Critical fixes:
1. Race Condition Mitigation:
- Added read-after-write verification in setupOIDCUserEncryption()
- Ensures session uses the DEK that's actually in the database
- Prevents data loss when concurrent logins occur for new OIDC users
- If race is detected, discards generated DEK and uses stored one
2. Remove Redundant kekSalt Logic:
- Removed unnecessary kekSalt generation and checks for OIDC users
- kekSalt is not used in OIDC key derivation (uses userId as salt)
- Reduces database operations from 4 to 2 per authentication
- Simplifies code and removes potential confusion
3. Improved Error Handling:
- systemKey cleanup moved to finally block
- Ensures sensitive key material is always cleared from memory
These changes ensure data consistency and prevent potential data loss
in high-concurrency scenarios.
The issue was that OIDC users were getting a new random Data Encryption Key (DEK)
on every login, which made previously encrypted credentials inaccessible.
Changes:
- Modified setupOIDCUserEncryption() to persist the DEK encrypted with a system-derived key
- Updated authenticateOIDCUser() to properly retrieve and use the persisted DEK
- Ensured OIDC users now have the same encryption persistence as password-based users
This fix ensures that credentials created by OIDC users remain accessible across
multiple login sessions.
Extends encrypted field mappings to include camelCase variants
to support consistency and compatibility with different naming
conventions. Updates reverse mappings for Drizzle ORM to allow
conversion between camelCase and snake_case field names.
Improves integration with systems using mixed naming styles.
* Feature request: Add delete confirmation dialog to file manager
- Added confirmation dialog before deleting files/folders
- Users must confirm deletion with a warning message
- Works for both Delete key and right-click delete
- Shows different messages for single file, folder, or multiple items
- Includes permanent deletion warning
- Follows existing design patterns using confirmWithToast
* Adds confirmation for deletion of items including folders
Updates the file deletion confirmation logic to distinguish between
deleting multiple items with or without folders. Introduces a new
translation string for a clearer user prompt when folders and their
contents are included in the deletion.
Improves clarity and reduces user error when performing bulk deletions.
* feat: Add Chinese translations for delete confirmation messages
