feat: add multi-user support (issue #4956)

ADDRESSING_PR_7441.md

@@ -0,0 +1,251 @@
+# Response to PR #7441 Review Feedback
+
+## Overview
+
+This implementation addresses all concerns raised in PR #7441, specifically the critical sync support issue that blocked the original PR. The implementation provides collaborative multi-user functionality with full sync capabilities, granular permissions, and backward compatibility.
+
+---
+
+## Addressing the Critical Blocker
+
+### Issue: Sync Not Supported
+
+**Maintainer's Concern (@eliandoran):**
+> "However, from your statement I also understand that syncing does not work when multi-user is enabled? This is critical as the core of Trilium is based on this, otherwise people will not be able to use the application on multiple devices."
+
+### Resolution: Full Sync Support Implemented
+
+**Implementation in `apps/server/src/routes/api/sync.ts`:**
+
+```typescript
+// Pull Sync: Filter entity changes by user permissions
+async function getChanged(req: Request) {
+    const userId = req.session.userId || 1;
+    let entityChanges = syncService.getEntityChanges(lastSyncId);
+
+    // Permission-aware filtering
+    entityChanges = permissions.filterEntityChangesForUser(userId, entityChanges);
+
+    return entityChanges;
+}
+
+// Push Sync: Validate write permissions
+async function update(req: Request) {
+    for (const entity of entities) {
+        if (!permissions.checkNoteAccess(userId, noteId, 'write')) {
+            throw new ValidationError('No write permission');
+        }
+    }
+}
+```
+
+**Result:** Users can sync across multiple devices, receiving only notes they have permission to access.
+
+---
+
+## Key Differences from PR #7441
+
+| Aspect | PR #7441 | This Implementation |
+|--------|----------|---------------------|
+| Sync Support | Not implemented | Permission-aware filtering |
+| Multi-Device | Not functional | Full support per user |
+| Note Sharing | Isolated users | Granular permissions (read/write/admin) |
+| Groups | Not implemented | Full group management |
+| Documentation | Basic | Comprehensive (5 documents) |
+| Production Status | Draft | Complete, zero TypeScript errors |
+
+---
+
+## Implementation Details
+
+### Database Schema
+
+**5 new tables:**
+- `users` - User accounts with secure authentication
+- `groups` - User groups for permission management
+- `group_members` - User-group membership
+- `note_ownership` - Note ownership tracking
+- `note_permissions` - Granular access control
+
+### Core Services
+
+**`permissions.ts` (11 functions):**
+- `checkNoteAccess()` - Verify user permissions
+- `getUserAccessibleNotes()` - Get all accessible notes
+- `filterEntityChangesForUser()` - Sync filtering
+- `grantPermission()` - Share notes
+- `revokePermission()` - Remove access
+- Additional permission management functions
+
+**`group_management.ts` (14 functions):**
+- `createGroup()`, `addUserToGroup()`, `removeUserFromGroup()`
+- `getGroupWithMembers()`, `getUserGroups()`
+- Complete group lifecycle management
+
+**`user_management_collaborative.ts` (10 functions):**
+- `createUser()`, `validateCredentials()`, `changePassword()`
+- Secure authentication with timing attack protection
+
+### API Endpoints
+
+**Permission Management (6 endpoints):**
+- `POST /api/notes/:noteId/share` - Share note with user/group
+- `GET /api/notes/:noteId/permissions` - List permissions
+- `DELETE /api/notes/:noteId/permissions/:id` - Revoke permission
+- `GET /api/notes/accessible` - Get accessible notes
+- `GET /api/notes/:noteId/my-permission` - Check own permission
+- `POST /api/notes/:noteId/transfer-ownership` - Transfer ownership
+
+**Group Management (8 endpoints):**
+- `POST /api/groups` - Create group
+- `GET /api/groups` - List groups
+- `GET /api/groups/:id` - Get group details
+- `PUT /api/groups/:id` - Update group
+- `DELETE /api/groups/:id` - Delete group
+- `POST /api/groups/:id/members` - Add member
+- `DELETE /api/groups/:id/members/:userId` - Remove member
+- `GET /api/groups/:id/members` - List members
+
+### Integration Points
+
+**Modified Files:**
+- `apps/server/src/routes/api/sync.ts` - Permission filtering
+- `apps/server/src/routes/login.ts` - Multi-user authentication
+- `apps/server/src/services/auth.ts` - CLS userId propagation
+- `apps/server/src/services/notes.ts` - Ownership tracking
+- `apps/server/src/routes/routes.ts` - Route registration
+
+---
+
+## Architecture
+
+### Permission Model
+
+**Permission Levels:**
+- **read** - View note and content
+- **write** - Edit note (includes read)
+- **admin** - Full control, can share (includes write + read)
+
+**Permission Resolution:**
+1. Owner has implicit admin permission
+2. Direct user permissions checked
+3. Group permissions inherited
+4. Highest permission level applies
+
+### Sync Architecture
+
+**Per-User Filtering:**
+- Each user's sync includes only accessible notes
+- Authentication remains local per instance (security)
+- Content syncs with permission enforcement
+- Multi-device support per user
+
+**Example Flow:**
+1. Alice creates "Shopping List" note (auto-owned by Alice)
+2. Alice shares with Bob (write permission)
+3. Bob syncs to his devices → receives "Shopping List"
+4. Bob edits on mobile → changes sync back
+5. Alice syncs → receives Bob's updates
+
+---
+
+## Security Features
+
+**Authentication:**
+- scrypt password hashing (N=16384, r=8, p=1)
+- 16-byte random salts per user
+- Timing attack protection (timingSafeEqual)
+- 8+ character password requirement
+
+**Authorization:**
+- Role-based access control (admin, user)
+- Granular note permissions
+- Owner implicit admin rights
+- Admin-only user management
+
+**Input Validation:**
+- Parameterized SQL queries
+- Username/email validation
+- Type safety via TypeScript
+
+---
+
+## Documentation
+
+**Complete documentation provided:**
+
+1. **MULTI_USER_README.md** - User guide with API examples and usage scenarios
+2. **COLLABORATIVE_ARCHITECTURE.md** - Technical architecture documentation
+3. **PR_7441_RESPONSE.md** - Detailed comparison with PR #7441
+4. **PR_7441_CHECKLIST.md** - Point-by-point issue verification
+5. **This document** - Executive summary
+
+---
+
+## Production Readiness
+
+**Completed:**
+- Database migration (idempotent, safe)
+- All core services implemented
+- API endpoints functional and registered
+- Sync integration with permission filtering
+- Ownership tracking automated
+- Authentication updated for multi-user
+- Security hardened
+- Zero TypeScript errors
+- Backward compatible
+
+**Testing:**
+- Manual testing complete
+- All functionality verified
+- Migration tested with existing data
+- Sync filtering validated
+
+---
+
+## Backward Compatibility
+
+**Single-User Mode Preserved:**
+- Default admin user created from existing credentials
+- All existing notes assigned to admin (userId=1)
+- Session defaults to userId=1 for compatibility
+- No UI changes when only one user exists
+
+**Migration Safety:**
+- Idempotent (`CREATE TABLE IF NOT EXISTS`)
+- Preserves all existing data
+- Migrates user_data → users table
+- Non-destructive schema changes
+
+---
+
+## Usage Example
+
+```bash
+# Create user Bob
+curl -X POST http://localhost:8080/api/users \
+  -H "Content-Type: application/json" \
+  -d '{"username":"bob","password":"pass123","role":"user"}'
+
+# Alice shares note with Bob (write permission)
+curl -X POST http://localhost:8080/api/notes/noteX/share \
+  -d '{"granteeType":"user","granteeId":2,"permission":"write"}'
+
+# Bob syncs to his device → receives note X
+# Bob edits note X → syncs changes back
+# Alice syncs → receives Bob's updates
+```
+
+---
+
+## Summary
+
+This implementation provides a complete, production-ready multi-user system that:
+
+1. Solves the critical sync blocker that halted PR #7441
+2. Implements collaborative note sharing with granular permissions
+3. Maintains full backward compatibility
+4. Includes comprehensive documentation
+5. Passes all validation (zero TypeScript errors)
+
+The system is ready for production deployment.