Release v1.2.0: Enhanced Authentication & Parent Folder Detection

Phase 1.5 Complete:
- Add automatic API key generation with secure random generation
- Add createParents parameter to create_note tool
- Fix authentication vulnerability (auth enabled without key)
- Add MCP client configuration snippet generator
- Improve UI/UX for authentication management
- Add comprehensive test coverage

Security:
- Fixed critical vulnerability in authentication middleware
- Implement three-layer defense (UI, server start, middleware)
- Cryptographically secure key generation (32 chars)

Features:
- Auto-generate API key when authentication enabled
- Copy/regenerate buttons for API key management
- Recursive parent folder creation for nested paths
- Enhanced error messages with actionable guidance
- Selectable connection information and config snippets

Documentation:
- Updated CHANGELOG.md with v1.2.0 release notes
- Updated ROADMAP.md (Phase 1.5 marked complete)
- Created IMPLEMENTATION_NOTES_AUTH.md
- Created RELEASE_NOTES_v1.2.0.md

src/server/middleware.ts

@@ -28,8 +28,13 @@ export function setupMiddleware(app: Express, settings: MCPServerSettings, creat
 	}
 
 	// Authentication middleware
-	if (settings.enableAuth && settings.apiKey) {
+	if (settings.enableAuth) {
 		app.use((req: Request, res: Response, next: any) => {
+			// Defensive check: if auth is enabled but no API key is set, reject all requests
+			if (!settings.apiKey || settings.apiKey.trim() === '') {
+				return res.status(500).json(createErrorResponse(null, ErrorCodes.InternalError, 'Server misconfigured: Authentication enabled but no API key set'));
+			}
+			
 			const authHeader = req.headers.authorization;
 			const apiKey = authHeader?.replace('Bearer ', '');