Release v1.2.0: Enhanced Authentication & Parent Folder Detection
Phase 1.5 Complete: - Add automatic API key generation with secure random generation - Add createParents parameter to create_note tool - Fix authentication vulnerability (auth enabled without key) - Add MCP client configuration snippet generator - Improve UI/UX for authentication management - Add comprehensive test coverage Security: - Fixed critical vulnerability in authentication middleware - Implement three-layer defense (UI, server start, middleware) - Cryptographically secure key generation (32 chars) Features: - Auto-generate API key when authentication enabled - Copy/regenerate buttons for API key management - Recursive parent folder creation for nested paths - Enhanced error messages with actionable guidance - Selectable connection information and config snippets Documentation: - Updated CHANGELOG.md with v1.2.0 release notes - Updated ROADMAP.md (Phase 1.5 marked complete) - Created IMPLEMENTATION_NOTES_AUTH.md - Created RELEASE_NOTES_v1.2.0.md
This commit is contained in:
122
RELEASE_NOTES_v1.2.0.md
Normal file
122
RELEASE_NOTES_v1.2.0.md
Normal file
@@ -0,0 +1,122 @@
|
||||
# Release Notes - Version 1.2.0
|
||||
|
||||
**Release Date:** October 16, 2025
|
||||
|
||||
## Overview
|
||||
|
||||
Version 1.2.0 completes Phase 1.5 of the roadmap, adding enhanced parent folder detection and significantly improved authentication security.
|
||||
|
||||
## What's New
|
||||
|
||||
### 📁 Enhanced Parent Folder Detection
|
||||
|
||||
**New `createParents` Parameter**
|
||||
- Added optional `createParents` parameter to `create_note` tool
|
||||
- Default: `false` (safe behavior - requires parent folders to exist)
|
||||
- When `true`: automatically creates missing parent folders recursively
|
||||
- Handles deeply nested paths (e.g., `a/b/c/d/e/file.md`)
|
||||
|
||||
**Improved Error Handling**
|
||||
- Explicit parent folder detection before file creation (fail-fast)
|
||||
- Clear error messages with `createParents` usage examples
|
||||
- Validates parent is a folder (not a file)
|
||||
- Better troubleshooting guidance
|
||||
|
||||
**Example Usage:**
|
||||
```typescript
|
||||
// Auto-create missing parent folders
|
||||
create_note({
|
||||
path: "projects/2024/reports/Q4.md",
|
||||
content: "# Q4 Report",
|
||||
createParents: true
|
||||
})
|
||||
```
|
||||
|
||||
### 🔐 Enhanced Authentication & Security
|
||||
|
||||
**Automatic API Key Generation**
|
||||
- API keys are now auto-generated when authentication is enabled
|
||||
- 32-character cryptographically secure keys using `crypto.getRandomValues()`
|
||||
- No more weak user-chosen passwords
|
||||
|
||||
**Improved UI/UX**
|
||||
- Copy to clipboard button for API key
|
||||
- Regenerate key button with instant refresh
|
||||
- Static, selectable API key display (full width)
|
||||
- MCP client configuration snippet generator
|
||||
- Dynamically includes/excludes Authorization header
|
||||
- Correct `mcpServers` format with `serverUrl` field
|
||||
- Copy configuration button
|
||||
- Partially selectable text
|
||||
- Restart warnings when authentication settings change
|
||||
- Selectable connection information URLs
|
||||
|
||||
**Security Fixes**
|
||||
- Fixed critical vulnerability where enabling authentication without API key allowed unrestricted access
|
||||
- Three-layer defense: UI validation, server start validation, and middleware enforcement
|
||||
- Fail-secure design: blocks access when misconfigured
|
||||
- Improved error messages for authentication failures
|
||||
|
||||
**Configuration Example:**
|
||||
```json
|
||||
{
|
||||
"mcpServers": {
|
||||
"obsidian-mcp": {
|
||||
"serverUrl": "http://127.0.0.1:3000/mcp",
|
||||
"headers": {
|
||||
"Authorization": "Bearer <your-api-key>"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Technical Details
|
||||
|
||||
### New Files
|
||||
- `src/utils/auth-utils.ts` - API key generation and validation utilities
|
||||
- `tests/parent-folder-detection.test.ts` - 15 comprehensive test cases
|
||||
- `IMPLEMENTATION_NOTES_AUTH.md` - Authentication implementation documentation
|
||||
|
||||
### Modified Files
|
||||
- `src/tools/note-tools.ts` - Enhanced `createNote()` with parent folder validation
|
||||
- `src/tools/index.ts` - Updated `create_note` tool schema
|
||||
- `src/server/middleware.ts` - Enhanced authentication middleware
|
||||
- `src/main.ts` - Server start validation
|
||||
- `src/settings.ts` - Complete UI overhaul for authentication
|
||||
- `src/utils/error-messages.ts` - Enhanced parent folder error messages
|
||||
|
||||
### Testing
|
||||
- 15 new test cases for parent folder detection
|
||||
- All tests passing
|
||||
- Build successful
|
||||
|
||||
## Breaking Changes
|
||||
|
||||
None. All changes are backward compatible.
|
||||
|
||||
## Upgrade Notes
|
||||
|
||||
1. **Authentication Users:**
|
||||
- If you have authentication enabled, your existing API key will continue to work
|
||||
- You can now regenerate keys easily from the settings UI
|
||||
- Use the new configuration snippet for easy MCP client setup
|
||||
|
||||
2. **create_note Users:**
|
||||
- Existing code continues to work (default: `createParents: false`)
|
||||
- Optionally add `createParents: true` for automatic folder creation
|
||||
|
||||
## Documentation
|
||||
|
||||
- ✅ CHANGELOG.md updated
|
||||
- ✅ ROADMAP.md updated (Phase 1.5 marked complete)
|
||||
- ✅ IMPLEMENTATION_NOTES_AUTH.md created
|
||||
- ✅ IMPLEMENTATION_NOTES_v1.5.md (parent folder detection)
|
||||
|
||||
## Next Steps
|
||||
|
||||
Phase 2 (API Unification & Typed Results) is next on the roadmap.
|
||||
|
||||
## Contributors
|
||||
|
||||
This release includes improvements to security, usability, and robustness based on real-world usage and testing.
|
||||
Reference in New Issue
Block a user