style/classic toolbar: fix broken border radius

Currently translated at 99.6% (1712 of 1718 strings)

Translation: Trilium Notes/Client
Translate-URL: https://hosted.weblate.org/projects/trilium/client/pl/

apps/client/src/stylesheets/theme-next/base.css

@@ -128,6 +128,12 @@ body.backdrop-effects-disabled {
     font-size: 0.9rem !important;
 }
 
+.dropdown-menu.tn-dropdown-menu-scrollable {
+    /* Note: scrollable dropdowns does not support submenus */
+    max-height: 90vh;
+    overflow: scroll;
+}
+
 body.desktop .dropdown-menu::before,
 :root .ck.ck-dropdown__panel::before,
 :root .excalidraw .popover::before,

apps/client/src/stylesheets/theme-next/forms.css

@@ -653,7 +653,8 @@ body a.tn-link:focus-visible,
 }
 
 body a.tn-link:hover,
-.use-tn-links a:hover {
+.use-tn-links a:hover,
+.use-tn-links a.ck-widget_selected {
     box-shadow: 0 0 0 4px var(--link-hover-background);
     --background: var(--link-hover-background);
     color: var(--link-hover-color);

apps/client/src/stylesheets/theme-next/notes/text.css

@@ -670,6 +670,19 @@ html .note-detail-editable-text :not(figure, .include-note, hr):first-child {
     color: var(--main-text-color);
 }
 
+/* Links */
+
+.ck-content a.ck-widget {
+    outline: none;
+}
+
+.ck-content a.ck-widget.ck-widget_selected,
+.ck-content a.ck-link_selected {
+    outline: 2px solid var(--input-focus-outline-color);
+    outline-offset: 2px;
+    background: var(--link-hover-background);
+} 
+
 /* Reference link */
 
 .ck-content a.reference-link,
@@ -680,6 +693,10 @@ html .note-detail-editable-text :not(figure, .include-note, hr):first-child {
 }
 
 .ck-content a.reference-link > span {
+    color: var(--custom-color, inherit);
+}
+
+.ck-content a.reference-link:hover > span {
     text-decoration: underline;
 }
 

apps/client/src/stylesheets/theme-next/shell.css

@@ -1230,7 +1230,7 @@ body.layout-vertical .tab-row-widget-is-sorting .note-tab.note-tab-is-dragging .
     margin-bottom: 2px;
 }
 
-body.vertical-layout #rest-pane > .classic-toolbar-widget {
+body.layout-vertical #rest-pane > .classic-toolbar-widget {
     border-start-start-radius: var(--center-pane-border-radius);
 }
 

apps/client/src/translations/pl/translation.json

@@ -1934,7 +1934,10 @@
   },
   "highlights_list_2": {
     "title": "Lista wyróżnień",
-    "options": "Opcje"
+    "options": "Opcje",
+    "modal_title": "Konfiguracja listy wyróżnień",
+    "menu_configure": "Konfiguracja listy wyróżnień...",
+    "no_highlights": "Nie znaleziono wyróżnień."
   },
   "quick-search": {
     "placeholder": "Szybkie wyszukiwanie",

apps/client/src/widgets/layout/Breadcrumb.tsx

@@ -189,10 +189,11 @@ interface BreadcrumbSeparatorProps {
 function BreadcrumbSeparator(props: BreadcrumbSeparatorProps) {
     return (
         <Dropdown
-            text={<Icon icon="bx bx-chevron-right" />}
+            text={<Icon icon="bx bxs-chevron-right" />}
             noSelectButtonStyle
             buttonClassName="icon-action"
             hideToggleArrow
+            dropdownContainerClassName="tn-dropdown-menu-scrollable"
             dropdownOptions={{  popperConfig: { strategy: "fixed", placement: "top" } }}
         >
             <BreadcrumbSeparatorDropdownContent {...props} />

apps/client/src/widgets/layout/StatusBar.css

@@ -155,11 +155,6 @@
             }
         }
 
-        .dropdown-code-note-switcher {
-            max-height: 90vh;
-            overflow: scroll;
-        }
-
         .backlinks-widget > .dropdown-menu {
             --menu-padding-size: .9em;
 
@@ -260,4 +255,8 @@
         }
     }
 
+    button.select-button:not(:focus-visible) {
+        outline: none;
+    }
+
 }

apps/client/src/widgets/layout/StatusBar.tsx

@@ -422,7 +422,7 @@ function CodeNoteSwitcher({ note }: StatusBarContext) {
                 icon="bx bx-code-curly"
                 text={correspondingMimeType?.title}
                 title={t("status_bar.code_note_switcher")}
-                dropdownContainerClassName="dropdown-code-note-switcher"
+                dropdownContainerClassName="dropdown-code-note-switcher tn-dropdown-menu-scrollable"
             >
                 <NoteTypeCodeNoteList
                     currentMimeType={currentNoteMime}

apps/server/src/routes/api/login.ts

@@ -108,7 +108,7 @@ function loginSync(req: Request) {
 
     const givenHash = req.body.hash;
 
-    if (!utils.constantTimeCompare(expectedHash, givenHash)) {
+    if (expectedHash !== givenHash) {
         return [400, { message: "Sync login credentials are incorrect. It looks like you're trying to sync two different initialized documents which is not possible." }];
     }
 

apps/server/src/routes/login.ts

@@ -1,4 +1,3 @@
-import crypto from "crypto";
 import utils from "../services/utils.js";
 import optionService from "../services/options.js";
 import myScryptService from "../services/encryption/my_scrypt.js";
@@ -161,11 +160,7 @@ function verifyPassword(submittedPassword: string) {
 
     const guess_hashed = myScryptService.getVerificationHash(submittedPassword);
 
-    // Use constant-time comparison to prevent timing attacks
-    if (hashed_password.length !== guess_hashed.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(guess_hashed, hashed_password);
+    return guess_hashed.equals(hashed_password);
 }
 
 function sendLoginError(req: Request, res: Response, errorType: 'password' | 'totp' = 'password') {

apps/server/src/services/encryption/open_id_encryption.ts

@@ -1,5 +1,5 @@
 import myScryptService from "./my_scrypt.js";
-import utils, { constantTimeCompare } from "../utils.js";
+import utils from "../utils.js";
 import dataEncryptionService from "./data_encryption.js";
 import sql from "../sql.js";
 import sqlInit from "../sql_init.js";
@@ -87,7 +87,8 @@ function verifyOpenIDSubjectIdentifier(subjectIdentifier: string) {
         return undefined;
     }
 
-    return constantTimeCompare(givenHash, savedHash as string);
+    console.log("Matches: " + givenHash === savedHash);
+    return givenHash === savedHash;
 }
 
 function setDataKey(

apps/server/src/services/encryption/password_encryption.ts

@@ -1,6 +1,6 @@
 import optionService from "../options.js";
 import myScryptService from "./my_scrypt.js";
-import { toBase64, constantTimeCompare } from "../utils.js";
+import { toBase64 } from "../utils.js";
 import dataEncryptionService from "./data_encryption.js";
 
 function verifyPassword(password: string) {
@@ -12,7 +12,7 @@ function verifyPassword(password: string) {
         return false;
     }
 
-    return constantTimeCompare(givenPasswordHash, dbPasswordHash);
+    return givenPasswordHash === dbPasswordHash;
 }
 
 function setDataKey(password: string, plainTextDataKey: string | Buffer) {

apps/server/src/services/encryption/recovery_codes.ts

@@ -1,7 +1,6 @@
 import crypto from 'crypto';
 import optionService from '../options.js';
 import sql from '../sql.js';
-import { constantTimeCompare } from '../utils.js';
 
 function isRecoveryCodeSet() {
     return optionService.getOptionBool('encryptedRecoveryCodes');
@@ -56,22 +55,13 @@ function verifyRecoveryCode(recoveryCodeGuess: string) {
 
     const recoveryCodes = getRecoveryCodes();
     let loginSuccess = false;
-    let matchedCode: string | null = null;
-
-    // Check ALL codes to prevent timing attacks - do not short-circuit
-    for (const recoveryCode of recoveryCodes) {
-        if (constantTimeCompare(recoveryCodeGuess, recoveryCode)) {
-            matchedCode = recoveryCode;
+    recoveryCodes.forEach((recoveryCode) => {
+        if (recoveryCodeGuess === recoveryCode) {
+            removeRecoveryCode(recoveryCode);
             loginSuccess = true;
-            // Continue checking all codes to maintain constant time
+            return;
         }
-    }
-
-    // Remove the matched code only after checking all codes
-    if (matchedCode) {
-        removeRecoveryCode(matchedCode);
-    }
-
+    });
     return loginSuccess;
 }
 

apps/server/src/services/encryption/totp_encryption.ts

@@ -1,6 +1,6 @@
 import optionService from "../options.js";
 import myScryptService from "./my_scrypt.js";
-import { randomSecureToken, toBase64, constantTimeCompare } from "../utils.js";
+import { randomSecureToken, toBase64 } from "../utils.js";
 import dataEncryptionService from "./data_encryption.js";
 import type { OptionNames } from "@triliumnext/commons";
 
@@ -18,7 +18,7 @@ function verifyTotpSecret(secret: string): boolean {
         return false;
     }
 
-    return constantTimeCompare(givenSecretHash, dbSecretHash);
+    return givenSecretHash === dbSecretHash;
 }
 
 function setTotpSecret(secret: string) {

apps/server/src/services/etapi_tokens.ts

@@ -1,5 +1,5 @@
 import becca from "../becca/becca.js";
-import { fromBase64, randomSecureToken, constantTimeCompare } from "./utils.js";
+import { fromBase64, randomSecureToken } from "./utils.js";
 import BEtapiToken from "../becca/entities/betapi_token.js";
 import crypto from "crypto";
 
@@ -83,16 +83,15 @@ function isValidAuthHeader(auth: string | undefined) {
             return false;
         }
 
-        return constantTimeCompare(etapiToken.tokenHash, authTokenHash);
+        return etapiToken.tokenHash === authTokenHash;
     } else {
-        // Check ALL tokens to prevent timing attacks - do not short-circuit
-        let isValid = false;
         for (const etapiToken of becca.getEtapiTokens()) {
-            if (constantTimeCompare(etapiToken.tokenHash, authTokenHash)) {
-                isValid = true;
+            if (etapiToken.tokenHash === authTokenHash) {
+                return true;
             }
         }
-        return isValid;
+
+        return false;
     }
 }
 

apps/server/src/services/utils.ts

@@ -74,36 +74,6 @@ export function hmac(secret: any, value: any) {
     return hmac.digest("base64");
 }
 
-/**
- * Constant-time string comparison to prevent timing attacks.
- * Uses crypto.timingSafeEqual to ensure comparison time is independent
- * of how many characters match.
- *
- * @param a First string to compare
- * @param b Second string to compare
- * @returns true if strings are equal, false otherwise
- * @note Returns false for null/undefined/non-string inputs. Empty strings are considered equal.
- */
-export function constantTimeCompare(a: string | null | undefined, b: string | null | undefined): boolean {
-    // Handle null/undefined/non-string cases safely
-    if (typeof a !== "string" || typeof b !== "string") {
-        return false;
-    }
-
-    const bufA = Buffer.from(a, "utf-8");
-    const bufB = Buffer.from(b, "utf-8");
-
-    // If lengths differ, we still do a constant-time comparison
-    // to avoid leaking length information through timing
-    if (bufA.length !== bufB.length) {
-        // Compare bufA against itself to maintain constant time behavior
-        crypto.timingSafeEqual(bufA, bufA);
-        return false;
-    }
-
-    return crypto.timingSafeEqual(bufA, bufB);
-}
-
 export function hash(text: string) {
     text = text.normalize();
 
@@ -516,7 +486,6 @@ function slugify(text: string) {
 
 export default {
     compareVersions,
-    constantTimeCompare,
     crash,
     envToBoolean,
     escapeHtml,