* fix(mcp): Include subtasks in get_task API response
Add Subtasks association to the findTaskByIdentifier function
so that the get_task MCP API endpoint returns subtasks along
with the main task. This enables clients to access the full
task hierarchy in a single API call.
The serializeTask function already supported subtasks
serialization, so this change only required updating the
query includes to load the Subtasks relation with proper
ordering and Tag associations.
Fixes#1029
* fix(inbox): Fix tag/project autocomplete selection
Fixes#996
Previously, when creating a task from inbox with autocomplete suggestions,
the tag/project replacement would fail if there was regular text before
the hashtag or plus sign. This caused two issues:
1. When typing "#technical_writing" and creating a task, the tag wouldn't
be created or applied because the autocomplete wasn't replacing the input
2. When typing "#tech_" and selecting "technical_writing" from autocomplete,
a new tag "tech_" would be created instead of applying the existing tag
This was caused by an overly restrictive condition in handleTagSelect and
handleProjectSelect that prevented replacement when there was regular text
before the tag/project marker.
Changes:
- Removed the allowReplacement condition that blocked autocomplete when
regular text preceded the tag/project marker
- Simplified handleTagSelect and handleProjectSelect to always replace
partial input when a suggestion is selected
- Added a space after the selected tag/project for better UX
This commit implements CSRF token support for all session-based API
requests to fix the "CSRF token missing" and "CSRF token mismatch" errors
introduced after CSRF protection was added in commit 62c4cc84.
Changes:
- Created csrfService.ts utility for fetching and caching CSRF tokens
- Added getPostHeadersWithCsrf() helper to authUtils for async token injection
- Updated all service files (*Service.ts) to include CSRF tokens in POST/PUT/PATCH/DELETE requests
- Updated components with inline fetch calls to use getCsrfToken()
- Fixed CSRF middleware to use single lusca instance instead of creating new instances per request
- Improved generateToken() to use req.csrfToken() when available
- Added CalDAV path exemption to CSRF protection
Technical details:
- CSRF tokens are fetched from /api/csrf-token endpoint
- Tokens are cached and reused across requests to avoid unnecessary fetches
- Tokens are included in x-csrf-token header for state-changing requests
- Public endpoints (login, register) remain exempt from CSRF protection
- Bearer token authentication remains exempt from CSRF protection
Files modified:
- Backend: app.js, middleware/csrf.js
- Frontend: 13 service files, 8 component files
- New file: frontend/utils/csrfService.ts
This ensures all session-based requests properly include CSRF tokens while
maintaining support for API token authentication.
- Fix button text showing "Update Project" instead of "Create Project"
by checking for project.uid/id instead of just project existence
- Remove duplicate success toast (ProjectModal already shows one)
- Update both local and global projects store after creation
so new project appears in Projects view without refresh
Fixes#980
* Global search scaffold
* Add search preview text
* Add generic fallback for preview text in search
* fixup! Add generic fallback for preview text in search
* Add more tweaks
* fixup! Add more tweaks
* Fix an issue with criteria
* fixup! Fix an issue with criteria
* fixup! fixup! Fix an issue with criteria
* fixup! fixup! fixup! Fix an issue with criteria
* Fix an issue with priority filter
* fixup! Fix an issue with priority filter
* Add sortable pins
* fixup! Add sortable pins
* Make options collapsed by default
* Tweak UI
* Add tests
* Add translations
* Add more translations
* fixup! Add more translations
* Add minor tweaks
* Scaffold project states
* fixup! Scaffold project states
* Fix blinking project modal
* fixup! Fix blinking project modal
* fixup! fixup! Fix blinking project modal
* Fix an issue with the tag input autosuggest
* fixup! Fix an issue with the tag input autosuggest
* fixup! fixup! Fix an issue with the tag input autosuggest
* Add state to project details
* fixup! Add state to project details
* Add state indicator on project cards
* fixup! Add state indicator on project cards
- Update all entities to include UID field
- Convert components to use UID for navigation and links
- Update services to support UID-based API calls
- Add slug utilities for UID extraction
- Update store to handle UID fields
- Fix routing throughout all components
* Update version
* Order Inbox items by creation timestamp, desc
* Fix input keyboard tab and enter handling
* Fix lint issues
* Move in progress items to the top of today list
* Make tags and projects clickable
* fixup! Make tags and projects clickable
* fixup! fixup! Make tags and projects clickable
