* fix new position calculataion
* ensure consistent list item ordering
* fix recipe ref overflow on small screens
* added recipe ref elevation
* tweaked line height (for long notes)
* removed unused user dependency
* remove old shopping list items when there's >100
* 🤷
* cleaned up function generator
* fixed test
* fix potential type error
* made max position calc more efficient
* fix(security): reset login attempts after successful login
Enforce a maximum number of consecutive failed logins. Successfully logging in should reset the
count.
#2569
* fix(security): fix when user is unlocked
The user should be unlocked when locked_at is set, but the lock has expired.
#2569
`email.com` is not a reserved domain, incorrect configuration could result in unintentional effects.
`example.com` is reserved by IANA for bogus purposes, see RFC 6761.
* added normalization to foods and units
* changed search to reference new normalized fields
* fix tests
* added parsed food matching to backend
* prevent pagination from ordering when searching
* added extra fuzzy matching to sqlite ing matching
* added tests
* only apply search ordering when order_by is null
* enabled post-search fuzzy matching for postgres
* fixed postgres fuzzy search test
* idk why this is failing
* 🤦
* simplified frontend ing matching
and restored automatic unit creation
* tightened food fuzzy threshold
* change to rapidfuzz
* sped up fuzzy matching with process
* fixed units not matching by abbreviation
* fast return for exact matches
* replace db searching with pure fuzz
* added fuzzy normalization
* tightened unit fuzzy matching thresh
* cleaned up comments/var names
* ran matching logic through the dryer
* oops
* simplified order by application logic
* WIP: proof of concept
* basic meta tag injection
* add support for scraping public/private links
* make tests go brrrrr
* cleanup initialization
* rewrite build config
* remove recipe meta on frontend
* make type checker happy
* remove other deployment methods
* fix issue with JSON response on un-authenticated request
* docs updates
* update tivy scanner
* fix linter stuff
* change registry tag
* build fixes
* fix same mistake I always make
* fixed incorrect var ref
* added public recipe pagination route
* refactored frontend public/explore API
* fixed broken public cards
* hid context menu from cards when public
* fixed public app header
* fixed random recipe
* added public food, category, tag, and tool routes
* not sure why I thought that would work
* added public organizer/foods stores
* disabled clicking on tags/categories
* added public link to profile page
* linting
* force a 404 if the group slug is missing or invalid
* oops
* refactored to fit sidebar into explore
* fixed invalid logic for app header
* removed most sidebar options from public
* added backend routes for public cookbooks
* added explore cookbook pages/apis
* codegen
* added backend tests
* lint
* fixes v-for keys
* I do not understand but sure why not
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* updated base button group
* added kitchen timer
* added missing icon
* usability tweaks
* for for menu rendering over app bar
* clean up types
* fix for mp3 loading, maybe?
* spooky linter fixes
* for real this time
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* feat: improve readability of notes in ingredients list
Makes the notes in the ingredients list more readable by making them slightly opaque. This creates a better visual separation between the notes and the rest of the ingredient.
* Use server display if available
* Move note to newline and make quantity more distinct
* Use safeMarkdown for shopping list
* Use component
* Wrap unit in accent color
* Update RecipeIngredientListItem to set food in bold
* improved UI responsiveness and added image preview
* added global image cropper component
* added image cropper to last made dialog
* style tweaks
* added more specific text for creating event
* mopped up some slop
* renamed height and width vars
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* added support for group slugs
* modified frontend to use links with group slug
* fixed test refs
* unused import
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* refactored recipe image paths/service
* added routes for updating/fetching timeline images
* make generate
* added event image upload and rendering
* switched update to patch to preserve timestamp
* added tests
* tweaked order of requests
* always reload events when opening the timeline
* re-arranged elements to make them look nicer
* delete files when timeline event is deleted
* fixed paprika url key
* fixed paprika total and prep time aliases
* added nextcloud time parsing
* mapped paprika categories to tags
* cleaned up netcloud parsetime
* validate user attributes on user creation
add logs for invalid or missing attributes
* only update admin flag when admin status changes
* move ldap functions into separate file
* fix linter issues
* actually use the search_user function
* fix types
* update dev docker poetry install
* Forward/Report IP through front and backend.
* Add fail2ban docs
* fix option name and iproute2 in omni entry
* Fix entry scripts -> gunicorn setting respected
* gunicorn off
* xfwd in nuxt proxy and handle multiple IPs
* New translations en-US.json (Norwegian)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Polish)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (Portuguese)
* New translations en-US.json (French)
* Add hook for random sorting
* Add random sorting to front page
* Add multiple tests for random sorting.
* Be extra sure that all recipes are returned.
* Too stable random. seed doesn't reach backend.
* add timestamp to useRecipeSearch
* Update randomization tests for timestamp seeding
* ruff cleanup
* pass timestamp separately in getAll
* remove debugging log items
* remove timestamp from address bar
* remove defaults from backend timestamps
* timestamp should be optional
* fix edge case: query without timestamp
* similar edge case: no timestamp in pagination
* ruff :/
* better edge case handling
* stabilize random search test w/more recipes
* better pagination seeding
* update pagination seed test
* remove redundant random/seed check
* Test for api routes to random sorting.
* please the typing gods
* hack to make query parameters throw correct exc
* ruff
* fix validator message typo
* black reformatting
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* Creating postgres migration script and starting to set up to detect database
* non-working placeholders for postgres pg_tgrm
* First draft of some indexes
* non-working commit of postgres indexing
* Further non-working edits to db-centric fuzzy search
* update alembic for extensions
* More non-working setup
* Move db type check to init_db
* fix typo in db name check
* Add sqlite token search and postgres full text search
* reorder search to hit exact matches faster
* Add settings and docs for POSTGRES_LANGUAGE (full text search)
* Use user-specified POSTGRES_LANGUAGE in search
* fix fuzzy search typo
* Remove full text search and instead order by trigram match
* cleaner adding of indices, remove fulltext
* Cleanup old import of getting app settings
* Fix typo in index
* Fix some alembic fuzzy typos
* Remove diagnostic printing from alembic migration
* Fix mixed up commutator for trigram operator and relax criteria
* forgot to remove query debug
* sort only on name
* token and fuzzy search tests
* Refactor recipe search test to avoid rare random string cross-matches.
* Add ability to quote parts of search for exact match
* Remove internal punctuation, unless it's quoted for literal search
* Add tests for special character removal and literal search
* Remove the outer double quotes from searches, but leave internal single quotes alone.
* Update tests to avoid intra-test name collisions
* Fixing leftovers highlighted by lint
* cleanup linting and mypy errors
* Fix test cross-matching on dirty db (leftovers from bulk import)
* forgot to cleanup something when debugging mypy errors
* re-order pg_trgm loading in postgres
* address comments
* Dev docs: tests, postgres/psycog2
* Update pull request process.
* Add Food/Unit parsing instructions to the FAQ
* Update docker composes: mealie-data now local to docker-compose rather than hidden in docker volume dir! postgres points to 1.0.0b5
* sqlite docker-compose: mealie-data now local rather than hidden in docker volumes
* Merge Intro FAQ into main FAQ
* Progress on docs
* Add Advanced and v1b5 to docs index
* v1b5 changelog consistency with other changelogs
* Features: fix wrong link, name buttons for clarity
* Migration: link to github releases
* Updating: link to migration page, format docker cmds
* FAQ: update smart ingredient formatting
* Intro: fix typos
* API: update for newbie clarity
* Roadmap: update feature request & progress mechanism
* iOS shortcut: fix broken image links
* installation: add SMTP google app passwords
* Postgres: add header note on why.
* Update Groups doc per Discord discussion
* mealie-data back into docker default volume path
* added support for SQL keywords IS, IN, LIKE, NOT
deprecated datetime workaround for "<> null"
updated frontend reference for "<> null" to "IS NOT NULL"
* tests
* refactored query filtering to leverage orm
* added CONTAINS ALL keyword
* tests
* fixed bug where "and" or "or" was in an attr name
* more tests
* linter fixes
* TIL this works
* extended query filter to accept nested tables
* decoupled timeline api from recipe slug
* modified frontend to use simplified events api
* fixed nested loop index ghosting
* updated existing tests
* gave mypy a snack
* added tests for nested queries
* fixed "last made" render error
* decoupled recipe timeline from dialog
* removed unused props
* tweaked recipe get_all to accept ids
* created group global timeline
added new timeline page to sidebar
reformatted the recipe timeline
added vertical option to recipe card mobile
* extracted timeline item into its own component
* fixed apploader centering
* added paginated scrolling to recipe timeline
* added sort direction config
fixed infinite scroll on dialog
fixed hasMore var not resetting during instantiation
* added sort direction to user preferences
* updated API docs with new query filter feature
* better error tracing
* fix for recipe not found response
* simplified recipe crud route for slug/id
added test for fetching by slug/id
* made query filter UUID validation clearer
* moved timeline menu option below shopping lists
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* New translations en-US.json (French)
* New translations en-US.json (Slovak)
* New translations en-US.json (Swedish)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (German)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Catalan)
* New translations en-US.json (Catalan)
* New translations en-US.json (Spanish)
* New translations en-US.json (Catalan)
* New translations en-US.json (Spanish)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Romanian)
* New translations en-US.json (Romanian)
* New translations en-US.json (Romanian)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (German)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (German)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (German)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* New translations en-US.json (Hebrew)
* Remove some implicit lazy-loads from user serialization
* implement full backup restore across different database versions
* rework all custom getter dicts to not leak lazy loads
* remove some occurances of lazy-loading
* remove a lot of lazy loading from recipes
* add more eager loading
remove loading options from repository
remove raiseload for checking
* fix failing test
* do not apply loader options for paging counts
* try using selectinload a bit more instead of joinedload
* linter fixes
* expanded safe html tags and attrs
* removed style attr
* add note on sources of safe elements
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* implemented copymethat migration
* added migration tree
* added translation support
* genericized example jpgs
* added test data
* fixed test archive
* switched recipe create to service
added test for timeline event creation
* linting
* lxml go brrr
* add option to enable starttls for ldap
* add integration test for ldap service
* document new, optional environment variable
* fix: support anonymous bind
* id and mail attributes in LDAP_USER_FILTER should be implied
* remove print statement
* remove unused TS Ignores
* refactor planner into multiple pages
also includes some minor UI adjustments and some feature work to improve the date selector
* use mobile cards for meal-planner
* remove component
* New translations en-US.json (Danish)
* New translations en-US.json (German)
* New translations en-US.json (German)
* New translations en-US.json (Dutch)
* New translations en-US.json (Polish)
* New translations en-US.json (Turkish)
* New translations en-US.json (Dutch)
* New translations en-US.json (Polish)
* New translations en-US.json (Turkish)
* fixes cookbook ordering in frontend
* Revert "fixes cookbook ordering in frontend"
This reverts commit 1b5b172911.
* Fix cookbook ordering the proper way
* fix webhooks not firing due to missing session
* disable webhook test button because it doesnt do anything
* fix background task administration not working at all
* fix error in test
* added color back to labels
* improved mobile view
refactored layout to use grid
allowed text wrapping on item labels
removed label overflow
added completion date on checked items
* sort checked items by last updated
* made checking an item off more responsive
* optimized moving checked items
removed unnecessary updateAll call
removed jitter when shopping list refreshes
* adds authentication method for users
* fix db migration with postgres
* tests for auth method
* update migration ids
* hide auth method on user creation form
* (docs): Added documentation for the new authentication method
* update migration
* add to auto-form instead of having hidden fields
* fixed mealplan timeline event task
fixed indentation to only look at one group at a time
changed grumpy update to happy patch
* updated pytest to catch this error
* I don't know how this got past the pre-commit
* allow certain props to be updated on locked recipe
* pytest
* added "last_made" to hardcoded datetime fields
* refactored last made to its own route
* codegen/types
* updated pytest
* added backend for shopping list label config
* updated codegen
* refactored shopping list ops to service
removed unique contraint
removed label settings from main route/schema
added new route for label settings
* codegen
* made sure label settings output in position order
* implemented submenu for label order drag and drop
* removed redundant label and tweaked formatting
* added view by label to user preferences
* made items draggable within each label section
* moved reorder labels to its own button
* made dialog scrollable
* fixed broken model
* refactored labels to use a service
moved shopping list label logic to service
modified label seeder to use service
* added tests
* fix for first label missing the tag icon
* fixed wrong mapped type
* added statement to create existing relationships
* fix restore test, maybe
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (German)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Finnish)
* New translations en-US.json (Hungarian)
* New translations en-US.json (German)
* New translations en-US.json (Hungarian)
* New translations en-US.json (Dutch)
* feat: server side search API (#2112)
* refactor repository_recipes filter building
* add food filter to recipe repository page_all
* fix query type annotations
* working search
* add tests and make sure title matches are ordered correctly
* remove instruction matching again
* fix formatting and small issues
* fix another linting error
* make search test no rely on actual words
* fix failing postgres compiled query
* revise incorrectly ordered migration
* automatically extract latest migration version
* test migration orderes
* run type generators
* new search function
* wip: new search page
* sortable field options
* fix virtual scroll issue
* fix search casing bug
* finalize search filters/sorts
* remove old composable
* fix type errors
---------
Co-authored-by: Sören <fleshgolem@gmx.net>
* Update docker-compose.yml
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.mealie.environment.WEB_GUNICORN contains true, which is an invalid type, it should be a string, number, or a null
* Update docker-compose.yml
Also fix SMTP settings, since they aren't in array format as in mealie-frontend.
* Once more, ironing out a few minor issues.
Server status reported this, I think this is the correct value, but I'm happy to revert and/or update the value as needed.
* Revert previous two commits
Per https://github.com/hay-kot/mealie/pull/2109#pullrequestreview-1294610637
* Stray newline
Missed a stray newline that was inadvertently added.
* add indices to all foreign keys and some fields that are used for ordering and filtering
* add missing migrations
* update migration orders
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* Corrected if statement to check if a results was returned by the LDAP search. And decoded the user_attributes from binary data to string
* removed trailing spaces
* Revert asserts in LDAP unit test back
Since an empty tuple is still a result, an user is created and the result should not be false.
* Simplified code
* Extended the LDAP implementation
* fix ldap authentication and user creation
* modified docs to include new LDAP environment variables
* update tests and linting
* add libldap-2.4-2 as runtime dependency for the api
---------
Co-authored-by: Erik Landkroon <eriklandkroon@gmail.com>
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (German)
* New translations en-US.json (German)
* New translations en-US.json (Danish)
* New translations en-US.json (German)
* New translations en-US.json (Dutch)
* added related user to mealplans
* made timeline event message actually optional
* added task to create events for mealplan recipes
* replaced fk constraint ops with bulk ops
* fixed event creation and adjusted query range
* indentation is hard
* added missing recipe id query filter
* added tests
* upgrade sqlalchemy to 2.0
* rewrite all db models to sqla 2.0 mapping api
* fix some importing and typing weirdness
* fix types of a lot of nullable columns
* remove get_ref methods
* fix issues found by tests
* rewrite all queries in repository_recipe to 2.0 style
* rewrite all repository queries to 2.0 api
* rewrite all remaining queries to 2.0 api
* remove now-unneeded __allow_unmapped__ flag
* remove and fix some unneeded cases of "# type: ignore"
* fix formatting
* bump black version
* run black
* can this please be the last one. okay. just. okay.
* fix repository errors
* remove return
* drop open API validator
---------
Co-authored-by: Sören Busch <fleshgolem@gmx.net>
* Scheduled tasks log to Debug, not Info
* Add LOG_LEVEL config to .env
* Update some other log levels and fix typos
* fix logger initializer
---------
Co-authored-by: Jakob Rubin <647846+Grygon@users.noreply.github.com>
* feat(lang): localize some views
* feat(lang): an attempt at localizing vuetify (WIP)
* feat(lang): localized some more screens
* feat(lang): localized some more screens again
* feat(lang): hack to localize vuetify
* feat(lang): localize data management pages
* fix linting errors
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* Upload recipe step images from mobile devices
This adds a button in the recipe step dropdown, as not all mobile
devices can drag and drop a file into the web page
See #885
* Add progress bar
* New translations en-US.json (Spanish)
* New translations en-US.json (Spanish)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* Move recipe validations from RecipeSummary to Recipe
* fix RepositoryRecipes loading recipes with ingredients even when load_food is False
* Add eager loading of ingredient units
* fix trying to instantiate PaginationBase with concrete type not being valid for mypy
* fix linting issue
* tidied up shopping list item models
redefined recipe refs and updated models
added calculated display attribute to unify shopping list item rendering
added validation to use a food's label if an item's label is null
* fixed schema reference
* refactored shopping list item service
route all operations through one central method to account for edgecases
return item collections for all operations to account for merging
consolidate recipe items before sending them to the shopping list
* made fractions prettier
* replaced redundant display text util
* fixed edgecase for zero quantity items on a recipe
* fix for pre-merging recipe ingredients
* fixed edgecase for merging create_items together
* fixed bug with merged updated items creating dupes
* added test for self-removing recipe ref
* update items are now merged w/ existing items
* refactored service to make it easier to read
* added a lot of tests
* made it so checked items are never merged
* fixed bug with dragging + re-ordering
* fix for postgres cascade issue
* added prevalidator to recipe ref to avoid db error
* add httpx depedency for async http requests
* rework scraper strategies to download recipe html asynchronously
* rework recipe_data_service to download recipe images asynchronously
* fix recipe_parser test, so it can use async results
* fix bulk import so that it also works with async scraper
* fix broken recipe_parser tests
* Fix issues found by scanners
* Add additional checks for ingredient and instruction count in test_create_by_url
* Revert changes in test recipe_data
Since we are checking ingredients and instructions in test_create_url now, these would fail with the stored html of recipe data
* Add explicit type annotation in recipe_data_service.largest_content_len
* Fix typo in annotation
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (Finnish)
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (Portuguese)
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (Finnish)
* New translations en-US.json (Finnish)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Finnish)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Finnish)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Italian)
* New translations en-US.json (Italian)
* New translations en-US.json (Finnish)
* New translations en-US.json (Finnish)
* New translations en-US.json (Italian)
* New translations en-US.json (Italian)
* New translations en-US.json (Finnish)
* New translations en-US.json (Italian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Hungarian)
* New translations en-US.json (Hungarian)
* New translations en-US.json (Hungarian)
* New translations en-US.json (Hungarian)
* Fix issue where recipes could not have all their ingredients/instructions removed
* Add test for removing all instructions and ingredients from a recipe
* prevent list refresh while re-ordering items
* update position of new items to stay at the bottom
* prevent refresh while loading
* copy item while editing so it isn't refreshed
* added loading count to handle overlapping actions
* fixed recipe reference throttling
* prevent merging checked and unchecked items
* Fix example postgres docker-compose setup in docs
Add a local volume to postgres container so changes get persisted between restarts
* Fix linked volume in postgres doc
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Polish)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (German)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Bulgarian)
* New translations en-US.json (Bulgarian)
* propogate scale changes to print view
* fixed incorrect variable reference
* refactored shopping list recipe routes
cleaned up existing logic
added support for recipe scaling
* updated current revision
* adding to shopping list respects UI recipe scale
* added field annotations
* added tests for recipe scaling
* made column nullable and set to 1 during migration
* New translations en-US.json (Danish)
* New translations en-US.json (Danish)
* New translations en-US.json (Dutch)
* New translations en-US.json (Turkish)
* New translations en-US.json (German)
* New translations en-US.json (Italian)
* New translations en-US.json (German)
* New translations en-US.json (Ukrainian)
* Filtering special characters during automatic linking of ingredients to instructions
Used a unicode group to have a set of all unicode punctuation marks
* allowing for linking of ingredients to instruction at the beginning of a newline in the instruction
* Extracted ingredient matching into a composable and added tests. Ignoring 2 letter words to avoid false matches.
While testing the code 2 letter matches were a large source of false positives.
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (French)
* New translations en-US.json (Turkish)
* added new icons
* added timeline badge and dialog to action menu
* more icons
* implemented timeline dialog using temporary API
* added route for fetching all timeline events
* formalized API call and added mobile-friendly view
* cleaned tags
* improved last made UI for mobile
* added event context menu with placeholder methods
* adjusted default made this date
set time to 1 minute before midnight
adjusted display to properly interpret UTC
* fixed local date display
* implemented update/delete routes
* fixed formating for long subjects
* added api error handling
* made everything localizable
* fixed weird formatting
* removed unnecessary async
* combined mobile/desktop views w/ conditional attrs
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (German)
* changed default sort direction for certain attrs
* added workaround for filtering out null datetimes
* filtered out null-valued results for certain sorts
* removed unecessary parse
* used minyear instead of 1900
* add trivy image scanning
* implement as partial workflow
* support both the frontend and backend Dockerfiles for scanning
* fix docker build context location
* New translations en-US.json (German)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (German)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Ukrainian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* New translations en-US.json (Lithuanian)
* added chef hat
* removed unnecessary log
* modified recipe and recipe timeline event schema
changed timeline event "message" -> "event_message"
added "last made" timestamp to recipe
* added "I made this" dialog to recipe action menu
* added missing field and re-ran code-gen
* moved dialog out of context menu and refactored
removed references in action menu and context menu
refactored dialog to be triggered by a button instead
added route to update recipe last made timestamp
added visual for last made timestamp to recipe header and title
* added sorting by last made
* switched event type to comment
* replaced alter column with pydantic alias
* added tests for event message alias
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* updated the sidebar; on mobile devices, the sidebar will be closed by default
* updated the AppSideBar
* change variable name
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* added polling for changes every 5 seconds
* fixed demi import
* stop polling if the refresh fails too many times
* only poll for changes when the user is active
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Dutch)
* added recipe_timeline_events table to db
* added schema and routes for recipe timeline events
* added missing mixin and fixed update schema
* added tests
* adjusted migration revision tree
* updated alembic revision test
* added initial timeline event for new recipes
* added additional tests
* added event bus support
* renamed event_dt to timestamp
* add timeline_events to ignore list
* run code-gen
* use new test routes implementation
* use doc string syntax
* moved event type enum from db to schema
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (German)
* New translations en-US.json (Polish)
* health check as python script
* install crfpp model via python
* drop curl from finale container
* use uvicorn by default w/ gunicorn as opt in
* recommend setting mem limit for container
The only label that was applied to the shopping list view was one that was manually assigned. Now we first check if the item has a label, if not we check if the food has a label, then if there really is no label we display nothing.
Previously, the recipe-ratings component would not sync to the v-modeled value when doing it's own updating. This PR fixes that issue and ensures that the value is pushed up to the parent whether in emit only mode or not.
* add vitest
* initialize lib w/ tests
* move to dev dep
* run tests in CI
* update file names
* move api folder to lib
* move api and api types to same folder
* update generator outpath
* rm husky
* i guess i _did_ need those types
* reorg types
* extract validators into testable components
* (WIP) start composable testing
* fix import type
* fix linter complaint
* simplify icon type def
* fix linter errors (maybe?)
* rename client file for sorting
This PR does too many things :(
1. Major refactoring of the dev/scripts and dev/code-generation folders.
Primarily this was removing duplicate code and cleaning up some poorly written code snippets as well as making them more idempotent so then can be re-run over and over again but still maintain the same results. This is working on my machine, but I've been having problems in CI and comparing diffs so running generators in CI will have to wait.
2. Re-Implement using the generated api routes for testing
This was a _huge_ refactor that touched damn near every test file but now we have auto-generated typed routes with inline hints and it's used for nearly every test excluding a few that use classes for better parameterization. This should greatly reduce errors when writing new tests.
3. Minor Perf improvements for the All Recipes endpoint
A. Removed redundant loops
B. Uses orjson to do the encoding directly and returns a byte response instead of relying on the default
jsonable_encoder.
4. Fix some TS type errors that cropped up for seemingly no reason half way through the PR.
See this issue https://github.com/phillipdupuis/pydantic-to-typescript/issues/28
Basically, the generated TS type is not-correct since Pydantic will automatically fill in null fields. The resulting TS type is generated with a ? to indicate it can be null even though we _know_ that i can't be.
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Catalan)
* New translations en-US.json (Danish)
* refactored EventBusService to work outside FastAPI
* extended event models
* refactored webhooks to run through event bus
* added basic webhook test route
* changed get_all to page_all
* fixed incorrectly implemented Vue variables
* fixed broken webhook test
* changed factory from staticmethod to classmethod
* made query boundary definitions easier to read
* added api extras to other tables
genericized api extras model from recipes
added extras column to ingredient foods
added extras column to shopping lists
added extras column to shopping list items
* updated alembic version test
* made mypy happy
* added TODO on test that does nothing
* added extras tests for lists, items, and foods
* added docs for new extras
* modified alembic versions to eliminate branching
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Norwegian)
* New translations en-US.json (Dutch)
* docs: fix typos
* typos: fix typos found by `codespell` across the codebase
* docs: fix `macOS` spelling
* docs: fix `authentification` terminology
"Authentification" is not a thing.
* docs: fix `localhost` typo in example link
* typos: fix in-code typos
These are potentially higher risk, but no other mentions of these typos
show up in the codebase.
* Add pytesseract
* Add simple ocr endpoint
replace extension argument
* feat/ocr-editor gui
* fix frontend linting issues
* Add service unit tests
* Add split text modes & single ingredient/instruction editing
* make split mode really reactive
* Remove default step and ingredient
* make the linter haappy
* Accept only image uploads
* Add automatic recipe title suggestion
* Correct regex
* fix incorrect array.map method usage
* make the linter happy again
* Swap route to use asset name
* Rearange buttons
* fix test data
* feat: Allow making image the recipe image
* Add translation
* Make the linter happy
* Restrict function setPropertyValueByPath generic
* Restrict template literal type
* Add a more friendly icon to creation page
* update poetry lock file
* Correct sloppy ocr classes
* Make MyPy happy
* Rewrite safer tests
* Add tesseract to backend test CI container dependencies
* Make canvas element a component global
* Remove unwanted spaces in selected text
* Add way to know if recipe was created with ocr
* Access to ocr-editor for ocr recipes
* Update Alembic revision
* Make the frontend build
* Fix scrolling offset bug
* Allow creation of recipes with custom settings
* Fix rebasing mistakes
* Add format_tsv_output test
* Exclude the tests data directory only
* Enforce camelCase for frontend functions
* Remove import of unused component
* Fix type and class initialization
* Add multi-language support
* Highlight words in mount
* Fix image ratio bug
* Better ocr creation page
* Revert awkward feature to scroll in Selection mode
* Rebasing alembic migrations sux
* Remove obsolete getShared function
* Add function docstring
* Move down ocr creation option
* Make toolbar icons more generic
* Show help at the bottom of the page
* move ocr types to own file
* Use template ref for the canvas
* Use i18n.tc to get strings directly
* Correct naming mistake
* Move Ocr editor to own directory
* Create Ocr Editor parts
* Safeguard recipe properties access
* Add loading frontend animation due to longer request time
* minor cleanup chores
Co-authored-by: Miroito <alban.vachette@gmail.com>
* Use Base DN for LDAP and fetch user attrs
Requires that a Base DN be set for LDAP
Set `full_name` and `email` based on LDAP attributes when creating user
* Add support for secure LDAP
Allow insecure LDAP connection (disabled by default)
Use CA when connecting to secure LDAP server
* Added missing quotes to example
* Update security.py
* Update security.py formatting
* Update security.py
Switched to f-String formatting
* formatting
* Update test_security.py
Added at attributes for testing
* Update test_security.py
Modified tests for base DN
* Update test_security.py
Set proper base DN for testing
* Update test_security.py
Corrected testing for LDAP
* Update test_security.py
Defined base_dn
* Authenticated user not in base DN
Add check for when user can authenticate but is not in base DN
* Update test_security.py
LDAP user cannot exist as it is searched before it is created and the list returns False
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* New translations en-US.json (French)
* New translations en-US.json (Turkish)
* New translations en-US.json (Turkish)
* New translations en-US.json (Turkish)
Previously, "advanced features" was per group, not per user. With this change, this is now properly submitted on user registration. The "seed data" setting is also per group.
* Add option to stay in edit mode after loading from URL.
* Stay in Edit mode now default behaviour after scraping recipe from URL.
* Fix missing param error.
* Fix incorrect read of boolean variable.
* Fix stupid error due to not understanding Vue.
* minor style and bug fixes
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* initial public explorer API endpoint
* public API endpoint
* cleanup recipe page
* wip: init explorer page
* use public URLs for shared recipes
* refactor private share tokens to use shared page
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (Swedish)
* refactored event dispatching
added EventDocumentType and EventOperation to Event
added event listeners to bulk recipe changes
overhauled shopping list item events to be more useful
modified shopping list item repo to return more information
* added internal documentation for event types
* renamed message_types.py to event_types.py
* added unique event id and fixed instantiation
* generalized event listeners and publishers
moved apprise publisher to new apprise event listener
fixed duplicate message bug with apprise publisher
* added JWT field for user-specified integration id
* removed obselete test notification route
* tuned up existing notification tests
* added dependency to get integration_id from jwt
* added base crud controller to facilitate events
* simplified event publishing
* temporarily fixed test notification
Refactor recipe page to use break up the component and make it more usable across different pages. I've left the old route in as well in case there is some functional breaks, I plan to remove it before the official release once we've tested the new editor some more in production. For now there will just have to be some duplicate components and pages around.
Adds a proper check for the mealplan.recipe property in multiple places to resolve the bug described in #1571. In development the page would fail to render.
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* New translations en-US.json (German)
* New translations en-US.json (German)
* New translations en-US.json (German)
* New translations en-US.json (German)
* New translations en-US.json (Hebrew)
* New translations en-US.json (German)
* grouped "instructions" header with first section
* fixed sort by last updated date
* somewhat-hacky bugfix for large screens
* modified page size to be divisible by 4
* fixed missing export for new data forms
* fix typing on auth context
* extract user password strength meter
* fix broken useToggle method
* extend form to accept arguments for validators
* enforce password length on update
* fix user password change form
* add data-types required for login security
* implement user lockout checking at login
* cleanup legacy patterns
* expose passwords in test_user
* test user lockout after bad attempts
* test user service
* bump alembic version
* save increment to database
* add locked_at to datetime transformer on import
* do proper test cleanup
* implement scheduled task
* spelling
* document env variables
* implement context manager for session
* use context manager
* implement reset script
* cleanup generator
* run generator
* implement API endpoint for resetting locked users
* add button to reset all locked users
* add info when account is locked
* use ignore instead of expect-error
On mobile screens when following a registration invite link, the page
would be too wide to interact with, extending well over the sides of the
phone.
This is because the minimum size of content is set to `auto` (by
default), and accord to the spec (https://www.w3.org/TR/css-flexbox-1/#specified-size-suggestion)
the minimum size of the element is the mimimum size of it's content. The
password strength element in the panel had a width of 500px, making the
entire component overflow the screen.
Changing the width to `flex-basis` instead, allows for the password
strength element to shrink if it overflows the screen.
* Moves dependencies directly to controllers
* Reduces use of @cached_property - (I have a suspicion that this is a factor in memory usage)
* reduce duplicate ways to access the same property on a controller.
* fixed incorrect response model
* added category and tag filters
* moved categories and tags params to route and
changed to query array param
* type fixes
* added category and tag tests
* New translations en-US.json (Swedish)
* New translations en-US.json (Swedish)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Slovak)
* New translations en-US.json (Dutch)
* New translations en-US.json (Dutch)
* added create dialogs to food and unit pages
* minor css tweaks
* properly reset create form
* added placeholder name attribute for type checking
* removed unnecessary value assignment
* type fixes
* corrected comment
* add autofocus and use ref<VForm> for form refs
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* added new sort icons
* added dynamic sort icons
* implemented local storage for sorting
and mobile card view
* fixed bug with local storage booleans
* added type hints
* bum vue use to use merge defaults
* use reactive localstorage
* add $vuetify type
* sort returns
* fix type error
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* fixed typo
* merged "all recipes" pagination into recipe card
created custom sort card for all recipes
refactored backend calls for all recipes to sort/paginate
* frontend lint fixes
* restored recipes reference
* replaced "this" with reference
* fix linting errors
* re-order context menu
* add todo
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* created query filter classes
* extended pagination to include query filtering
* added filtering tests
* type improvements
* move type help to dev depedency
* minor type and perf fixes
* breakup test cases
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (French)
* New translations en-US.json (Danish)
* New translations en-US.json (Italian)
* New translations en-US.json (Italian)
* New translations en-US.json (Italian)
* New translations en-US.json (Greek)
* New translations en-US.json (Greek)
* New translations en-US.json (Dutch)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
* New translations en-US.json (Czech)
rewrite get_all routes to use a pagination pattern to allow for better implementations of search, filter, and sorting on the frontend or by any client without fetching all the data. Additionally we added a CI check for running the Nuxt built to confirm that no TS errors were present. Finally, I had to remove the header support for the Shopping lists as the browser caching based off last_updated header was not allowing it to read recent updates due to how we're handling the updated_at property in the database with nested fields. This will have to be looked at in the future to reimplement. I'm unsure how many other routes have a similar issue.
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* fixed type error
* exposed created/updated timestamps to shopping list schema
* added custom route to mix in "last-modified" header when available in CRUD routes
* mixed in MealieCrudRoute to APIRouters
* added HEAD route for shopping lists/list-items
* replaced default serializer with FastAPI's
* added staticmethod decorators to avoid mypy error
* exposed created and updated timestamps to schema
* changed default sort from date_added to created_at
* explicitely sort recent recipes by created_at
* removed static method and replaced w/ type: ignore
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* New translations en-US.json (Polish)
* fix type errors on event bus
* webhooks fields required for new implementation
* db migration
* wip: webhook query + tests and stub function
* ignore type checker error
* type and method cleanup
* datetime and time utc validator
* update testing code for utc scheduled time
* fix file cmp function call
* update version_number
* add support for translating "time" objects when restoring backup
* bump recipe-scrapers
* use specific import syntax
* generate frontend types
* utilize names exports
* use utc times
* add task to scheduler
* implement new scheduler functionality
* stub for type annotation
* implement meal-plan data getter
* add experimental banner
* Fixed incorrect generic deleted notification text
* Added custom "event_source" header for json notifs
* Added internal reference data to event notifs
* Added event listeners to shopping list items
* Fixed type issues
* moved JSON event source k:v pairs to message body
* added hook for all supported custom endpoints
fixed bug that excluded non-custom notification types
* created event_source class to replace loosely-typed dict
* fixed silent error when dispatching a null task
* moved url updates to static function
* added unit tests for event_source url manipulation
* removed array from event bus (it's unsupported)
* grouped ingredients and instructions into sections
* added missing import
* divided ingredient sections and instruction sections into their own containers
* tweaked css to prevent sections from getting split between pages
* replaced horizontal rule with a text underline
* removed leftover CSS
* implement computer properties as reducers
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* Added API params to order by different properties
* fix for incorrect var name
* removed invalid default order_by
* implemented fallback for invalid user input
* increased float rounding precision for crf parser
* limited fractions to a max denominator of 32 to prevent weirdly specific values
* add test cases for 1/8 and 1/32
* add rounding to avoid more digits than necessary
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* fixed bug where ingredient titles were lost after parsing
* added fallback in case of strange behavior during parsing
* removed unnecessary linebreak
* Added custom scaling option
* Allow custom scaling with no yield set
* Made edit-scale translated
* fixed merge conflict
* Refactored scale editor to use menu
* replaced vslot with #
* linter issues
* fixed linter issues
* fixed one more linter issue
* format files + minor UI changes
* remove console.log
* move buttons into component and setup v-model
* drop servings text
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* add drag and drop support for recipe steps
* fix recipe assets dialog state
* add attr support for markdown editor
* add persistent hint for recipe text editor
* Delay server response whenever username is non existing
* utilize hasher to achieve constant timing
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* add 'use-abbreviation' db column
* type generation
* add view and edit elements
* check for use_abbreviation to display
* fix: alembic version check
* test: add use_abbreviation prop tests
* New translations en-US.json (French)
* New translations en-US.json (German)
* New translations en-US.json (German)
* New translations en-US.json (German)
Please confirm and check all the following prior to submission. If you do not do this, your
issue may be closed.
options:
- label:I used the GitHub search to find a similar requests and didn't find it.
required:true
- label:Checked the [tasks tagged](https://github.com/hay-kot/mealie/issues?q=is%3Aissue+is%3Aopen+label%3Atask+) issues and verified my feature is not covered
required:true
- type:textarea
id:problem
attributes:
label:Please provide a concise description of the problem that would be addressed by this feature.
validations:
required:true
- type:textarea
id:solution
attributes:
label:Please provide a concise description of the feature that would resolve your issue.
validations:
required:true
- type:textarea
id:considerations
attributes:
label:Please consider and list out some caveats or tradeoffs made in your design decision
validations:
required:true
- type:checkboxes
id:additional-information
attributes:
label:Additional Information
options:
- label:If this is accepted I'm willing to submit a PR to provide this feature
- label:If this is accepted I'm willing to help maintain this feature
- label:I'm willing to sponsor/pay a developer to do this work
description:"submit a bug report for the current release"
name:Bug Report
description:"Submit a bug for the latest version of Mealie"
title:"[BUG] - YOUR TITLE"
labels:["bug","triage"]
body:
- type:checkboxes
id:checks
attributes:
label:First Check
description:Please confirm and check all the following options.
description:|
Please confirm and check all the following prior to submission. If you do not do this, your
issue may be closed.
options:
- label:This is not a feature request
required:true
@@ -18,8 +22,8 @@ body:
required:true
- label:I already read the docs and didn't find an answer.
required:true
- label:I have checked for existing issues that have been resolved in v1-beta
required:true
- label:This issue can be replicated on the demo site (https://demo.mealie.io/)
required:false
- type:textarea
id:description
attributes:
@@ -27,6 +31,23 @@ body:
placeholder:A clear and concise description of what the bug is.
validations:
required:true
- type:textarea
id:reproduction
attributes:
label:Steps to Reproduce
placeholder:1) ... 2) ... 3) ...
validations:
required:true
- type:textarea
id:logs
attributes:
label:Please provide relevent logs
validations:
required:true
- type:textarea
id:version
attributes:
label:Mealie Version
- type:dropdown
id:os
attributes:
@@ -42,13 +63,6 @@ body:
validations:
required:true
- type:textarea
id:os-details
id:other
attributes:
label:Deployment Details
description:You can add more details about your operating system here, in particular if you chose "Other". If you are experiencing issues with deployment, please provide your docker-compose or docker commands
description:Please confirm and check all the following options.
options:
- label:This is not a feature request
required:true
- label:I added a very descriptive title to this issue.
required:true
- label:I used the GitHub search to find a similar issue and didn't find it.
required:true
- label:I searched the Mealie documentation, with the integrated search.
required:true
- label:I already read the docs and didn't find an answer.
required:true
- type:textarea
id:description
attributes:
label:What is the issue you are experiencing?
placeholder:A clear and concise description of what the bug is.
validations:
required:true
- type:dropdown
id:os
attributes:
label:Deployment
description:What Deployment system are you using?
multiple:true
options:
- Docker (Linux)
- Docker (Windows)
- Docker (Synology)
- Unraid
- Other
validations:
required:true
- type:textarea
id:os-details
attributes:
label:Deployment Details
description:You can add more details about your operating system here, in particular if you chose "Other". If you are experiencing issues with deployment, please provide your docker-compose or docker commands
args:'🚀 Version {{ EVENT_PAYLOAD.release.tag_name }} of Mealie has been released. See the release notes https://github.com/hay-kot/mealie/releases/tag/{{ EVENT_PAYLOAD.release.tag_name }}'
args:"🚀 Version {{ EVENT_PAYLOAD.release.tag_name }} of Mealie has been released. See the release notes https://github.com/hay-kot/mealie/releases/tag/{{ EVENT_PAYLOAD.release.tag_name }}"
Mealie is a self hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in Vue for a pleasant user experience for the whole family. Easily add recipes into your database by providing the url and Mealie will automatically import the relevant data or add a family recipe with the UI editor. Mealie also provides an API for interactions from 3rd party applications.
- [Remember to join the Discord](https://discord.gg/QuStdQGSGK)!
- [Documentation](https://docs.mealie.io)
- [Documentation](https://nightly.mealie.io)
<!-- CONTRIBUTING -->
## Contributing
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**. If you're going to be working on the code-base you'll want to use the nightly documentation to ensure you get the latest information.
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**. If you're going to be working on the code-base, you'll want to use the nightly documentation to ensure you get the latest information.
- See the [Contributors Guide](https://nightly.mealie.io/contributors/developers-guide/code-contributions/) for help getting started.
- We use VSCode Dev Contains to make it easy for contributors to get started!
- We use [VSCode Dev Containers](https://code.visualstudio.com/docs/remote/containers) to make it easy for contributors to get started!
If you are not a coder, you can still contribute financially. financial contributions help me prioritize working on this project over others and helps me know that there is a real demand for project development.
If you are not a coder, you can still contribute financially. Financial contributions help me prioritize working on this project over others and helps me know that there is a real demand for project development.
<a href="https://www.buymeacoffee.com/haykot" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-green.png" alt="Buy Me A Coffee" style="height: 30px !important;width: 107px !important;" ></a>
<!-- LICENSE -->
## License
Distributed under the MIT License. See `LICENSE` for more information.
Distributed under the AGPL License. See `LICENSE` for more information.
## Sponsors
Huge thanks to all the sponsors of this project on [Github Sponsors](https://github.com/sponsors/hay-kot) and Buy Me a Coffee. Without you this project would surely not be possible.
Huge thanks to all the sponsors of this project on [Github Sponsors](https://github.com/sponsors/hay-kot) and Buy Me a Coffee. Without you, this project would surely not be possible.
Thanks to Linode for providing Hosting for the Demo, Beta, and Documentation sites! Another big thanks to JetBrains for providing their IDEs for development.
@@ -99,7 +87,7 @@ Thanks to Linode for providing Hosting for the Demo, Beta, and Documentation sit
Since this software is still considered beta/WIP support is always only given for the latest version. Security patches are only available for the latest version and not back-ported to older versions.
## Reporting a Vulnerability
For general security vulnerabilities you're welcome to open a GitHub issues or contribute a fix. If you feel the vulnerability should not be disclosed you can open a generic issue on GitHub and email to the details to [ob92oy0sl@mozmail.com](mailto:ob92oy0sl@mozmail.com) which is monitored by the maintainer.
"description":"These Levain Bakery-Style Peanut Butter Cookies are the ULTIMATE for serious PB lovers! Supremely thick and chewy with gooey centers and a soft texture, they're packed with peanut butter flavor and Reese's Pieces for the most amazing cookie ever!",
"text":"Preheat oven to 410° degrees F. Line 2 baking sheets with parchment paper or silicone liners; set aside.",
"ingredientReferences":[],
},
{
"id":"4e1c30c2-2e96-4a0a-b750-23c9ea3640f8",
"title":"",
"text":"In the bowl of a stand mixer, cream together the cubed butter, brown sugar and granulated sugar with the paddle attachment for 30 seconds on low speed. Increase speed to medium and beat for another 30 seconds, then increase to medium-high speed and beat for another 30 seconds until mixture is creamy and smooth. Beat in the eggs, one at a time, followed by the vanilla extract and peanut butter, scraping down the sides and bottom of the bowl as needed.",
"ingredientReferences":[],
},
{
"id":"9fb8e2a2-d410-445c-bafc-c059203e6f4b",
"title":"",
"text":"Add in the cornstarch, baking soda, salt, cake flour, and all-purpose flour and mix on low speed until just combined. Fold in the peanut butter chips and Reese's Pieces candies by hand until fully incorporated. Chill the dough uncovered in the fridge for 15 minutes.",
"ingredientReferences":[],
},
{
"id":"1ceb9aa4-49f7-4d4a-996f-3c715eb74642",
"title":"",
"text":'Using a digital kitchen scale for accuracy, weigh out 6 ounces of cookie dough in a loose, rough textured ball. I like to make my cookie dough balls kind of tall as well. You do not want the dough balls to be smooth and compacted. Place on the baking sheet. Repeat with remaining dough balls, staggering on the baking sheet at least 3" apart from one another, and only placing 4 dough balls per baking sheet.',
"ingredientReferences":[],
},
{
"id":"591993fc-72bb-4091-8a12-84640c523fc1",
"title":"",
"text":"Bake one baking sheet at a time in the center rack of the oven for 10-13 minutes or until the tops are light golden brown and the exterior is dry and dull looking. Centers will be slightly underdone and gooey; this is okay and the cookies will finish cooking some once removed from the oven. Let stand on the baking sheets for at least 30 minutes before serving; the cookies are very delicate and fragile once removed from the oven and need time to set before being moved. Keep remaining dough refrigerated while other cookies bake.",
@@ -67,6 +67,6 @@ This is, what I think, is a big release! Tons of new features and some great qua
### Breaking Changes
!!! error "Breaking Changes"
- API endpoints have been refactored to adhear to a more consistent standard. This is a WIP and more changes are likely to occur.
- API endpoints have been refactored to adhere to a more consistent standard. This is a WIP and more changes are likely to occur.
- Officially Dropped MongoDB Support
- Database Breaks! We have not yet implemented a database migration service. As such, upgrades cannot be done by simply pulling the image. You must first export your recipes, update your deployment, and then import your recipes. This pattern is likely to be how upgrades take place prior to v1.0. After v1.0 migrations will be done automatically.
- Site Settings has been completely revamped. All site-wide settings at defined on the server as ENV variables. The site settings page now only shows you the non-secret values for reference. It also has some helpers to let you know if something isn't configured correctly.
- Server Side Bare URL will let you know if the BASE_URL env variable has been set
- Secure Site let's you know if you're serving via HTTPS or accessing by localhost. accessing without a secure site will render some of the features unusable.
- Secure Site let's you know if you're serving via HTTPS or accessing by localhost. Accessing without a secure site will render some of the features unusable.
- Email Configuration Status will let you know if all the email settings have been provided and offer a way to send test emails.
In this case if a attacker try to load a huge file then server will try to load the file and eventually server use its all memory which will dos the server
##### Mitigation
HTML is now scraped via a Stream and canceled after a 15 second timeout to prevent arbitrary data from being loaded into the server.
#### v1.0.0beta-3 and Under - Recipe Assets: Remote Code Execution
!!! error "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
As a low privileged user, Create a new recipe and click on the "+" to add a New Asset.
Select a file, then proxy the request that will create the asset.
Since mealie/routes/recipe/recipe_crud_routes.py:306 is calling slugify on the name POST parameter, we use $ which slugify() will remove completely.
Since mealie/routes/recipe/recipe_crud_routes.py:306 is concatenating raw user input from the extension POST parameter into the variable file_name, which ultimately gets used when writing to disk, we can use a directory traversal attack in the extension (e.g. ./../../../tmp/pwn.txt) to write the file to arbitrary location on the server.
As an attacker, now that we have a strong attack primitive, we can start getting creative to get RCE. Since the files were being created by root, we could add an entry to /etc/passwd, create a crontab, etc. but since there was templating functionality in the application that peaked my interest. The PoC in the HTTP request above creates a Jinja2 template at /app/data/template/pwn.html. Since Jinja2 templates execute Python code when rendered, all we have to do now to get code execution is render the malicious template. This was easy enough.
##### Mitigation
We've added proper path sanitization to ensure that the user is not allowed to write to arbitrary locations on the server.
!!! warning "Breaking Change Incoming"
As this has shown a significant area of exposure in the templates that Mealie was provided for exporting recipes, we'll be removing this feature in the next Beta release and will instead rely on the community to provide tooling around transforming recipes using templates. This will significantly limit the possible exposure of users injecting malicious templates into the application. The template functionality will be completely removed in the next beta release v1.0.0beta-5
#### All version Markdown Editor: Cross Site Scripting
A low privilege user can insert malicious JavaScript code into the Recipe Instructions which will execute in another person's browser that visits the recipe.
`<img src=x onerror=alert(document.domain)>`
##### Mitigation
This issues is present on all pages that allow markdown input. This error has been mitigated by wrapping the 3rd Party Markdown component and using the `domPurify` library to strip out the dangerous HTML.
#### v1.0.0beta-3 and Under - Image Scraper: Server-Side Request Forgery
In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services.
Furthermore, after the resource is fetch, there is no MIME type validation, which would ensure that the resource is indeed an image. After this, because there is no extension in the provided URL, the application will fallback to jpg, and original for the image name.
Then the result is saved to disk with the original.jpg name, that can be retrieved from the following URL: http://<domain>/api/media/recipes/<recipe-uid>/images/original.jpg. This file will contain the full response of the provided URL.
**Impact**
An attacker can get sensitive information of any internal-only services running. For example, if the application is hosted on Amazon Web Services (AWS) platform, its possible to fetch the AWS API endpoint, https://169.254.169.254, which returns API keys and other sensitive metadata.
##### Mitigation
Two actions were taken to reduce exposure to SSRF in this case.
1. The application will not prevent requests being made to local resources by checking for localhost or 127.0.0.1 domain names.
2. The mime-type of the response is now checked prior to writing to disk.
If either of the above actions prevent the user from uploading images, the application will alert the user of what error occurred.
### Bug Fixes
- For erroneously-translated datetime config ([#1362](https://github.com/hay-kot/mealie/issues/1362))
- Fixed text color on RecipeCard in RecipePrintView and implemented ingredient sections ([#1351](https://github.com/hay-kot/mealie/issues/1351))
- Ingredient sections lost after parsing ([#1368](https://github.com/hay-kot/mealie/issues/1368))
- Increased float rounding precision for CRF parser ([#1369](https://github.com/hay-kot/mealie/issues/1369))
- Infinite scroll bug on all recipes page ([#1393](https://github.com/hay-kot/mealie/issues/1393))
- Fast fail of bulk importer ([#1394](https://github.com/hay-kot/mealie/issues/1394))
- Bump @mdi/js from 5.9.55 to 6.7.96 in /frontend ([#1279](https://github.com/hay-kot/mealie/issues/1279))
- Bump @nuxtjs/i18n from 7.0.3 to 7.2.2 in /frontend ([#1288](https://github.com/hay-kot/mealie/issues/1288))
- Bump date-fns from 2.23.0 to 2.28.0 in /frontend ([#1293](https://github.com/hay-kot/mealie/issues/1293))
- Bump fuse.js from 6.5.3 to 6.6.2 in /frontend ([#1325](https://github.com/hay-kot/mealie/issues/1325))
- Bump core-js from 3.17.2 to 3.23.1 in /frontend ([#1383](https://github.com/hay-kot/mealie/issues/1383))
- All-recipes page now sorts alphabetically ([#1405](https://github.com/hay-kot/mealie/issues/1405))
- Sort recent recipes by created_at instead of date_added ([#1417](https://github.com/hay-kot/mealie/issues/1417))
- Only show scaler when ingredients amounts enabled ([#1426](https://github.com/hay-kot/mealie/issues/1426))
- Add missing types for API token deletion ([#1428](https://github.com/hay-kot/mealie/issues/1428))
- Improve parser ui text display ([#1437](https://github.com/hay-kot/mealie/issues/1437))
<!-- generated by git-cliff -->
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.