Cloud v2.7.8

.eslintignore

@@ -1972,6 +1972,9 @@ packages/tools/release-android.js.map
 packages/tools/release-cli.d.ts
 packages/tools/release-cli.js
 packages/tools/release-cli.js.map
+packages/tools/release-cloud.d.ts
+packages/tools/release-cloud.js
+packages/tools/release-cloud.js.map
 packages/tools/release-electron.d.ts
 packages/tools/release-electron.js
 packages/tools/release-electron.js.map

.github/workflows/joplin-cloud.yml

@@ -0,0 +1,66 @@
+name: Joplin Cloud
+on:
+  push:
+    tags:
+      - 'cloud-v*'
+jobs:
+  JoplinCloudDockerImage:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    steps:
+
+      # Silence apt-get update errors (for example when a module doesn't
+      # exist) since otherwise it will make the whole build fails, even though
+      # it might work without update. libsecret-1-dev is required for keytar -
+      # https://github.com/atom/node-keytar
+
+      - name: Install Linux dependencies
+        run: |
+          sudo apt-get update || true
+          sudo apt-get install -y gettext
+          sudo apt-get install -y libsecret-1-dev
+          sudo apt-get install -y translate-toolkit
+
+      - name: Install Docker Engine
+        run: |
+          sudo apt-get install -y apt-transport-https
+          sudo apt-get install -y ca-certificates
+          sudo apt-get install -y curl
+          sudo apt-get install -y gnupg
+          sudo apt-get install -y lsb-release
+          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+          echo \
+              "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+              $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+          sudo apt-get update || true
+          sudo apt-get install -y docker-ce docker-ce-cli containerd.io
+
+      - uses: actions/checkout@v2
+      - uses: olegtarasov/get-tag@v2.1
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+
+      - name: Install Yarn
+        run: |
+          # https://yarnpkg.com/getting-started/install
+          corepack enable
+      
+      # Login to Docker only if we're on a server release tag. If we run this on
+      # a pull request it will fail because the PR doesn't have access to
+      # secrets
+      - uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        env:
+          IS_CONTINUOUS_INTEGRATION: 1
+          BUILD_SEQUENCIAL: 1
+        run: |
+          yarn install
+          yarn run buildServerDocker --tag-name $GIT_TAG_NAME --repository laurent22/joplin-cloud --push-images
+  

.gitignore

@@ -1962,6 +1962,9 @@ packages/tools/release-android.js.map
 packages/tools/release-cli.d.ts
 packages/tools/release-cli.js
 packages/tools/release-cli.js.map
+packages/tools/release-cloud.d.ts
+packages/tools/release-cloud.js
+packages/tools/release-cloud.js.map
 packages/tools/release-electron.d.ts
 packages/tools/release-electron.js
 packages/tools/release-electron.js.map

packages/server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joplin/server",
-  "version": "2.7.4",
+  "version": "2.7.8",
   "private": true,
   "scripts": {
     "start-dev": "yarn run build && JOPLIN_IS_TESTING=1 nodemon --config nodemon.json --ext ts,js,mustache,css,tsx dist/app.js --env dev",

packages/server/public/css/main.css

@@ -11,7 +11,7 @@ html {
 	max-width: none !important;
 }
 
-div.navbar-container {
+.is-admin-page div.navbar-container {
 	padding: 0 3rem;
 }
 

packages/server/src/middleware/routeHandler.ts

@@ -10,7 +10,7 @@ export default async function(ctx: AppContext) {
 	const requestStartTime = Date.now();
 
 	try {
-		const responseObject = await execRequest(ctx.joplin.routes, ctx);
+		const { response: responseObject, path } = await execRequest(ctx.joplin.routes, ctx);
 
 		if (responseObject instanceof Response) {
 			ctx.response = responseObject.response;
@@ -20,7 +20,7 @@ export default async function(ctx: AppContext) {
 			const view = responseObject as View;
 			ctx.response.status = view?.content?.error ? view?.content?.error?.httpCode || 500 : 200;
 			ctx.response.body = await ctx.joplin.services.mustache.renderView(view, {
-				currentUrl: ctx.URL,
+				currentPath: path,
 				notifications: ctx.joplin.notifications || [],
 				hasNotifications: !!ctx.joplin.notifications && !!ctx.joplin.notifications.length,
 				owner: ctx.joplin.owner,

packages/server/src/models/UserDeletionModel.test.ts

@@ -159,21 +159,22 @@ describe('UserDeletionModel', function() {
 			disabled_time: t0,
 		});
 
-		await models().userDeletion().autoAdd(10, 90 * Day, 3 * Day);
+		await models().userDeletion().autoAdd(10, 90 * Day, t0 + 3 * Day);
 
 		expect(await models().userDeletion().count()).toBe(0);
 
 		const t1 = new Date('2022-05-30').getTime();
 		jest.setSystemTime(t1);
 
-		await models().userDeletion().autoAdd(10, 90 * Day, 3 * Day);
+		await models().userDeletion().autoAdd(10, 90 * Day, t1 + 3 * Day);
 
 		expect(await models().userDeletion().count()).toBe(1);
 		const d = (await models().userDeletion().all())[0];
 		expect(d.user_id).toBe(user2.id);
+		expect(d.scheduled_time).toBe(t1 + 3 * Day);
 
 		// Shouldn't add it again if running autoAdd() again
-		await models().userDeletion().autoAdd(10, 90 * Day, 3 * Day);
+		await models().userDeletion().autoAdd(10, 90 * Day, t1 + 3 * Day);
 		expect(await models().userDeletion().count()).toBe(1);
 
 		jest.useRealTimers();

packages/server/src/services/MustacheService.ts

@@ -5,14 +5,13 @@ import config from '../config';
 import { filename } from '@joplin/lib/path-utils';
 import { NotificationView } from '../utils/types';
 import { User } from '../services/database/types';
-import { makeUrl, UrlType } from '../utils/routeUtils';
+import { makeUrl, SubPath, urlMatchesSchema, UrlType } from '../utils/routeUtils';
 import MarkdownIt = require('markdown-it');
 import { headerAnchor } from '@joplin/renderer';
 import { _ } from '@joplin/lib/locale';
-import { adminDashboardUrl, adminEmailsUrl, adminTasksUrl, adminUserDeletionsUrl, adminUsersUrl, changesUrl, homeUrl, itemsUrl, stripOffQueryParameters } from '../utils/urlUtils';
-import { URL } from 'url';
+import { adminDashboardUrl, adminEmailsUrl, adminTasksUrl, adminUserDeletionsUrl, adminUsersUrl, changesUrl, homeUrl, itemsUrl } from '../utils/urlUtils';
 
-type MenuItemSelectedCondition = (selectedUrl: URL)=> boolean;
+type MenuItemSelectedCondition = (selectedUrl: SubPath)=> boolean;
 
 export interface MenuItem {
 	title: string;
@@ -64,7 +63,7 @@ interface GlobalParams {
 	isAdminPage?: boolean;
 	adminMenu?: MenuItem[];
 	navbarMenu?: MenuItem[];
-	currentUrl?: URL;
+	currentPath?: SubPath;
 }
 
 export function isView(o: any): boolean {
@@ -112,25 +111,23 @@ export default class MustacheService {
 		return `${config().layoutDir}/${name}.mustache`;
 	}
 
-	private setSelectedMenu(selectedUrl: URL, menuItems: MenuItem[]) {
-		if (!selectedUrl) return;
+	private setSelectedMenu(selectedPath: SubPath, menuItems: MenuItem[]) {
+		if (!selectedPath) return;
 		if (!menuItems) return;
 
-		const url = stripOffQueryParameters(selectedUrl.href);
-
 		for (const menuItem of menuItems) {
 			if (menuItem.url) {
 				if (menuItem.selectedCondition) {
-					menuItem.selected = menuItem.selectedCondition(selectedUrl);
+					menuItem.selected = menuItem.selectedCondition(selectedPath);
 				} else {
-					menuItem.selected = url === menuItem.url;
+					menuItem.selected = urlMatchesSchema(menuItem.url, selectedPath.schema);
 				}
 			}
-			this.setSelectedMenu(selectedUrl, menuItem.children);
+			this.setSelectedMenu(selectedPath, menuItem.children);
 		}
 	}
 
-	private makeAdminMenu(selectedUrl: URL): MenuItem[] {
+	private makeAdminMenu(selectedPath: SubPath): MenuItem[] {
 		const output: MenuItem[] = [
 			{
 				title: _('General'),
@@ -159,12 +156,12 @@ export default class MustacheService {
 			},
 		];
 
-		this.setSelectedMenu(selectedUrl, output);
+		this.setSelectedMenu(selectedPath, output);
 
 		return output;
 	}
 
-	private makeNavbar(selectedUrl: URL, isAdmin: boolean): MenuItem[] {
+	private makeNavbar(selectedPath: SubPath, isAdmin: boolean): MenuItem[] {
 		let output: MenuItem[] = [
 			{
 				title: _('Home'),
@@ -186,14 +183,14 @@ export default class MustacheService {
 					title: _('Admin'),
 					url: adminDashboardUrl(),
 					icon: 'fas fa-hammer',
-					selectedCondition: (selectedUrl: URL) => {
-						return selectedUrl.pathname.startsWith('/admin/') || selectedUrl.pathname === '/admin';
+					selectedCondition: (selectedPath: SubPath) => {
+						return selectedPath.schema.startsWith('admin/') || selectedPath.schema === 'admin';
 					},
 				},
 			]);
 		}
 
-		this.setSelectedMenu(selectedUrl, output);
+		this.setSelectedMenu(selectedPath, output);
 
 		return output;
 	}
@@ -295,8 +292,8 @@ export default class MustacheService {
 		globalParams = {
 			...this.defaultLayoutOptions,
 			...globalParams,
-			adminMenu: globalParams ? this.makeAdminMenu(globalParams.currentUrl) : null,
-			navbarMenu: this.makeNavbar(globalParams?.currentUrl, globalParams?.owner ? !!globalParams.owner.is_admin : false),
+			adminMenu: globalParams ? this.makeAdminMenu(globalParams.currentPath) : null,
+			navbarMenu: this.makeNavbar(globalParams?.currentPath, globalParams?.owner ? !!globalParams.owner.is_admin : false),
 			userDisplayName: this.userDisplayName(globalParams ? globalParams.owner : null),
 			isAdminPage,
 			s: {

packages/server/src/services/UserDeletionService.ts

@@ -112,7 +112,7 @@ export default class UserDeletionService extends BaseService {
 		const addedUserIds = await this.models.userDeletion().autoAdd(
 			10,
 			this.config.USER_DATA_AUTO_DELETE_AFTER_DAYS * Day,
-			3 * Day,
+			Date.now() + 3 * Day,
 			{
 				processAccount: true,
 				processData: true,

packages/server/src/utils/routeUtils.test.ts

@@ -1,4 +1,4 @@
-import { findMatchingRoute, isValidOrigin, parseSubPath, splitItemPath } from './routeUtils';
+import { findMatchingRoute, isValidOrigin, parseSubPath, splitItemPath, urlMatchesSchema } from './routeUtils';
 import { ItemAddressingType } from '../services/database/types';
 import { RouteType } from './types';
 import { expectThrow } from './testing/testUtils';
@@ -99,7 +99,7 @@ describe('routeUtils', function() {
 	});
 
 	it('should check the request origin for API URLs', async function() {
-		const testCases: any[] = [
+		const testCases: [string, string, boolean][] = [
 			[
 				'https://example.com', // Request origin
 				'https://example.com', // Config base URL
@@ -141,7 +141,7 @@ describe('routeUtils', function() {
 	});
 
 	it('should check the request origin for User Content URLs', async function() {
-		const testCases: any[] = [
+		const testCases: [string, string, boolean][] = [
 			[
 				'https://usercontent.local', // Request origin
 				'https://usercontent.local', // Config base URL
@@ -170,4 +170,40 @@ describe('routeUtils', function() {
 		}
 	});
 
+	it('should check if a URL matches a schema', async function() {
+		const testCases: [string, string, boolean][] = [
+			[
+				'https://test.com/items/123/children',
+				'items/:id/children',
+				true,
+			],
+			[
+				'https://test.com/items/123',
+				'items/:id',
+				true,
+			],
+			[
+				'https://test.com/items',
+				'items',
+				true,
+			],
+			[
+				'https://test.com/items/123/children',
+				'items/:id',
+				false,
+			],
+			[
+				'',
+				'items/:id',
+				false,
+			],
+		];
+
+		for (const testCase of testCases) {
+			const [url, schema, expected] = testCase;
+			const actual = urlMatchesSchema(url, schema);
+			expect(actual).toBe(expected);
+		}
+	});
+
 });

packages/server/src/utils/routeUtils.ts

@@ -6,6 +6,7 @@ import { AppContext, HttpMethod, RouteType } from './types';
 import { URL } from 'url';
 import { csrfCheck } from './csrf';
 import { contextSessionId } from './requestUtils';
+import { stripOffQueryParameters } from './urlUtils';
 
 const { ltrimSlashes, rtrimSlashes } = require('@joplin/lib/path-utils');
 
@@ -112,6 +113,12 @@ export function isPathBasedAddressing(fileId: string): boolean {
 	return fileId.indexOf(':') >= 0;
 }
 
+export const urlMatchesSchema = (url: string, schema: string): boolean => {
+	url = stripOffQueryParameters(url);
+	const regex = new RegExp(`${schema.replace(/:id/, '[a-zA-Z0-9]+')}$`);
+	return !!url.match(regex);
+};
+
 // Allows parsing the two types of paths supported by the API:
 //
 // root:/Documents/MyFile.md:/content
@@ -189,7 +196,12 @@ function disabledAccountCheck(route: MatchedRoute, user: User) {
 	if (route.subPath.schema.startsWith('api/')) throw new ErrorForbidden(`This account is disabled. Please login to ${config().baseUrl} for more information.`);
 }
 
-export async function execRequest(routes: Routers, ctx: AppContext) {
+interface ExecRequestResult {
+	response: any;
+	path: SubPath;
+}
+
+export async function execRequest(routes: Routers, ctx: AppContext): Promise<ExecRequestResult> {
 	const match = findMatchingRoute(ctx.path, routes);
 	if (!match) throw new ErrorNotFound();
 
@@ -215,7 +227,10 @@ export async function execRequest(routes: Routers, ctx: AppContext) {
 	await csrfCheck(ctx, isPublicRoute);
 	disabledAccountCheck(match, ctx.joplin.owner);
 
-	return endPoint.handler(match.subPath, ctx);
+	return {
+		response: await endPoint.handler(match.subPath, ctx),
+		path: match.subPath,
+	};
 }
 
 // In a path such as "/api/files/SOME_ID/content" we want to find:

packages/server/src/views/index/help.md

@@ -1,32 +1,50 @@
 # Joplin Cloud Help
 
-## How can I change my details?
+## Account management
 
-Most of your details can be found in your Profile page. To open it, click on the Profile button - this is the button in the top right corner, with your name or email on it.
+### How can I change my details?
 
-## How can I get more space?
+Most of your details can be found in your [Profile](/users/me) page. To open it, click on the Profile button - this is the button in the top right corner, with your name or email on it.
 
-If you are on a Basic account, you may upgrade to a Pro account to get more space. Click on the [Profile button](#how-can-i-change-my-details), then scroll down and select "Upgrade to Pro".
+### How can I get more space?
+
+If you are on a Basic account, you may upgrade to a Pro account to get more space. Open your [profile](/users/me), then scroll down and select "Upgrade to Pro".
 
 If you are already on a Pro account, and you need more space for specific reasons, please contact us as we may increase the cap in some cases.
 
-## How can I manage my payment details?
+### How can I switch to a different billing cycle or plan?
 
-To update your card or other payment details, click on the [Profile button](#how-can-i-change-my-details), then scroll down and click on "Manage subscription".
-
-## How can I switch to a different billing cycle or plan?
-
-To switch between yearly and monthly payments, or to change from a Basic to Pro plan or vice versa, please click on the [Profile button](#how-can-i-change-my-details), then scroll down and click on "Manage subscription". From the Subscription page, click on Update Plan to choose your new billing cycle or to change your plan.
+To switch between yearly and monthly payments, or to change from a Basic to Pro plan or vice versa, please open your [profile](/users/me), then scroll down and click on "[Manage subscription](/stripe/portal)". From the Subscription page, click on Update Plan to choose your new billing cycle or to change your plan.
 
 Note that if you downgrade from Pro to Basic, new limitations will apply so for example you may have to delete some notes so that your account is below the required limit.
 
-## Can my subscription be refunded?
+## Billing
 
-We offer a 14 days trial when the subscription starts so that you can evaluate the service and potentially change your mind - if you cancel during that period you will not be charged. After 14 days your card will be charged and it will not be possible to issue a refund.
+### How can I manage my payment details?
 
-## How can I cancel my account?
+To update your card or other payment details, open your [profile](/users/me), then scroll down and click on "[Manage subscription](/stripe/portal)".
 
-Click on the [Profile button](#how-can-i-change-my-details), then scroll down and click on "Manage subscription". Your subscription will be cancelled and you will not be charged on what would have been the next billing period. Please note that we do not cancel accounts over email as we cannot verify your identity, however we can provide assistance if there is an issue.
+### If a payment has failed
+
+This can happen for various reasons, for example if your card is expired, if your bank has blocked the payment, or simply if the card details are not correct. So you may want to check all this, and possibly contact your bank to tell them to authorise the payment.
+
+When a payment has failed, Stripe will retry again a few times, a few days later, so you don't need to do anything. However please note that after 14 days the Joplin Cloud account will be restricted until the payment is made - it will still be possible to download your data, but it will not be possible to upload more.
+
+### How to manually pay an invoice when a payment has failed?
+
+In case of a failed payment, Stripe will retry automatically. However you may also manually pay the invoice by following these steps:
+
+Open your [profile](/users/me), then click on "[Manage subscription](/stripe/portal)". This will open your Joplin Cloud subscription page. Scroll down and, under "Invoice history", click on the invoice that has a failed payment. This will open a new page where you can pay the invoice.
+
+## Cancellation policy
+
+### Can my subscription be refunded?
+
+We offer a 14 days trial when the subscription starts so that you can evaluate the service and potentially change your mind - if you cancel during that period you will not be charged. After that period of time, billing will start and it will not be possible to issue a refund. It is however possible to cancel the subscription.
+
+### How can I cancel my account?
+
+Open your [profile](/users/me), then scroll down and click on "[Manage subscription](/stripe/portal)". Your subscription will be cancelled and you will not be charged on what would have been the next billing period. Please note that we do not cancel accounts over email as we cannot verify your identity, however we can provide assistance if there is an issue.
 
 ## Further information
 

packages/tools/release-cloud.ts

@@ -0,0 +1,22 @@
+import { execCommand2, rootDir, gitPullTry, completeReleaseWithChangelog } from './tool-utils';
+
+const serverDir = `${rootDir}/packages/server`;
+
+async function main() {
+	await gitPullTry();
+
+	process.chdir(serverDir);
+	const version = (await execCommand2('npm version patch')).trim();
+	const versionSuffix = ''; // isPreRelease ? '-beta' : '';
+	const tagName = `cloud-${version}${versionSuffix}`;
+
+	const changelogPath = `${rootDir}/readme/changelog_cloud.md`;
+
+	await completeReleaseWithChangelog(changelogPath, version, tagName, 'Cloud', false, 'https://github.com/laurent22/joplin-private/releases/tag');
+}
+
+main().catch((error) => {
+	console.error('Fatal error');
+	console.error(error);
+	process.exit(1);
+});

readme/changelog_cloud.md

@@ -0,0 +1,417 @@
+# Joplin Cloud Changelog
+
+## [cloud-v2.7.8](https://github.com/laurent22/joplin-private/releases/tag/cloud-v2.7.8) - 2022-02-23T14:15:14Z
+
+- Improved: Improve Help page (6a32935)
+- Improved: Only build image on tag (b81ef62)
+- Improved: Updated help file (2bd79f0)
+- Fixed user deletion schedule
+- Fixed sidebar menu selection
+
+## [cloud-v2.7.7](https://github.com/laurent22/joplin-private/releases/tag/cloud-v2.7.7) - 2022-02-22T12:31:26Z
+
+- Fixed: Fixed navbar alignment (b4fa6a0)
+
+## [server-v2.7.4](https://github.com/laurent22/joplin/releases/tag/server-v2.7.4) - 2022-02-02T19:23:34Z
+
+- New: Add task to automate deletion of disabled accounts (1afcb27)
+- Improved: Always display Help link even when not logged in (00163f5)
+- Improved: Call server start command directly, without going through npm (c185f00)
+- Improved: Disable session expiration logic for now (4c11bbf)
+- Improved: Enabled task to automatically delete sessions every 6 hours (69170dd)
+- Improved: Fixed handling of mailer security settings, and changed env variable name MAILER_SECURE => MAILER_SECURITY, and default port 587 => 465 (Breaking change) (#5222)
+- Improved: Improved env variable validation and support true-false as boolean values (fd322ed)
+- Improved: Improved string localization in views (98bfb65)
+- Improved: Make page wider only when displaying admin pages (df9c460)
+- Improved: Move admin pages under /admin (#6006)
+- Improved: Put admin pages under /admin (09cbe3c)
+- Improved: Remove uneeded CSS file (9dbf5e0)
+- Improved: Set NODE_ENV to "production" in Docker image (ed0f0fa)
+- Improved: Set a timestamp when disabling a user (2f7ab7e)
+- Improved: Simplify Docker image (#6010)
+- Improved: Temporarily save user info before deleting account (68469bc)
+- Improved: View sent emails from admin dashboard (f5f7981)
+- Fixed: Fixed sharing notebook with a user that does not have E2EE enabled (#5958)
+- Fixed: Use multi-stage builds and smaller base image (#6048) (#5397 by [@aaron](https://github.com/aaron))
+
+## [server-v2.7.3](https://github.com/laurent22/joplin/releases/tag/server-v2.7.3) - 2021-12-29T13:35:12Z
+
+- Improved: Allow deleting complete user data (#5824)
+- Improved: Changed ID length from 32 to 22 characters (e9ce3d1)
+- Improved: Disable logs and items pages for end-user (83a46e5)
+- Improved: Display NTP server domain and port when there is an error, and display message when NTP check is skipped (4a1bc07)
+- Improved: Increase default MAX_TIME_DRIFT to 2000 (35f684a)
+- Improved: Setup localisation (aa42ceb)
+
+## [server-v2.6.14](https://github.com/laurent22/joplin/releases/tag/server-v2.6.14) - 2021-12-02T16:29:54Z
+
+- Improved: Improved storage command (122afd6)
+
+## [server-v2.6.13](https://github.com/laurent22/joplin/releases/tag/server-v2.6.13) - 2021-11-29T18:41:28Z
+
+- New: Added command to delete database item content (01048f5)
+- Improved: Allow disabling NTP time drift check (dc67eac)
+- Improved: Do not set the SMTP auth option when user or password are not set (#5791 by [@MovingEarth](https://github.com/MovingEarth))
+- Improved: Increase default MAX_TIME_DRIFT to 100ms (8e54a65)
+- Improved: Optimise reading from external storage when fallback driver is not present (4fecb08)
+- Improved: Remove unique constraint errors from the log when they are already handled by the application (a6884a2)
+- Improved: Retry NTP request up to three times when it fails (7eb1d89)
+
+## [server-v2.6.12](https://github.com/laurent22/joplin/releases/tag/server-v2.6.12) - 2021-11-23T16:30:27Z
+
+- New: Added task to compress changes older than 6 months (75f7296)
+- Improved: Allow specifying a max content size when importing content to new storage (080c3cc)
+- Improved: Check for time drift when the server starts (#5738)
+- Improved: Display more debug info in error log (3716972)
+- Improved: Display more detailed error messages on SQL query errors (42a4edb)
+- Improved: Perform storage checks before starting services (16d5047)
+- Fixed: Fixed HandleOversizedAccounts task interval (fc419d9)
+
+## [server-v2.6.11](https://github.com/laurent22/joplin/releases/tag/server-v2.6.11) - 2021-11-14T17:14:51Z
+
+- Improved: Prevent large data blobs from crashing the application (5eb3a92)
+
+## [server-v2.6.10](https://github.com/laurent22/joplin/releases/tag/server-v2.6.10) - 2021-11-13T12:47:53Z
+
+- Improved: Improved storage migration error handling, and improved storage test units (5a41d80)
+- Improved: Rename "ReadOnly" mode to "ReadAndClear" to avoid any confusion (5cd4537)
+
+## [server-v2.6.9](https://github.com/laurent22/joplin/releases/tag/server-v2.6.9) - 2021-11-11T16:38:00Z
+
+- Improved: Hide more credentials from the log (73137cf)
+- New: Added command to test a storage connection (c6dec0a)
+- New: Added command to migrate content to different storage (005f720)
+
+## [server-v2.6.5](https://github.com/laurent22/joplin/releases/tag/server-v2.6.5) - 2021-11-10T12:07:50Z
+
+- Improved: Allow storing item content in database, filesystem or S3 (depending on config) (#5602)
+
+## [server-v2.6.3](https://github.com/laurent22/joplin/releases/tag/server-v2.6.3) - 2021-11-08T15:20:41Z
+
+- New: Add support for sharing notes when E2EE is enabled (#5529)
+- Improved: Disable mailer service if no-reply email is not set (ce5c5d6)
+- Improved: Display latest migration name after auto-migration (7ad73df)
+- Improved: Immediately ask user to set password after Stripe checkout (9e1cb9d)
+- Improved: Set resource content size when viewing published note (70d5c7a)
+
+## [server-v2.6.2](https://github.com/laurent22/joplin/releases/tag/server-v2.6.2) - 2021-11-03T12:54:38Z
+
+- New: Add support for faster built-in sync locks (#5662)
+- Improved: Improved env variable handling to make it self documenting and enforce type checking (b5d792c)
+- Improved: Improved logging and rendering of low level middleware errors (3704413)
+
+## [server-v2.5.10](https://github.com/laurent22/joplin/releases/tag/server-v2.5.10) - 2021-11-02T14:45:54Z
+
+- New: Add unique constraint on name and owner ID of items table (f7a18ba)
+- Fixed: Fixed issue that could cause server to return empty items in some rare cases (99ea4b7)
+
+## [server-v2.5.9](https://github.com/laurent22/joplin/releases/tag/server-v2.5.9) - 2021-10-28T19:43:41Z
+
+- Improved: Remove session expiration for now (4a2af32)
+
+## [server-v2.5.8](https://github.com/laurent22/joplin/releases/tag/server-v2.5.8) - 2021-10-28T16:07:23Z
+
+- New: Added item owner ID, and allow disabling db auto-migrations (b655f27)
+- Fixed: Fixed Stripe portal page redirection (9ba90b5)
+- Fixed: Fixed items.owner_id migration (a753429)
+- Fixed: Fixed display of latest migration in startup log (#5627 by [@KowalskiPiotr98](https://github.com/KowalskiPiotr98))
+- Improved: Moved CLI commands to separate files (dca13b3)
+- Improved: Delete all sessions when a password is changed or reset (b497177)
+- Improved: Expire sessions after 12 hours (0ada1df)
+- Improved: Improved task service log entries (bc5a853)
+- Improved: Run oversized account task more frequently (2f09f88)
+
+## [server-v2.5.5](https://github.com/laurent22/joplin/releases/tag/server-v2.5.5) - 2021-10-23T20:58:37Z
+
+- New: Added tool to delete old changes (169b585)
+- Fixed: Fixed issue when a notebook is shared, then unshared, then shared again (47fc51e)
+
+## [server-v2.5.2](https://github.com/laurent22/joplin/releases/tag/server-v2.5.2) - 2021-10-07T13:36:27Z
+
+- New: Add support for promotion codes (5b58811)
+- Improved: Sort flags by date (31efc9b)
+- Fixed: Fixed links in published notes (#5507)
+
+## [server-v2.5.1](https://github.com/laurent22/joplin/releases/tag/server-v2.5.1) - 2021-09-29T15:52:34Z
+
+- New: Add support for events and use them to track background tasks (79d1ad7)
+- Improved: Allow manually deleting a user flag (3a11885)
+- Improved: Also clear admin session ID on logout after impersonating a user (24945a0)
+- Improved: Correctly attach Stripe sub to Joplin Server sub when it is recreated from Stripe (5da820a)
+- Improved: Display banner when an account is disabled and provide reason (8c9331c)
+- Improved: Only disable API access when an account is disabled (6fec2a9)
+- Improved: Remove AccountOverLimit flag from accounts that are now below the limit (5de5370)
+- Improved: Send reminder email every time a payment fails (2dd8045)
+
+## [server-v2.4.11-beta](https://github.com/laurent22/joplin/releases/tag/server-v2.4.11-beta) - 2021-09-26T17:10:57Z
+
+- Improved: Do not allow accepting share more than once (57a1d03)
+- Fixed: Fixed Stripe checkout when a coupon is used (c45f961)
+
+## [server-v2.4.10-beta](https://github.com/laurent22/joplin/releases/tag/server-v2.4.10-beta) (Pre-release) - 2021-09-25T19:07:05Z
+
+- Improved: Improved share service reliability and optimised performance (0175348)
+- Security: Implement clickjacking defense (e3fd34e)
+
+## [server-v2.4.9](https://github.com/laurent22/joplin/releases/tag/server-v2.4.9-beta) - 2021-09-22T16:31:23Z
+
+- New: Add support for changing user own email (63e88c0)
+- Improved: Allow an admin to impersonate a user (03b4b6e)
+- Improved: Allow entering coupon code on Stripe checkout page (4577c9c)
+- Improved: Clear cookie when account has been deleted to allow viewing login page again (061761f)
+- Improved: Exclude certain queries from slow log (4e70ca6)
+- Improved: Handle Joplin Cloud failed subscription payments (a6b1cff)
+- Improved: Improved support for background tasks and added admin UI to view them (cd877f6)
+- Improved: Improved user list page (4d38397)
+- Improved: Link to Joplin Cloud signup page on login page (d850eed)
+- Improved: Manage subscription entirely from Stripe (7fac194)
+- Improved: Redirect to user page after changing a user (c91d4bd)
+- Improved: Rename admin button "Send reset password email" to more correct "Send account information email" (37d446b)
+- Improved: Sync deleted items first to allow fixing oversized accounts (43c594b)
+- Fixed: Fixed calculating total item size after an item has been deleted (024967c)
+
+## [server-v2.4.8](https://github.com/laurent22/joplin/releases/tag/server-v2.4.8-beta) - 2021-09-15T22:16:59Z
+
+- New: Added support for app level slow SQL query log (5e8b742)
+
+## [server-v2.4.7](https://github.com/laurent22/joplin/releases/tag/server-v2.4.7-beta) - 2021-09-15T15:58:46Z
+
+- Improved: Improve flag logic (c229821)
+- Fixed: Fixed handling of brute force limiter by getting correct user IP (3ce947e)
+
+## [server-v2.4.6](https://github.com/laurent22/joplin/releases/tag/server-v2.4.6-beta) - 2021-09-14T15:02:21Z
+
+- New: Add link to Stripe subscription page to manage payment details (4e7fe66)
+- New: Add transaction info to debug deadlock issues (01b653f)
+
+## [server-v2.4.3](https://github.com/laurent22/joplin/releases/tag/server-v2.4.3-beta) - 2021-09-02T17:49:11Z
+
+- New: Added Help page for Joplin Cloud (6520a48)
+- New: Added icon next to profile button (5805a41)
+- Improved: Display note title as page title when sharing note (82331c9)
+- Fixed: Fixed calculation of max sizes for Postgres (93a4ad0)
+
+## [server-v2.4.2](https://github.com/laurent22/joplin/releases/tag/server-v2.4.2) - 2021-08-28T17:45:41Z
+
+- New: Add request rate limter on session and login end points (543413d)
+- New: Add support for user flags (82b157b)
+- New: Added commands to control db migrations - list, down, up (2c79ce2)
+- Improved: Display user flags in profile when logged in as admin (4394329)
+- Improved: Handle flags for accounts over limit (6e087bc)
+- Improved: Increase cookies security - set HttpOnly, Secure and SameSite flags (bcadb36)
+- Improved: No longer install vim into the image (#5337 by [@piotrb](https://github.com/piotrb))
+- Improved: Re-enable account when new subscription is associated with it (ac82e4b)
+- Improved: Switch to node:16-bullseye base image (#5202 by [@piotrb](https://github.com/piotrb))
+- Fixed: Prevent crash when returning too many rows using SQLite (1efe3d3)
+- Fixed: Filenames with non-ascii characters could not be downloaded from published note (#5328)
+- Fixed: Fix missing CSS file error (#5309 by [@whalehub](https://github.com/whalehub))
+- Fixed: Fixed second duration (c7421df)
+
+## [server-v2.3.7](https://github.com/laurent22/joplin/releases/tag/server-v2.3.7-beta) - 2021-08-13T21:20:17Z
+
+- Fixed: Fix migrations (a9961ae)
+
+## [server-v2.3.6](https://github.com/laurent22/joplin/releases/tag/server-v2.3.6-beta) - 2021-08-13T20:59:41Z
+
+- Fixed: Fix migrations (f518549)
+
+## [server-v2.3.5](https://github.com/laurent22/joplin/releases/tag/server-v2.3.5-beta) - 2021-08-13T18:01:20Z
+
+- Fixed: Fixed pagination link styling (d42d181)
+
+## [server-v2.3.4](https://github.com/laurent22/joplin/releases/tag/server-v2.3.4-beta) - 2021-08-13T16:56:17Z
+
+- Improved: Allow setting email key to prevent the same email to be sent multiple times (391204c)
+- Improved: Clarify beta transition message (c4fcfec)
+- Improved: Disable upload for accounts with subscription failed payments (f14c74d)
+- Improved: Re-enable account when subscription is paid (4b5318c)
+- Improved: Set better filename and mime type for files downloaded via published notes (#5286)
+- Fixed: Fixed publishing of notes with HTML markup type (97726b0)
+- Fixed: Fix regression (6359c9c)
+- Fixed: Fixed layout of notes on mobile devices (#5269)
+
+## [server-v2.2.11](https://github.com/laurent22/joplin/releases/tag/server-v2.2.11-beta) - 2021-08-03T18:48:00Z
+
+- Improved: Disable beta account once expired (785248b)
+- Improved: Handle beta user upgrade (8910c87)
+- Improved: Prevent duplicate Stripe subscriptions and improved Stripe workflow testing (6ac22ed)
+- Fixed: Fixed support emails (724aa72)
+
+## [server-v2.2.10](https://github.com/laurent22/joplin/releases/tag/server-v2.2.10) - 2021-08-01T10:04:53Z
+
+- Improved: Allows providing a coupon when creating the Stripe checkout session (b5b6111)
+
+## [server-v2.2.9](https://github.com/laurent22/joplin/releases/tag/server-v2.2.9-beta) - 2021-07-31T13:52:53Z
+
+- New: Add Docker major, minor and beta version tags (#5237 by [@JackGruber](https://github.com/JackGruber))
+- New: Add support for Stripe yearly subscriptions (f2547fe)
+- Improved: Improve installation instructions (53b4d7a)
+- Fixed: Fixed certain URLs (282f782)
+- Fixed: Published notes that contain non-alphabetical characters could end up being truncated (#5229)
+
+## [server-v2.2.8](https://github.com/laurent22/joplin/releases/tag/server-v2.2.8-beta) - 2021-07-24T16:55:58Z
+
+- New: Added form tokens to prevent CSRF attacks (CVE-2021-23431) (19b45de)
+- Improved: Allow admin to change Stripe subscription (75a421e)
+- Improved: Allow enabling or disabling a user. Handle cancelling subscription. (27c3cbd)
+- Improved: Allow user to upgrade account (e83ab93)
+- Improved: Allow users to cancel Stripe subscription (b7e9848)
+- Improved: Clarify error message when user info cannot be saved (4567b78)
+- Improved: Explain how to use Joplin Server with a Joplin app (3f993af)
+- Improved: Handle Stripe webhook receiving multiple times the same event (252d069)
+- Improved: Make sure email URLs are displayed as clickable links (7245aea)
+- Improved: Moved email templates to separate files (6a93cb2)
+- Improved: Set default of env SUPPORT_EMAIL to "SUPPORT_EMAIL" to make it clear it needs to be set (92520e5)
+
+## [server-v2.2.7](https://github.com/laurent22/joplin/releases/tag/server-v2.2.7-beta) - 2021-07-11T17:31:42Z
+
+- New: Added support for resetting user password (62b6198)
+- Improved: Check password complexity (240cb35)
+- Improved: Disallow changing email address until a secure solution to change it is implemented (f8d2c26)
+- Fixed: Fixed mail queue as some emails were not being processed (89f4ca1)
+
+## [server-v2.2.6](https://github.com/laurent22/joplin/releases/tag/server-v2.2.6-beta) - 2021-07-09T15:57:47Z
+
+- New: Add Docker image labels (#5158 by [@JackGruber](https://github.com/JackGruber))
+- Fixed: Fixed change processing logic (5a27d4d)
+- Fixed: Fixed styling of shared note (6c1a6b0)
+
+## [server-v2.2.5](https://github.com/laurent22/joplin/releases/tag/server-v2.2.5-beta) - 2021-07-03T21:40:37Z
+
+- Improved: Make app context immutable and derive the per-request context properties from it (e210926)
+
+## [server-v2.2.4](https://github.com/laurent22/joplin/releases/tag/server-v2.2.4-beta) - 2021-07-03T21:10:29Z
+
+- Fixed: Fixed issue with user sessions being mixed up (238cc86)
+
+## [server-v2.2.3](https://github.com/laurent22/joplin/releases/tag/server-v2.2.3-beta) - 2021-07-03T19:38:36Z
+
+- Fixed: Fixed size of a database field (264f36f)
+
+## [server-v2.2.2](https://github.com/laurent22/joplin/releases/tag/server-v2.2.2-beta) - 2021-07-03T18:28:35Z
+
+- Improved: Improved logging and reliability of cron tasks (d99c34f)
+- Improved: Only emit "created" event when new user is saved (8883df2)
+
+## [server-v2.2.1](https://github.com/laurent22/joplin/releases/tag/server-v2.2.1-beta) - 2021-07-03T15:41:32Z
+
+- New: Add support for account max total size (b507fbf)
+- Improved: Display max size info in dashboard (3d18514)
+- Improved: Hide "Is Admin" from dashboard (7447793)
+- Improved: Moved Joplin-specific context properties under its own namespace (bfa7ea7)
+- Improved: Normalize email addresses before saving them (427218b)
+- Improved: Remove dangerous "Delete all" button for now (125af75)
+
+## [server-v2.1.6](https://github.com/laurent22/joplin/releases/tag/server-v2.1.6-beta) - 2021-06-24T10:01:46Z
+
+- Fixed: Fixed accessing main website (Regression) (f868797)
+
+## [server-v2.1.5](https://github.com/laurent22/joplin/releases/tag/server-v2.1.5-beta) - 2021-06-24T08:26:38Z
+
+- New: Add support for X-API-MIN-VERSION header (51f3c00)
+
+## [server-v2.1.4](https://github.com/laurent22/joplin/releases/tag/server-v2.1.4-beta) - 2021-06-24T07:26:03Z
+
+- Improved: Split permission to share note or folder (0c12c7f)
+- Fixed: Fixed handling of max item size for encrypted items (112157e)
+- Fixed: Fixed transaction locking issue when a sub-transaction fails (12aae48)
+
+## [server-v2.1.3](https://github.com/laurent22/joplin/releases/tag/server-v2.1.3-beta) - 2021-06-19T14:15:06Z
+
+- New: Add support for uploading multiple items in one request (3b9c02e)
+
+## [server-v2.1.1](https://github.com/laurent22/joplin/releases/tag/server-v2.1.1) - 2021-06-17T17:27:29Z
+
+- New: Added account info to dashboard and title to pages (7f0b3fd)
+- New: Added way to batch requests (currently disabled) (c682c88)
+- New: Added way to debug slow queries (e853244)
+- Improved: Hide Reset Password button when creating new users (ac03c08)
+- Improved: Sort users by name, then email (65c3d01)
+
+## [server-v2.0.14](https://github.com/laurent22/joplin/releases/tag/server-v2.0.14) - 2021-06-17T08:52:26Z
+
+- Improved: Allow sending reset password email from admin UI (479237d)
+- Improved: Tokens would expire too soon (6ae0e84)
+
+## [server-v2.0.13](https://github.com/laurent22/joplin/releases/tag/server-v2.0.13) - 2021-06-16T14:28:20Z
+
+- Improved: Allow creating a new user with no password, which must be set via email confirmation (1896549)
+- Improved: Allow creating a user with a specific account type from admin UI (ecd1602)
+- Fixed: Fixed error message when item is over the limit (ea65313)
+- Fixed: Fixed issue with user not being able to modify own profile (3c18190)
+
+## [server-v2.0.12](https://github.com/laurent22/joplin/releases/tag/server-v2.0.12) - 2021-06-15T16:24:42Z
+
+- Fixed: Fixed handling of user content URL (31121c8)
+
+## [server-v2.0.11](https://github.com/laurent22/joplin/releases/tag/server-v2.0.11) - 2021-06-15T11:41:41Z
+
+- New: Add navbar on login and sign up page (7a3a208)
+- New: Added option to enable or disable stack traces (5614eb9)
+- Improved: Handle custom user content URLs (a36b13d)
+- Fixed: Fixed error when creating user (594084e)
+
+## [server-v2.0.9](https://github.com/laurent22/joplin/releases/tag/server-v2.0.9-beta) - 2021-06-11T16:49:05Z
+
+- New: Add navbar on login and sign up page (7a3a208)
+- New: Added option to enable or disable stack traces (5614eb9)
+- Improved: Handle custom user content URLs (a36b13d)
+- Fixed: Fixed error when creating user (594084e)
+
+## [server-v2.0.6](https://github.com/laurent22/joplin/releases/tag/server-v2.0.6) - 2021-06-07T17:27:27Z
+
+- New: Add Stripe integration (770af6a)
+- New: Add request duration to log (c8d7ecb)
+- New: Add terms and privacy page (db7b802)
+- New: Added way to disable signup page, and added links between signup and login pages (75d79f3)
+- Improved: Check share ID when uploading a note (3c41b45)
+- Improved: Load shared user content from correct domain (de45740)
+
+## [server-v2.0.5](https://github.com/laurent22/joplin/releases/tag/server-v2.0.5) - 2021-06-02T08:14:47Z
+
+- New: Add version number on website (0ef7e98)
+- New: Added signup pages (41ed66d)
+- Improved: Allow disabling item upload for a user (f8a26cf)
+
+## [server-v2.0.4](https://github.com/laurent22/joplin/releases/tag/server-v2.0.4) - 2021-05-25T18:33:11Z
+
+- Fixed: Fixed Item and Log page when using Postgres (ee0f237)
+
+## [server-v2.0.3](https://github.com/laurent22/joplin/releases/tag/server-v2.0.3) - 2021-05-25T18:08:46Z
+
+- Fixed: Fixed handling of request origin (12a6634)
+
+## [server-v2.0.2](https://github.com/laurent22/joplin/releases/tag/server-v2.0.2) - 2021-05-25T19:15:50Z
+
+- New: Add mailer service (ed8ee67)
+- New: Add support for item size limit (6afde54)
+- New: Added API end points to manage users (77b284f)
+- Improved: Allow enabling or disabling the sharing feature per user (daaaa13)
+- Improved: Allow setting the path to the SQLite database using SQLITE_DATABASE env variable (68e79f1)
+- Improved: Allow using a different domain for API, main website and user content (83cef7a)
+- Improved: Generate only one share link per note (e156ee1)
+- Improved: Go back to home page when there is an error and user is logged in (a24b009)
+- Improved: Improved Items table and added item size to it (7f05420)
+- Improved: Improved log table too and made it sortable (ec7f0f4)
+- Improved: Make it more difficult to delete all data (b01aa7e)
+- Improved: Redirect to correct page when trying to access the root (51051e0)
+- Improved: Use external directory to store Postgres data in Docker-compose config (71a7fc0)
+- Fixed: Fixed /items page when using Postgres (2d0580f)
+- Fixed: Fixed bug when unsharing a notebook that has no recipients (6ddb69e)
+- Fixed: Fixed deleting a note that has been shared (489995d)
+- Fixed: Make sure temp files are deleted after upload is done (#4540)
+
+## [server-v2.0.1](https://github.com/laurent22/joplin/releases/tag/server-v2.0.1) - 2021-05-14T13:55:45Z
+
+- New: Add support for sharing notes via a link (ccbc329)
+- New: Add support for sharing a folder (#4772)
+- New: Added log page to view latest changes to files (874f301)
+- Fixed: Prevent new user password from being hashed twice (76c143e)
+- Fixed: Fixed crash when rendering note with links to non-existing resources or notes (07484de)
+- Fixed: Fixed error handling when no session is provided (63a5bfa)
+- Fixed: Fixed uploading empty file to the API (#4402)
+
+## [server-v1.7.2](https://github.com/laurent22/joplin/releases/tag/server-v1.7.2) - 2021-01-24T19:11:10Z
+
+- Fixed: Fixed password hashing when changing password
+- Improved: Many other internal changes for increased reliability