- Update IPFS_API_URL to ipfs-api.rspace.online (was kubo:5001)
- Update IPFS_GATEWAY_URL to ipfs.rspace.online (was ipfs.jeffemmett.com)
- Enhance image button: file upload via /api/uploads with IPFS encryption
instead of manual URL prompt, with fallback on failure
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Renamed from 'ipfs' to 'kubo' to avoid Docker DNS collision with
the collab-server's IPFS service on the same network.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add src/lib/ipfs.ts: AES-256-GCM encryption + kubo upload/download
- Add /api/ipfs/[cid] proxy route: decrypt + serve with LRU cache
- Upload route: encrypt + pin to IPFS alongside local disk (fallback)
- Prisma: add ipfsCid/ipfsEncKey fields to File model
- FileUpload: prefer IPFS proxy URL when available
- Feature-flagged via IPFS_ENABLED env var
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolves merge conflicts between dev (voice/transcription features) and
main (logseq import/export, memory cards, attachments). Both feature
sets coexist cleanly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add /opennotebook route embedding Open Notebook via iframe with space-aware
nav breadcrumb. Middleware detects subdomain (e.g. cca.rnotes.online) and sets
rnotes-space cookie. /ai redirects to /opennotebook. Traefik wildcard router
at priority 100 catches *.rnotes.online subdomains.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add AudioWorklet-based PCM16 streaming to VoiceRecorder with WebSocket
connection for near-real-time transcription. Segments appear as finalized
text that never shifts. Add speaker diarization button on audio notes
with color-coded speaker labels. Graceful fallback to batch transcription
when WebSocket unavailable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AUDIO to NoteType enum, duration field to Note model
- New VoiceRecorder component (MediaRecorder API, upload, transcribe)
- New /api/voice/transcribe proxy route to voice-command-api container
- Audio MIME types added to upload whitelist
- Audio player + transcript display on note detail page
- AUDIO type button on new note page with recorder UI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
pushShapesToCanvas now sends X-Internal-Key header from
RSPACE_INTERNAL_KEY env var for authenticated canvas writes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire up EncryptID SDK for user authentication with WebAuthn passkeys.
All write API routes (POST/PUT/DELETE) now require auth, while reads
remain public. First user auto-claims orphaned notebooks/notes.
New files:
- src/lib/auth.ts: getAuthUser, requireAuth, getNotebookRole helpers
- src/lib/authFetch.ts: client-side fetch wrapper with JWT token
- src/components/AuthProvider.tsx: EncryptIDProvider wrapper
- src/components/UserMenu.tsx: sign in/out UI for nav bar
- src/app/auth/signin/page.tsx: passkey login/register page
Protected routes: notebooks CRUD, notes CRUD, canvas create, uploads.
Ownership checks: notebook collaborator roles, note author verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Upload API at /api/uploads with 50MB limit, MIME type validation, and
path traversal protection
- Serve uploaded files at /api/uploads/[filename] with immutable caching
- FileUpload component with drag-and-drop, progress, and preview
- IMAGE notes show uploaded image preview in detail view
- FILE notes show download button in detail view
- Docker volume for persistent upload storage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett