Release v1.2.0: Enhanced Authentication & Parent Folder Detection

Phase 1.5 Complete: - Add automatic API key generation with secure random generation - Add createParents parameter to create_note tool - Fix authentication vulnerability (auth enabled without key) - Add MCP client configuration snippet generator - Improve UI/UX for authentication management - Add comprehensive test coverage Security: - Fixed critical vulnerability in authentication middleware - Implement three-layer defense (UI, server start, middleware) - Cryptographically secure key generation (32 chars) Features: - Auto-generate API key when authentication enabled - Copy/regenerate buttons for API key management - Recursive parent folder creation for nested paths - Enhanced error messages with actionable guidance - Selectable connection information and config snippets Documentation: - Updated CHANGELOG.md with v1.2.0 release notes - Updated ROADMAP.md (Phase 1.5 marked complete) - Created IMPLEMENTATION_NOTES_AUTH.md - Created RELEASE_NOTES_v1.2.0.md
2025-10-16 22:11:33 -04:00
parent 7524271eaa
commit d074470d11
15 changed files with 823 additions and 375 deletions
--- a/src/utils/auth-utils.ts
+++ b/src/utils/auth-utils.ts
@@ -0,0 +1,40 @@
+/**
+ * Utility functions for authentication and API key management
+ */
+
+/**
+ * Generates a cryptographically secure random API key
+ * @param length Length of the API key (default: 32 characters)
+ * @returns A random API key string
+ */
+export function generateApiKey(length: number = 32): string {
+	const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
+	const values = new Uint8Array(length);
+	
+	// Use crypto.getRandomValues for cryptographically secure random numbers
+	crypto.getRandomValues(values);
+	
+	let result = '';
+	for (let i = 0; i < length; i++) {
+		result += charset[values[i] % charset.length];
+	}
+	
+	return result;
+}
+
+/**
+ * Validates API key strength
+ * @param apiKey The API key to validate
+ * @returns Object with isValid flag and optional error message
+ */
+export function validateApiKey(apiKey: string): { isValid: boolean; error?: string } {
+	if (!apiKey || apiKey.trim() === '') {
+		return { isValid: false, error: 'API key cannot be empty' };
+	}
+	
+	if (apiKey.length < 16) {
+		return { isValid: false, error: 'API key must be at least 16 characters long' };
+	}
+	
+	return { isValid: true };
+}
--- a/src/utils/error-messages.ts
+++ b/src/utils/error-messages.ts
@@ -86,16 +86,22 @@ Troubleshooting tips:
 	 * Generate a parent folder not found error message
 	 */
 	static parentFolderNotFound(path: string, parentPath: string): string {
+		const grandparentPath = PathUtils.getParentPath(parentPath);
+		const listCommand = grandparentPath ? `list_notes("${grandparentPath}")` : 'list_notes()';
+		
 		return `Parent folder does not exist: "${parentPath}"

 Cannot create "${path}" because its parent folder is missing.

 Troubleshooting tips:
+• Use createParents: true parameter to automatically create missing parent folders
 • Create the parent folder first using Obsidian
-• Verify the folder path with list_notes("${PathUtils.getParentPath(parentPath) || '/'}")
+• Verify the folder path with ${listCommand}
 • Check that the parent folder path is correct (vault-relative, case-sensitive on macOS/Linux)
-• Note: Automatic parent folder creation is not currently enabled
-• Ensure all parent folders in the path exist before creating the file`;
+• Ensure all parent folders in the path exist before creating the file
+
+Example with auto-creation:
+create_note({ path: "${path}", content: "...", createParents: true })`;
 	}

 	/**