* Fix password validation on container restart
Only validate password for new users, not when updating existing users.
This prevents container crashes when TUDUDI_USER_PASSWORD is set but
doesn't meet current validation requirements for existing users.
* Fix entrypoint crash when app user doesn't exist
Check if app user exists before getting UID/GID to prevent
'id: unknown user app' error on restart. Fall back to build-time
defaults (APP_UID/APP_GID) if user is missing.
---------
Co-authored-by: antanst <>
* Global search scaffold
* Add search preview text
* Add generic fallback for preview text in search
* fixup! Add generic fallback for preview text in search
* Add more tweaks
* fixup! Add more tweaks
* Fix an issue with criteria
* fixup! Fix an issue with criteria
* fixup! fixup! Fix an issue with criteria
* fixup! fixup! fixup! Fix an issue with criteria
* Fix an issue with priority filter
* fixup! Fix an issue with priority filter
* Add sortable pins
* fixup! Add sortable pins
* Make options collapsed by default
* Tweak UI
* Add tests
* Add translations
* Add more translations
* fixup! Add more translations
* Add minor tweaks
This migration backfills role entries for users that existed before the roles system was introduced.
- If no admins exist: Missing users become admins to prevent lockout
- If admins exist: Missing users become regular users (safe default)
- Idempotent: Safe to run multiple times
Critical security improvements:
- Add requireAuth middleware to /api/upload/project-image endpoint (prevents unauthenticated file uploads)
- Fix SQL injection vulnerability in tasks.js DELETE route by whitelisting table names
- Add missing resource existence check in shares.js POST endpoint (prevents permissions on non-existent resources)
Code quality improvements:
- Replace all console.error with logError across all route files for consistent logging
- Import logError service in all route modules
All tests passing (597 passed).
- Keep :uid endpoints throughout (not :id)
- Keep hasAccess middleware for permission checks
- Keep logError instead of console.error
- Add Note orphaning in project deletion
- Merge area attributes (include uid)
- Merge project store update on delete
- Use uid in test data-testids
