* Fix: HTTP Basic Auth fails when password contains colons
The credentials in HTTP Basic Auth are formatted as base64(username:password).
Per RFC 7617, the username must not contain a colon, but the password can.
The previous code used `.split(':')` which splits on all colons, truncating
passwords that contain ':' characters. Fix by splitting only on the first colon.
* Use spread syntax for credential parsing
* fix(macros): prevent list-arg macros from accepting scoped content
List-arg macros now correctly reject scoped content since they only accept arbitrary inline arguments. Updated validation logic in autocomplete, scope detection, and CST walker to check for `list === null` before allowing scopes. Also improved list item hint display to show total count when typing additional items.
* feat(macros): display min/max constraints for list arguments in autocomplete hints
Add visual indication of list argument constraints by showing min/max values in autocomplete hints. List items now display "(list, min: X, max: Y)" or "(variable-length list)" when no constraints exist. Includes new CSS styling for smaller, dimmed hint text.
* feat(macros): validate list argument min/max constraints and improve warning display
Add validation for list argument constraints (min/max) with specific error messages when too few or too many list items are provided. Continue highlighting current argument position even when warnings are present (except where semantically invalid), allowing users to navigate back to valid arguments while seeing "too many arguments" warnings.
* feat(server): make CORS middleware configurable
Add detailed configuration options for CORS in config.yaml, including
origin, methods, headers, credentials, and max age. Update server
initialization to apply these settings dynamically instead of using
hardcoded values.
* fix(server): Fix default value and conditional logic issues in CORS configuration
- Changed the default value of `cors.maxAge` from `null` to `0`.
- Simplified the conditional check logic for `allowedHeaders`, removing duplicate checks for `corsAllowedHeaders` being `null`.
* fix(server): Fix CORS exposed headers configuration logic
- Removed redundant conditional checks. now directly validates array length when `corsExposedHeaders` has a truthy value
* Improve types + simplify checks
* fix(cors): align maxAge default with original behavior
* Adjust default array values
* Remove debug log
---------
Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>
* feat(macros): Add optional scope detection and improved closing tag autocomplete
- Implement `isScopeOptional()` to detect when scoped content is optional based on macro argument requirements
- Filter optional scopes from autocomplete hints unless force-triggered (Ctrl+Space)
- Add "OPTIONAL" badge styling for optional scoped content in autocomplete UI
- Show multiple closing tag suggestions (innermost to outermost) with priority ordering
- Display nesting level information for nested optional scopes
* fix(autocomplete): show original macro details when typing closing tags
Add nameOffset=2 to MacroClosingTagAutoCompleteOption to skip {{ prefix for fuzzy highlighting. When typing closing tags ({{/macroName}}), detect and show the original macro's details instead of "no match" error by looking up the macro definition and creating a non-selectable context option with no argument highlighting.
* Add background sort by date added feature
* reapply search after changing sort
* overengineer it
* use sortIgnoreCaseAndAccents
* make enum for sort options
* Centralized `await clearChat();` and `chat.length = 0;` into `wipeChat()`
* Added `clearData` argument to `clearChat`.
---------
Co-authored-by: user <user@exmaple.com>
* Startup and on-demand check
* Update comments, add color preload
* remove redundant metadata generation
* changed image-metadata/all from GET to POST
* move initializeAllUserMetadata to image-metadata.js, make blocking (?)
* Add type annotations
---------
Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>
* Feat - Allow to bulk toggle all third-party extensions from popup manager
* Fix - Prevent reloading the page if the final state is the same
* Fix - Handle bulk toggle with no extensions installed
* Update - Delete leftover debug logs
* Fix - Simplify extension toggle logic and improve readability
* Update - State that bulk toggle only affects external extensions
* Feat - Allow to restore bulk toggled extensions
* Update - Move bulk toggle to the third-party extensions header
* Uncenter section headers
---------
Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>
Cohee