,
  ) {
@@ -57,6 +61,16 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
      throw new UnauthorizedException();
    }
    if ((payload as JwtPayload).sessionId) {
      const sessionId = (payload as JwtPayload).sessionId;
      const session = await this.userSessionRepo.findActiveById(sessionId);
      if (!session || session.userId !== payload.sub || session.workspaceId !== payload.workspaceId) {
        throw new UnauthorizedException();
      }
      req.raw.sessionId = sessionId;
      this.sessionActivityService.trackActivity(sessionId, payload.sub, payload.workspaceId);
    }
    return { user, workspace };
  }
@@ -1,5 +1,6 @@
 import { Module } from '@nestjs/common';
 import { JwtModule } from '@nestjs/jwt';
 import type { StringValue } from 'ms';
 import { EnvironmentService } from '../../integrations/environment/environment.service';
 import { TokenService } from './services/token.service';
@@ -10,7 +11,7 @@ import { TokenService } from './services/token.service';
        return {
          secret: environmentService.getAppSecret(),
          signOptions: {
-            expiresIn: environmentService.getJwtTokenExpiresIn(),
+            expiresIn: environmentService.getJwtTokenExpiresIn() as StringValue,
            issuer: 'Docmost',
          },
        };
@@ -20,6 +20,7 @@ import { AuditContextMiddleware } from '../common/middlewares/audit-context.midd
 import { ShareModule } from './share/share.module';
 import { NotificationModule } from './notification/notification.module';
 import { WatcherModule } from './watcher/watcher.module';
 import { SessionModule } from './session/session.module';
 import { ClsMiddleware } from 'nestjs-cls';
@Module({
@@ -38,6 +39,7 @@ import { ClsMiddleware } from 'nestjs-cls';
    ShareModule,
    NotificationModule,
    WatcherModule,
    SessionModule,
  ],
 })
 export class CoreModule implements NestModule {
@@ -0,0 +1,7 @@
 import { IsNotEmpty, IsUUID } from 'class-validator';
 export class RevokeSessionDto {
  @IsUUID()
  @IsNotEmpty()
  sessionId: string;
 }
@@ -0,0 +1,36 @@
 import { Injectable } from '@nestjs/common';
 import { RedisService } from '@nestjs-labs/nestjs-ioredis';
 import type { Redis } from 'ioredis';
 import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
 const THROTTLE_SECONDS = 15 * 60; // 15 minutes
@Injectable()
 export class SessionActivityService {
  private readonly redis: Redis;
  constructor(
    private readonly redisService: RedisService,
    private readonly userSessionRepo: UserSessionRepo,
    private readonly userRepo: UserRepo,
  ) {
    this.redis = this.redisService.getOrThrow();
  }
  trackActivity(sessionId: string, userId: string, workspaceId: string): void {
    const key = `session:activity:${sessionId}`;
    this.redis
      .set(key, '1', 'EX', THROTTLE_SECONDS, 'NX')
      .then((result) => {
        if (result === null) return; // key already exists, throttled
        this.userSessionRepo.updateLastActiveAt(sessionId).catch(() => {});
        this.userRepo
          .updateUser({ lastActiveAt: new Date() }, userId, workspaceId)
          .catch(() => {});
      })
      .catch(() => {});
  }
 }
@@ -0,0 +1,80 @@
 import {
  BadRequestException,
  Body,
  Controller,
  HttpCode,
  HttpStatus,
  Post,
  Req,
  UseGuards,
 } from '@nestjs/common';
 import { SessionService } from './session.service';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { AuthUser } from '../../common/decorators/auth-user.decorator';
 import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
 import { User, Workspace } from '@docmost/db/types/entity.types';
 import { RevokeSessionDto } from './dto/revoke-session.dto';
 import { FastifyRequest } from 'fastify';
@UseGuards(JwtAuthGuard)
@Controller('sessions')
 export class SessionController {
  constructor(private readonly sessionService: SessionService) {}
  @HttpCode(HttpStatus.OK)
  @Post()
  async listSessions(
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
    @Req() req: FastifyRequest,
  ) {
    const currentSessionId = (req.raw as any).sessionId ?? null;
    const sessions = await this.sessionService.getActiveSessions(
      user.id,
      workspace.id,
      currentSessionId,
    );
    return { sessions };
  }
  @HttpCode(HttpStatus.OK)
  @Post('revoke')
  async revokeSession(
    @Body() dto: RevokeSessionDto,
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
    @Req() req: FastifyRequest,
  ) {
    const currentSessionId = (req.raw as any).sessionId;
    if (dto.sessionId === currentSessionId) {
      throw new BadRequestException(
        'Cannot revoke current session. Use logout instead.',
      );
    }
    await this.sessionService.revokeSession(
      dto.sessionId,
      user.id,
      workspace.id,
    );
  }
  @HttpCode(HttpStatus.OK)
  @Post('revoke-all')
  async revokeAllSessions(
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
    @Req() req: FastifyRequest,
  ) {
    const currentSessionId = (req.raw as any).sessionId;
    if (!currentSessionId) {
      throw new BadRequestException(
        'Current session not found. Please log in again.',
      );
    }
    await this.sessionService.revokeAllOtherSessions(
      currentSessionId,
      user.id,
      workspace.id,
    );
  }
 }
@@ -0,0 +1,14 @@
 import { Global, Module } from '@nestjs/common';
 import { SessionService } from './session.service';
 import { SessionActivityService } from './session-activity.service';
 import { SessionController } from './session.controller';
 import { TokenModule } from '../auth/token.module';
@Global()
@Module({
  imports: [TokenModule],
  controllers: [SessionController],
  providers: [SessionService, SessionActivityService],
  exports: [SessionService, SessionActivityService],
 })
 export class SessionModule {}
@@ -0,0 +1,127 @@
 import { Injectable, Logger } from '@nestjs/common';
 import { Interval } from '@nestjs/schedule';
 import { TokenService } from '../auth/services/token.service';
 import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { EnvironmentService } from '../../integrations/environment/environment.service';
 import { User } from '@docmost/db/types/entity.types';
 import { ClsService } from 'nestjs-cls';
 import {
  AuditContext,
  AUDIT_CONTEXT_KEY,
 } from '../../common/middlewares/audit-context.middleware';
 import * as Bowser from 'bowser';
 const MAX_SESSIONS_PER_USER = 25;
 const RETENTION_DAYS = 7;
@Injectable()
 export class SessionService {
  private readonly logger = new Logger(SessionService.name);
  constructor(
    private readonly tokenService: TokenService,
    private readonly userSessionRepo: UserSessionRepo,
    private readonly environmentService: EnvironmentService,
    private readonly cls: ClsService,
  ) {}
  @Interval('session-cleanup', 24 * 60 * 60 * 1000)
  async cleanupSessions() {
    try {
      await this.userSessionRepo.deleteStale(RETENTION_DAYS);
      await this.userSessionRepo.trimExcessSessions(MAX_SESSIONS_PER_USER);
      this.logger.debug('Session cleanup completed');
    } catch (err) {
      this.logger.error('Session cleanup failed', err);
    }
  }
  async createSessionAndToken(user: User): Promise<string> {
    const auditContext = this.cls.get<AuditContext>(AUDIT_CONTEXT_KEY);
    const ipAddress = auditContext?.ipAddress ?? null;
    const userAgent = auditContext?.userAgent ?? null;
    const deviceName = this.parseDeviceName(userAgent);
    const expiresAt = this.environmentService.getCookieExpiresIn();
    const session = await this.userSessionRepo.insertSession({
      userId: user.id,
      workspaceId: user.workspaceId,
      deviceName,
      ipAddress,
      expiresAt,
    });
    return this.tokenService.generateAccessToken(user, session.id);
  }
  async getActiveSessions(
    userId: string,
    workspaceId: string,
    currentSessionId: string | null,
  ) {
    const sessions = await this.userSessionRepo.findActiveByUser(
      userId,
      workspaceId,
    );
    const mapped = sessions.map((s) => ({
      id: s.id,
      deviceName: s.deviceName,
      geoLocation: s.geoLocation,
      lastActiveAt: s.lastActiveAt,
      createdAt: s.createdAt,
      isCurrentDevice: s.id === currentSessionId,
    }));
    return mapped.sort((a, b) => {
      if (a.isCurrentDevice) return -1;
      if (b.isCurrentDevice) return 1;
      return 0;
    });
  }
  async revokeSession(
    sessionId: string,
    userId: string,
    workspaceId: string,
  ): Promise<void> {
    await this.userSessionRepo.revokeById(sessionId, userId, workspaceId);
  }
  async revokeAllOtherSessions(
    currentSessionId: string,
    userId: string,
    workspaceId: string,
  ): Promise<void> {
    await this.userSessionRepo.revokeAllExceptCurrent(
      currentSessionId,
      userId,
      workspaceId,
    );
  }
  private parseDeviceName(userAgent: string | null): string | null {
    if (!userAgent) return null;
    try {
      const parsed = Bowser.parse(userAgent);
      const os = parsed.os?.name;
      const browser = parsed.browser?.name;
      const platformType = parsed.platform?.type;
      if (platformType === 'mobile' || platformType === 'tablet') {
        return parsed.platform?.model || os || 'Mobile Device';
      }
      if (os) {
        return browser ? `${browser} on ${os}` : os;
      }
      return browser || null;
    } catch {
      return null;
    }
  }
 }
@@ -1,4 +1,5 @@
-import { IsNotEmpty, IsString, IsUUID } from 'class-validator';
+import { IsEnum, IsNotEmpty, IsUUID } from 'class-validator';
 import { UserRole } from '../../../common/helpers/types/permission';
 export class UpdateWorkspaceUserRoleDto {
  @IsNotEmpty()
@@ -6,6 +7,6 @@ export class UpdateWorkspaceUserRoleDto {
  userId: string;
  @IsNotEmpty()
-  @IsString()
+  @IsEnum(UserRole)
  role: string;
 }
@@ -22,6 +22,7 @@ import InvitationEmail from '@docmost/transactional/emails/invitation-email';
 import { GroupUserRepo } from '@docmost/db/repos/group/group-user.repo';
 import InvitationAcceptedEmail from '@docmost/transactional/emails/invitation-accepted-email';
 import { TokenService } from '../../auth/services/token.service';
 import { SessionService } from '../../session/session.service';
 import { nanoIdGen } from '../../../common/helpers';
 import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
 import { executeWithCursorPagination } from '@docmost/db/pagination/cursor-pagination';
@@ -49,6 +50,7 @@ export class WorkspaceInvitationService {
    private mailService: MailService,
    private domainService: DomainService,
    private tokenService: TokenService,
    private sessionService: SessionService,
    @InjectKysely() private readonly db: KyselyDB,
    @InjectQueue(QueueName.BILLING_QUEUE) private billingQueue: Queue,
    private readonly environmentService: EnvironmentService,
@@ -350,7 +352,7 @@ export class WorkspaceInvitationService {
      };
    }
-    const authToken = await this.tokenService.generateAccessToken(newUser);
+    const authToken = await this.sessionService.createSessionAndToken(newUser);
    return { authToken };
  }
@@ -7,6 +7,7 @@ import {
  NotFoundException,
 } from '@nestjs/common';
 import { LicenseCheckService } from '../../../integrations/environment/license-check.service';
 import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { CreateWorkspaceDto } from '../dto/create-workspace.dto';
 import { UpdateWorkspaceDto } from '../dto/update-workspace.dto';
 import { SpaceService } from '../../space/services/space.service';
@@ -67,6 +68,7 @@ export class WorkspaceService {
    @InjectQueue(QueueName.BILLING_QUEUE) private billingQueue: Queue,
    @InjectQueue(QueueName.AI_QUEUE) private aiQueue: Queue,
    @Inject(AUDIT_SERVICE) private readonly auditService: IAuditService,
    private userSessionRepo: UserSessionRepo,
  ) {}
  async findById(workspaceId: string) {
@@ -667,11 +669,15 @@ export class WorkspaceService {
      }
    }
-    await this.userRepo.updateUser(
+    await executeTx(this.db, async (trx) => {
-      { deactivatedAt: new Date() },
+      await this.userRepo.updateUser(
-      userId,
+        { deactivatedAt: new Date() },
-      workspaceId,
+        userId,
-    );
+        workspaceId,
        trx,
      );
      await this.userSessionRepo.revokeByUserId(userId, workspaceId, trx);
    });
    this.auditService.log({
      event: AuditEvent.USER_DEACTIVATED,
@@ -785,6 +791,8 @@ export class WorkspaceService {
      await this.watcherRepo.deleteByUserAndWorkspace(userId, workspaceId, {
        trx,
      });
      await this.userSessionRepo.revokeByUserId(userId, workspaceId, trx);
    });
    this.auditService.log({
@@ -17,6 +17,7 @@ import { KyselyDB } from '@docmost/db/types/kysely.types';
 import * as process from 'node:process';
 import { MigrationService } from '@docmost/db/services/migration.service';
 import { UserTokenRepo } from './repos/user-token/user-token.repo';
 import { UserSessionRepo } from '@docmost/db/repos/session/user-session.repo';
 import { BacklinkRepo } from '@docmost/db/repos/backlink/backlink.repo';
 import { ShareRepo } from '@docmost/db/repos/share/share.repo';
 import { NotificationRepo } from '@docmost/db/repos/notification/notification.repo';
@@ -76,6 +77,7 @@ import { normalizePostgresUrl } from '../common/helpers';
    CommentRepo,
    AttachmentRepo,
    UserTokenRepo,
    UserSessionRepo,
    BacklinkRepo,
    ShareRepo,
    NotificationRepo,
@@ -95,6 +97,7 @@ import { normalizePostgresUrl } from '../common/helpers';
    CommentRepo,
    AttachmentRepo,
    UserTokenRepo,
    UserSessionRepo,
    BacklinkRepo,
    ShareRepo,
    NotificationRepo,
@@ -0,0 +1,45 @@
 import { Kysely, sql } from 'kysely';
 export async function up(db: Kysely<any>): Promise<void> {
  await db.schema
    .createTable('user_sessions')
    .addColumn('id', 'uuid', (col) =>
      col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
    )
    .addColumn('user_id', 'uuid', (col) =>
      col.notNull().references('users.id').onDelete('cascade'),
    )
    .addColumn('workspace_id', 'uuid', (col) =>
      col.notNull().references('workspaces.id').onDelete('cascade'),
    )
    .addColumn('device_name', 'varchar')
    .addColumn('user_agent', 'text')
    .addColumn('ip_address', sql`inet`)
    .addColumn('geo_location', 'varchar')
    .addColumn('last_active_at', 'timestamptz', (col) =>
      col.notNull().defaultTo(sql`now()`),
    )
    .addColumn('expires_at', 'timestamptz', (col) => col.notNull())
    .addColumn('metadata', 'jsonb')
    .addColumn('revoked_at', 'timestamptz')
    .addColumn('created_at', 'timestamptz', (col) =>
      col.notNull().defaultTo(sql`now()`),
    )
    .execute();
  await sql`
    CREATE INDEX idx_user_sessions_active
    ON user_sessions (user_id, workspace_id, last_active_at DESC)
    WHERE revoked_at IS NULL
  `.execute(db);
  await sql`
    CREATE INDEX idx_user_sessions_revoked
    ON user_sessions (expires_at)
    WHERE revoked_at IS NOT NULL
  `.execute(db);
 }
 export async function down(db: Kysely<any>): Promise<void> {
  await db.schema.dropTable('user_sessions').execute();
 }
@@ -0,0 +1,162 @@
 import {
  InsertableUserSession,
  UserSession,
 } from '@docmost/db/types/entity.types';
 import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
 import { dbOrTx } from '@docmost/db/utils';
 import { Injectable } from '@nestjs/common';
 import { InjectKysely } from 'nestjs-kysely';
 import { sql } from 'kysely';
@Injectable()
 export class UserSessionRepo {
  constructor(@InjectKysely() private readonly db: KyselyDB) {}
  async insertSession(
    session: InsertableUserSession,
    trx?: KyselyTransaction,
  ): Promise<UserSession> {
    const db = dbOrTx(this.db, trx);
    return db
      .insertInto('userSessions')
      .values(session)
      .returningAll()
      .executeTakeFirstOrThrow();
  }
  async findActiveById(id: string): Promise<UserSession | undefined> {
    return this.db
      .selectFrom('userSessions')
      .selectAll()
      .where('id', '=', id)
      .where('expiresAt', '>', new Date())
      .where('revokedAt', 'is', null)
      .executeTakeFirst();
  }
  async findActiveByUser(
    userId: string,
    workspaceId: string,
  ): Promise<UserSession[]> {
    return this.db
      .selectFrom('userSessions')
      .selectAll()
      .where('userId', '=', userId)
      .where('workspaceId', '=', workspaceId)
      .where('expiresAt', '>', new Date())
      .where('revokedAt', 'is', null)
      .orderBy('lastActiveAt', 'desc')
      .execute();
  }
  async updateLastActiveAt(id: string): Promise<void> {
    await this.db
      .updateTable('userSessions')
      .set({ lastActiveAt: new Date() })
      .where('id', '=', id)
      .execute();
  }
  async revokeById(
    id: string,
    userId: string,
    workspaceId: string,
  ): Promise<void> {
    await this.db
      .updateTable('userSessions')
      .set({ revokedAt: new Date() })
      .where('id', '=', id)
      .where('userId', '=', userId)
      .where('workspaceId', '=', workspaceId)
      .where('revokedAt', 'is', null)
      .execute();
  }
  async revokeAllExceptCurrent(
    currentSessionId: string,
    userId: string,
    workspaceId: string,
  ): Promise<void> {
    await this.db
      .updateTable('userSessions')
      .set({ revokedAt: new Date() })
      .where('userId', '=', userId)
      .where('workspaceId', '=', workspaceId)
      .where('id', '!=', currentSessionId)
      .where('revokedAt', 'is', null)
      .execute();
  }
  async revokeByUserId(
    userId: string,
    workspaceId: string,
    trx?: KyselyTransaction,
  ): Promise<void> {
    const db = dbOrTx(this.db, trx);
    await db
      .updateTable('userSessions')
      .set({ revokedAt: new Date() })
      .where('userId', '=', userId)
      .where('workspaceId', '=', workspaceId)
      .where('revokedAt', 'is', null)
      .execute();
  }
  async deleteByUserId(
    userId: string,
    workspaceId: string,
  ): Promise<void> {
    await this.db
      .deleteFrom('userSessions')
      .where('userId', '=', userId)
      .where('workspaceId', '=', workspaceId)
      .execute();
  }
  async deleteAllExceptCurrent(
    currentSessionId: string,
    userId: string,
    workspaceId: string,
  ): Promise<void> {
    await this.db
      .deleteFrom('userSessions')
      .where('userId', '=', userId)
      .where('workspaceId', '=', workspaceId)
      .where('id', '!=', currentSessionId)
      .execute();
  }
  async deleteStale(retentionDays: number): Promise<void> {
    const cutoff = new Date(Date.now() - retentionDays * 24 * 60 * 60 * 1000);
    await this.db
      .deleteFrom('userSessions')
      .where((eb) =>
        eb.or([
          eb('revokedAt', '<', cutoff),
          eb('expiresAt', '<', cutoff),
        ]),
      )
      .execute();
  }
  async trimExcessSessions(maxPerUser: number): Promise<void> {
    const overflowed = await this.db
      .selectFrom('userSessions')
      .select(['userId', 'workspaceId'])
      .groupBy(['userId', 'workspaceId'])
      .having(sql`COUNT(*)`, '>', maxPerUser)
      .execute();
    for (const { userId, workspaceId } of overflowed) {
      await sql`
        DELETE FROM user_sessions
        WHERE id IN (
          SELECT id FROM user_sessions
          WHERE user_id = ${userId} AND workspace_id = ${workspaceId}
          ORDER BY last_active_at DESC
          OFFSET ${maxPerUser}
        )
      `.execute(this.db);
    }
  }
 }
@@ -429,6 +429,21 @@ export interface PagePermissions {
  updatedAt: Generated<Timestamp>;
 }
 export interface UserSessions {
  id: Generated<string>;
  userId: string;
  workspaceId: string;
  deviceName: string | null;
  userAgent: string | null;
  ipAddress: string | null;
  geoLocation: string | null;
  metadata: Json | null;
  lastActiveAt: Generated<Timestamp>;
  expiresAt: Timestamp;
  revokedAt: Timestamp | null;
  createdAt: Generated<Timestamp>;
 }
 export interface DB {
  apiKeys: ApiKeys;
  attachments: Attachments;
@@ -451,6 +466,7 @@ export interface DB {
  spaces: Spaces;
  userMfa: UserMfa;
  users: Users;
  userSessions: UserSessions;
  userTokens: UserTokens;
  watchers: Watchers;
  workspaceInvitations: WorkspaceInvitations;
@@ -22,6 +22,7 @@ import {
  Shares,
  FileTasks,
  UserMfa as _UserMFA,
  UserSessions,
  ApiKeys,
  Watchers,
  Audit as _Audit,
@@ -157,6 +158,11 @@ export type PagePermission = Selectable<_PagePermissions>;
 export type InsertablePagePermission = Insertable<_PagePermissions>;
 export type UpdatablePagePermission = Updateable<Omit<_PagePermissions, 'id'>>;
 // User Session
 export type UserSession = Selectable<UserSessions>;
 export type InsertableUserSession = Insertable<UserSessions>;
 export type UpdatableUserSession = Updateable<Omit<UserSessions, 'id'>>;
 // Audit
 export type Audit = Selectable<_Audit>;
 export type InsertableAudit = Insertable<_Audit>;
@@ -28,8 +28,7 @@ import { PageRepo } from '@docmost/db/repos/page/page.repo';
 import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { Node } from '@tiptap/pm/model';
 import { EditorState } from '@tiptap/pm/state';
-// eslint-disable-next-line @typescript-eslint/no-require-imports
+import slugify from '@sindresorhus/slugify';
 import slugify = require('@sindresorhus/slugify');
 // eslint-disable-next-line @typescript-eslint/no-require-imports
 const packageJson = require('../../../package.json');
 import { EnvironmentService } from '../environment/environment.service';
@@ -4,8 +4,7 @@ import * as path from 'path';
 import { v7 } from 'uuid';
 import { InsertableBacklink } from '@docmost/db/types/entity.types';
 import { Cheerio, CheerioAPI, load } from 'cheerio';
-// eslint-disable-next-line @typescript-eslint/no-require-imports
+import slugify from '@sindresorhus/slugify';
 import slugify = require('@sindresorhus/slugify');
 // Check if text contains Unicode characters (for emojis/icons)
 function isUnicodeCharacter(text: string): boolean {
@@ -71,7 +71,10 @@ export class StaticModule implements OnModuleInit {
      app.get(RENDER_PATH, (req: any, res: any) => {
        const stream = fs.createReadStream(indexFilePath);
-        res.type('text/html').send(stream);
+        res
          .header('Cache-Control', 'no-cache, no-store, must-revalidate')
          .type('text/html')
          .send(stream);
      });
    }
  }
@@ -65,12 +65,10 @@ export class WsGateway
  async handleMessage(client: Socket, data: any): Promise<void> {
    if (this.wsService.isTreeEvent(data)) {
      await this.wsService.handleTreeEvent(client, data);
      return;
    }
    client.broadcast.emit('message', data);
  }
  /*
  @SubscribeMessage('join-room')
  handleJoinRoom(client: Socket, @MessageBody() roomName: string): void {
    // if room is a space, check if user has permissions
@@ -81,6 +79,7 @@ export class WsGateway
  handleLeaveRoom(client: Socket, @MessageBody() roomName: string): void {
    client.leave(roomName);
  }
 */
  onModuleDestroy() {
    if (this.server) {
@@ -27,6 +27,15 @@ export class WsService {
  async handleTreeEvent(client: Socket, data: any): Promise<void> {
    const room = getSpaceRoomName(data.spaceId);
    if (!client.rooms.has(room)) {
      return;
    }
    if (data.operation === 'refetchRootTreeNodeEvent') {
      client.broadcast.to(room).emit('message', data);
      return;
    }
    const hasRestrictions = await this.spaceHasRestrictions(data.spaceId);
    if (!hasRestrictions) {
      client.broadcast.to(room).emit('message', data);
@@ -14,4 +14,5 @@ export const TREE_EVENTS = new Set([
  'addTreeNode',
  'moveTreeNode',
  'deleteTreeNode',
  'refetchRootTreeNodeEvent',
 ]);
@@ -17,5 +17,6 @@
  },
  "affected": {
    "defaultBase": "main"
-  }
+  },
-}
+  "analytics": false
 }
@@ -19,73 +19,71 @@
    "clean": "rm -rf apps/*/dist packages/*/dist apps/client/node_modules/.vite"
  },
  "dependencies": {
-    "@braintree/sanitize-url": "^7.1.0",
+    "@braintree/sanitize-url": "^7.1.2",
    "@casl/ability": "6.8.0",
    "@docmost/editor-ext": "workspace:*",
    "@floating-ui/dom": "^1.7.3",
    "@hocuspocus/provider": "3.4.4",
    "@hocuspocus/server": "3.4.4",
    "@hocuspocus/transformer": "3.4.4",
-    "@joplin/turndown": "^4.0.74",
+    "@joplin/turndown": "^4.0.82",
-    "@joplin/turndown-plugin-gfm": "^1.0.56",
+    "@joplin/turndown-plugin-gfm": "^1.0.64",
-    "@sindresorhus/slugify": "1.1.0",
+    "@sindresorhus/slugify": "3.0.0",
-    "@tiptap/core": "3.17.1",
+    "@tiptap/core": "3.20.4",
-    "@tiptap/extension-code-block": "3.17.1",
+    "@tiptap/extension-code-block": "3.20.4",
-    "@tiptap/extension-collaboration": "3.17.1",
+    "@tiptap/extension-collaboration": "3.20.4",
-    "@tiptap/extension-collaboration-caret": "3.17.1",
+    "@tiptap/extension-collaboration-caret": "3.20.4",
-    "@tiptap/extension-color": "3.17.1",
+    "@tiptap/extension-color": "3.20.4",
-    "@tiptap/extension-document": "3.17.1",
+    "@tiptap/extension-document": "3.20.4",
-    "@tiptap/extension-heading": "3.17.1",
+    "@tiptap/extension-heading": "3.20.4",
-    "@tiptap/extension-highlight": "3.17.1",
+    "@tiptap/extension-highlight": "3.20.4",
-    "@tiptap/extension-history": "3.17.1",
+    "@tiptap/extension-history": "3.20.4",
-    "@tiptap/extension-image": "3.17.1",
+    "@tiptap/extension-image": "3.20.4",
-    "@tiptap/extension-link": "3.17.1",
+    "@tiptap/extension-link": "3.20.4",
-    "@tiptap/extension-list": "3.17.1",
+    "@tiptap/extension-list": "3.20.4",
-    "@tiptap/extension-placeholder": "3.17.1",
+    "@tiptap/extension-placeholder": "3.20.4",
-    "@tiptap/extension-subscript": "3.17.1",
+    "@tiptap/extension-subscript": "3.20.4",
-    "@tiptap/extension-superscript": "3.17.1",
+    "@tiptap/extension-superscript": "3.20.4",
-    "@tiptap/extension-table": "3.17.1",
+    "@tiptap/extension-table": "3.20.4",
-    "@tiptap/extension-text": "3.17.1",
+    "@tiptap/extension-text": "3.20.4",
-    "@tiptap/extension-text-align": "3.17.1",
+    "@tiptap/extension-text-align": "3.20.4",
-    "@tiptap/extension-text-style": "3.17.1",
+    "@tiptap/extension-text-style": "3.20.4",
-    "@tiptap/extension-typography": "3.17.1",
+    "@tiptap/extension-typography": "3.20.4",
-    "@tiptap/extension-unique-id": "^3.17.1",
+    "@tiptap/extension-unique-id": "3.20.4",
-    "@tiptap/extension-youtube": "3.17.1",
+    "@tiptap/extension-youtube": "3.20.4",
-    "@tiptap/html": "3.17.1",
+    "@tiptap/html": "3.20.4",
-    "@tiptap/pm": "3.17.1",
+    "@tiptap/pm": "3.20.4",
-    "@tiptap/react": "3.17.1",
+    "@tiptap/react": "3.20.4",
-    "@tiptap/starter-kit": "3.17.1",
+    "@tiptap/starter-kit": "3.20.4",
-    "@tiptap/suggestion": "3.17.1",
+    "@tiptap/suggestion": "3.20.4",
-    "@tiptap/y-tiptap": "^3.0.2",
+    "@tiptap/y-tiptap": "3.0.2",
    "@types/qrcode": "^1.5.5",
    "bytes": "^3.1.2",
-    "cross-env": "^7.0.3",
+    "cross-env": "^10.1.0",
    "date-fns": "^4.1.0",
    "diff": "8.0.3",
    "dompurify": "^3.3.3",
    "fractional-indexing-jittered": "^1.0.0",
    "highlight.js": "^11.11.1",
    "image-dimensions": "^2.5.0",
    "ioredis": "^5.4.1",
    "jszip": "^3.10.1",
    "linkifyjs": "^4.3.2",
-    "marked": "13.0.3",
+    "marked": "17.0.5",
    "ms": "3.0.0-canary.1",
    "qrcode": "^1.5.4",
-    "rfc6902": "5.1.2",
+    "rfc6902": "5.2.0",
-    "uuid": "^11.1.0",
+    "uuid": "^13.0.0",
    "y-indexeddb": "^9.0.12",
    "y-prosemirror": "1.3.7",
-    "yjs": "^13.6.29"
+    "yjs": "^13.6.30"
  },
  "devDependencies": {
-    "@nx/js": "22.5.3",
+    "@nx/js": "22.6.1",
    "@types/bytes": "^3.1.5",
    "@types/qrcode": "^1.5.6",
    "@types/turndown": "^5.0.6",
-    "@types/uuid": "^10.0.0",
+    "concurrently": "^9.2.1",
-    "concurrently": "^9.1.2",
+    "nx": "22.6.1",
-    "nx": "22.5.3",
+    "tsx": "^4.21.0"
    "tsx": "^4.19.3"
  },
  "workspaces": {
    "packages": [
@@ -100,28 +98,33 @@
      "@tiptap/core": "patches/@tiptap__core.patch"
    },
    "overrides": {
-      "jsdom": "25.0.1",
+      "prosemirror-changeset": "2.4.0",
      "jsonwebtoken": "9.0.3",
      "prosemirror-changeset": "2.3.1",
      "y-prosemirror": "1.3.7",
-      "qs": "6.14.2",
+      "glob": "13.0.6",
      "glob": "10.5.0",
      "lodash": "4.17.23",
      "ws": "8.19.0",
      "cross-spawn": "7.0.5",
      "dompurify": "3.3.3",
      "tmp": "0.2.5",
      "hono": "4.12.8",
      "mermaid": "11.13.0",
      "nanoid@^3": "3.3.8",
      "socket.io-parser": "4.2.6",
      "serialize-javascript": "7.0.3",
      "lodash-es": "4.17.23",
-      "markdown-it": "14.1.1",
+      "@hono/node-server": "1.19.10",
-      "@tiptap/core": "3.17.1",
+      "undici": "7.24.0",
-      "@tiptap/pm": "3.17.1",
+      "ajv@^6": "6.14.0",
-      "@tiptap/starter-kit": "3.17.1",
+      "ajv@^8": "8.18.0",
-      "@tiptap/extension-blockquote": "3.17.1",
+      "underscore": "1.13.8",
-      "@tiptap/extension-bold": "3.17.0",
+      "immutable": "4.3.8",
-      "@tiptap/extension-bubble-menu": "3.17.1",
+      "express-rate-limit": "8.2.2",
-      "@tiptap/extension-bullet-list": "3.17.1",
+      "minimatch@^3": "3.1.5",
-      "@tiptap/extension-list": "3.17.1",
+      "minimatch@^5": "5.1.8",
-      "@tiptap/extension-code": "3.17.1"
+      "flatted": "3.4.2",
      "picomatch@<2.3.2": "2.3.2",
      "picomatch@>=4.0.0 <4.0.4": "4.0.4",
      "fastify": "5.8.3",
      "yaml@>=1.0.0 <1.10.3": "1.10.3",
      "yaml@>=2.0.0 <2.8.3": "2.8.3"
    },
    "neverBuiltDependencies": []
  }
@@ -1,5 +1,6 @@
 import { Node, mergeAttributes } from "@tiptap/core";
 import { ReactNodeViewRenderer } from "@tiptap/react";
 import { sanitizeUrl } from "../utils";
 export interface AttachmentOptions {
  HTMLAttributes: Record<string, any>;
@@ -42,9 +43,12 @@ export const Attachment = Node.create<AttachmentOptions>({
    return {
      url: {
        default: "",
-        parseHTML: (element) => element.getAttribute("data-attachment-url"),
+        parseHTML: (element) => {
          const url = element.getAttribute("data-attachment-url");
          return sanitizeUrl(url);
        },
        renderHTML: (attributes) => ({
-          "data-attachment-url": attributes.url,
+          "data-attachment-url": sanitizeUrl(attributes.url),
        }),
      },
      name: {
@@ -101,7 +105,7 @@ export const Attachment = Node.create<AttachmentOptions>({
      [
        "a",
        {
-          href: HTMLAttributes["data-attachment-url"],
+          href: sanitizeUrl(HTMLAttributes["data-attachment-url"]),
          class: "attachment",
          target: "blank",
        },
Author	SHA1	Message	Date
Philipinho	2d6e8fd287	fix	2026-03-26 19:43:34 +00:00
Philipinho	237fd79971	rename current device property	2026-03-26 19:40:25 +00:00
Philipinho	15e5b05c7f	don't cache index	2026-03-26 18:56:27 +00:00
Philipinho	7b3572a285	cleanup	2026-03-26 18:55:58 +00:00
Philipinho	3940c259e8	license	2026-03-26 18:33:12 +00:00
Philipinho	32446d1320	cleanup	2026-03-26 17:57:06 +00:00
Philipinho	da7bb9a07f	Merge branch 'main' into sessions	2026-03-26 17:29:28 +00:00
Philipinho	2648d7bea3	WIP	2026-03-26 17:29:25 +00:00
Philipinho	4e8f533b91	override	2026-03-26 16:48:33 +00:00
Philipinho	7b0d8fe140	override	2026-03-26 16:46:40 +00:00
Philipinho	2f92278a9d	sync	2026-03-26 16:35:05 +00:00
Philipinho	53608eae35	clean up ws	2026-03-26 13:59:17 +00:00
Philipinho	0e4a1e7419	enum validation	2026-03-26 00:41:38 +00:00
Philipinho	c6d2f0c6cc	user session management	2026-03-26 00:21:59 +00:00
Philipinho	9125996e97	sync	2026-03-25 10:08:36 +00:00
Philip Okugbe	fa4872e89e	fix(deps): package updates (#2041 ) * update * overrides * override * fix page update mutation * fix * cleanup * loader * fix excalidraw package * override * fix regex	2026-03-25 10:07:01 +00:00
Philipinho	6d6f3a8a8e	merge commit	2026-03-24 10:52:09 +00:00
Philip Okugbe	975b4dcaab	feat: auth pages layout (#2042 ) * auth pages layout * exclude home route from redirect * fix margin	2026-03-22 16:40:50 +00:00