v1.4.4 Backup Reliability, Password History, and Bitwarden Compatibility Updates

Release Notes

v1.4.4 - 2026-04-18

v1.4.4 Backup Reliability, Password History, and Bitwarden Compatibility Updates

New Features

Vault & Client Compatibility

• Added password history support in the web vault, including related dialog/UI flow and encryption handling. Fixes #188.
• Added device note and last seen tracking in device management so administrators can identify and annotate trusted devices more easily. No linked issue.
• Added support for newer cipher properties across create, update, and import flows, including improved passthrough for newer official Bitwarden client payloads. Fixes #191. Further mitigates #194.

Backup Improvements

• Fixed remote backup so attachment index synchronization is now skipped completely when includeAttachments is disabled.
• This prevents remote backups without attachments from unnecessarily accessing attachments/.nodewarden-attachment-index.v1.json, which could fail on some WebDAV and S3-compatible backends. Fixes #182.

Compatibility & Fixes

• Fixed cipher update handling to better match modern Bitwarden client expectations:
  • Added stale revision protection for out-of-date cipher edits.
  • Stopped mixing old and new encrypted nested type payloads during full item updates.
  • Returned more complete cipher detail responses after create/update operations.
• Fixed import compatibility for newer Bitwarden cipher payload aliases such as key/Key, login/Login, fields/Fields, and passwordHistory/PasswordHistory.
• Reduced the risk of official clients losing or corrupting newer cipher properties during edit/import round-trips. Fixes #191. Further mitigates #194.

---

中文

v1.4.4 备份可靠性、密码历史与 Bitwarden 兼容性更新

新增

密码库与客户端兼容

• 新增密码历史记录支持，网页端现在可以查看和管理相关历史记录，并补齐对应的加密处理与弹窗交互。修复 #188。
• 新增设备备注与最后在线时间显示，方便在设备管理页面识别和标记受信设备。无对应 issue。
• 新增对较新 cipher 字段的创建、更新与导入兼容支持，增强对新版官方 Bitwarden 客户端请求结构的透传与保留能力。修复 #191，并进一步缓解 #194。

备份改进

• 修复远程备份在未开启“包含附件”时，仍然同步附件索引的问题。
• 现在当 includeAttachments 为关闭状态时，系统不会再访问 attachments/.nodewarden-attachment-index.v1.json，从而避免部分 WebDAV 和 S3 兼容后端在该场景下备份失败。修复 #182。

兼容性与修复

• 修复 cipher 更新链路，使其更接近现代 Bitwarden 客户端的实际预期：
  • 为过期 revision 的编辑请求增加拦截保护。
  • 在完整更新条目时，不再把旧密文和新密文嵌套对象错误混合。
  • 在创建 / 更新后返回更完整的 cipher 详情响应。
• 修复导入链路对较新 Bitwarden cipher 字段别名的兼容问题，包括 key/Key、login/Login、fields/Fields、passwordHistory/PasswordHistory 等。
• 降低官方客户端在编辑 / 导入往返过程中丢失或写坏新字段的风险。修复 #191，并进一步缓解 #194。

---

v1.4.3 Passkey improvements, backup fixes, and Bitwarden client compatibility updates

NodeWarden Release Notes

1.4.3

Released on 2026-04-16.

Added

• Added one-click Passkey login and management flows, including account-level Passkey registration, rename, delete, and related settings UI improvements. Fixes #117, #127, and #177.
• Added compatibility support for FIDO2 credentials in vault items, with the related backend and frontend fields and UI surfaced.
• Added folder renaming directly from the vault sidebar. Fixes #146.
• Added issue templates for bug reports and feature requests.
• Updated the README files with documentation homepage, quick start, Telegram channel, and group links.

Improved

• Improved cipher update handling with nested object merging and extra-field compatibility to reduce field loss across Bitwarden clients.
• Improved sync and database performance by adding indexes and optimizing /api/sync response handling.
• Improved web session and token management for better login state recovery and session handling.
• Improved the backup center with timezone-aware backup naming plus better import/export and progress display. Fixes #171.
• Improved loading and error handling for TOTP, import/export, remote attachment indexing, and user status switching.
• Added one-click search clear support in the web vault search box. Fixes #135.
• Improved the notification hub and WebSocket handling, including hibernation and message parsing.

Fixed

• Fixed issues in Passkey settings lists and delete/rename interactions.
• Fixed QR code readability with background and border adjustments.
• Fixed compatibility details such as folderId propagation and URL normalization.
• Fixed compatibility field preservation when editing items from official Bitwarden clients, reducing the risk of URI/FIDO2-related fields being overwritten or lost. Fixes #191. Mitigates #194.

Other

• Updated parts of the README, workflows, and repository maintenance configuration. Fixes #187.

Merged Pull Requests

• #141 refactor: migrated NotificationsHub to the Durable Object Hibernation API by @qaz741wsd856
• #155 feat: added request URL normalization to improve Keyguard compatibility by @qaz741wsd856
• #164 Update: included c.folderId in folderId assignment by @saleacy
• #179 Add: sync upstream workflow by @bibicadotnet
• #190 feat: added issue templates by @maooyer

New Contributors

• @qaz741wsd856 made their first contribution in #141
• @saleacy made their first contribution in #164
• @bibicadotnet made their first contribution in #179
• @maooyer made their first contribution in #190

Full Changelog: v1.4.2...v1.4.3

NodeWarden 更新日志

1.4.3

发布日期：2026-04-16

新增

• 新增 Passkey 一键登录与管理流程，支持账号级 Passkey 注册、重命名、删除与相关设置页面交互优化。修复 #117、#127 和 #177。
• 新增 FIDO2 凭据在保险库条目中的兼容支持，补充前后端相关字段与界面展示。
• 新增文件夹重命名能力，可直接在侧边栏完成重命名操作。修复 #146。
• 新增 issue templates，方便提交 Bug 与功能请求。
• README 补充文档主页、快速开始、Telegram 频道与群组入口。

改进

• 改进 cipher 更新逻辑，增强嵌套对象合并与附加字段兼容性，减少不同 Bitwarden 客户端之间的字段丢失问题。
• 改进同步与数据库性能，补充索引并优化 /api/sync 响应处理。
• 改进 Web Session 与 Token 管理，提升登录态恢复与会话处理表现。
• 改进备份中心体验，支持时区感知的备份命名，并完善导入导出与进度展示。修复 #171。
• 改进 TOTP、导入导出、远程附件索引与用户状态切换等场景的加载与错误处理。
• 为网页端搜索框新增一键清除能力。修复 #135。
• 改进通知中心与 WebSocket 处理，优化 hibernation 与消息解析逻辑。

修复

• 修复部分 Passkey 场景下的设置列表、删除与重命名交互问题。
• 修复二维码显示不清晰的问题，增强背景与边框可读性。
• 修复 folderId 传递与 URL 归一化等兼容细节。
• 修复官方 Bitwarden 客户端编辑条目时的部分兼容字段保留问题，减少 URI/FIDO2 相关字段被覆盖或丢失的风险。修复 #191。缓解 #194。

其他

• 调整部分 README、工作流与仓库维护配置。修复 #187。

已合并 Pull Request

• #141 refactor: 迁移 NotificationsHub 到 Durable Object Hibernation API，贡献者 @qaz741wsd856
• #155 feat: 添加请求 URL 规范化，提升 Keyguard 兼容性，贡献者 @qaz741wsd856
• #164 Update: 在 folderId 赋值中包含 c.folderId，贡献者 @saleacy
• #179 Add: 新增同步上游工作流，贡献者 @bibicadotnet
• #190 feat: 新增 issue 模板，贡献者 @maooyer

新贡献者

• @qaz741wsd856 在 #141 中完成了首次贡献
• @saleacy 在 #164 中完成了首次贡献
• @bibicadotnet 在 #179 中完成了首次贡献
• @maooyer 在 #190 中完成了首次贡献

完整更新记录: v1.4.2...v1.4.3

v1.4.2 Backup reliability & Restore safety

Release Notes

v1.4.2 - 2026-03-28

This release focuses on backup reliability, restore safety, cross-client compatibility, and several targeted web UX improvements.

New Features

Backup & Restore

• Added ZIP filename integrity suffix based on the first 5 characters of the archive SHA-256 hash.
• Added remote backup upload verification:
  • After upload, the server downloads the ZIP back and verifies checksum and size.
  • Damaged uploads are deleted automatically and retried up to 3 times.
• Added integrity pre-checks before local and remote restore.
• Added high-risk warning flow for backups that fail filename integrity verification.
• Added real-time progress overlays for:
  • Local backup restore
  • Remote backup restore
  • Manual backup export
  • Manual remote backup execution
• Added WebSocket-driven backup task progress updates so the UI can show real server-side stages.

Search UX

• Added one-click clear button for the vault search box.
• Added Esc shortcut to clear the current search instantly.

Backup & Restore Improvements

• Restore now uses a shadow restore workflow:
  • Backup data is first imported into shadow tables
  • Validation runs before live data is replaced
  • The live tables are switched only after the restore is confirmed valid
• Restore now only touches tables that are actually included in the backup package:
  • config
  • users
  • user_revisions
  • folders
  • ciphers
  • attachments
• Missing attachments during restore are now skipped safely without aborting the entire restore.
• Restored attachment rows are cleaned up if the corresponding attachment file cannot be recovered.
• Remote attachment backup now uses an index-based incremental upload strategy instead of per-file existence probing.
• Remote restore integrity pre-check was moved server-side to avoid unnecessary full ZIP downloads in the browser.

Compatibility & Fixes

• Fixed iOS 2026.3.0 sync compatibility for vault items that had an empty folderId.
• Fixed newer client parsing instability around nullable publicKey handling.
• Fixed manual export with attachments so rebuilt ZIP files now receive a refreshed checksum suffix instead of reusing a stale filename.
• Fixed shadow restore schema rewriting for quoted SQLite table definitions such as CREATE TABLE "config" and quoted REFERENCES.
• Fixed an attachment restore bug where successfully restored attachments could still be misclassified as failed and removed.
• Fixed restore behavior that could previously affect unrelated tables not present in the backup package.
• Fixed multiple dialog / overlay mounting issues so full-screen modals now render as true global overlays instead of being constrained inside page layouts.

UI / UX Improvements

• Simplified the visual style of backup progress overlays to better match the existing NodeWarden admin UI.
• Improved warning dialogs for damaged backups and destructive restore operations.
• Unified backup / restore feedback wording and standardized related status text.
• Improved backup-center search and input styling consistency with the rest of the web app.

---

中文

这个版本主要围绕 备份可靠性、还原安全性、跨客户端兼容性，以及一批针对性的 网页端体验优化。

新功能

备份与还原

• 为备份 ZIP 文件新增基于 SHA-256 前 5 位的文件名完整性后缀。
• 新增远程备份上传校验机制：
  • 上传完成后，服务器会回读 ZIP 并校验哈希与大小
  • 若发现损坏，会自动删除坏包并最多重试 3 次
• 新增本地还原与远程还原前的完整性预检查。
• 新增完整性校验失败时的高风险警告确认流程。
• 为以下操作新增统一的实时进度浮层：
  • 本地备份还原
  • 远程备份还原
  • 手动导出备份
  • 手动执行远程备份
• 备份任务进度已接入 WebSocket，可实时显示服务器当前所处阶段。

搜索体验

• 为密码库搜索框新增一键清空按钮。
• 新增 Esc 快捷键，可立即清空当前搜索内容。

备份与还原改进

• 还原流程已切换为 影子还原 方案：
  • 先把备份数据导入影子表
  • 在替换正式数据前完成校验
  • 只有确认有效后才会切换到正式表
• 还原现在只会操作备份包中实际包含的表：
  • config
  • users
  • user_revisions
  • folders
  • ciphers
  • attachments
• 还原过程中若个别附件缺失，会安全跳过，不会中断整次还原。
• 若附件文件无法恢复，对应的附件记录会一并清理，避免留下无效引用。
• 远程附件备份改为基于索引的增量上传，不再对每个附件逐个做存在性探测。
• 远程还原完整性预检已下沉到后端，避免浏览器额外整包下载校验。

兼容性与修复

• 修复 iOS 2026.3.0 客户端因空 folderId 导致同步异常的问题。
• 修复新版客户端对可空 publicKey 解析不稳定的问题。
• 修复手动导出包含附件时，前端重打包后的 ZIP 仍沿用旧校验文件名，导致后续误报损坏的问题。
• 修复影子还原在处理带引号 SQLite schema 时，无法正确重写 config 等建表语句的问题。
• 修复附件其实已经恢复成功，但仍被误判为失败并从还原结果中删除的问题。
• 修复还原流程可能误操作备份包之外业务表的问题。
• 修复多个弹窗 / 遮罩未真正全屏挂载，导致层级异常或页面被撑长的问题。

UI / UX 优化

• 简化备份进度浮层的视觉样式，使其更贴近现有 NodeWarden 管理界面风格。
• 优化损坏备份警告弹窗与高风险还原确认交互。
• 统一备份、还原与完整性校验相关提示文案。
• 优化备份中心中的搜索框与输入框风格一致性。

v1.4.1 Web UI Refresh

Release Notes

v1.4.1 - 2026-03-27

Refined the web UI visual hierarchy and blue color system
Added light/dark theme switching and improved dark mode
Improved Vault / Sends interactions, toolbar ordering, and page motion
Added archive / unarchive and related bulk actions
Fixed first-render and transition behavior on mobile for Vault / Sends
Added drag-and-drop URL reordering in vault item editing
Added local drag-and-drop sorting for the TOTP codes page with browser-side persistence

---

中文

重做网页端 UI 视觉层级与蓝色配色体系
新增明暗主题切换，并完善暗黑模式
优化 Vault / Sends 交互、工具栏顺序与页面动效
新增归档 / 取消归档及批量操作支持
修复手机端 Vault / Sends 首帧与切换表现
支持密码库条目编辑页多网址拖拽排序
支持验证码页面本地拖拽排序并保存在浏览器内

---

v1.4.0 Cloud Backup & large attachment handling & direct uploads

Release Notes

v1.4.0 - 2026-03-20

This release focuses on Cloud Backup, large attachment handling, direct uploads, and a more complete web vault experience.

New Features

Cloud Backup Center

• Added a full Cloud Backup center in the web app for configuring and browsing remote backup destinations.
• Added support for WebDAV and E3 / S3-compatible backup destinations.
• Added remote backup browsing, download, delete, and restore flows directly from the admin UI.
• Added attachment-aware remote backups with a new structure:
  • Backup ZIP now contains only db.json and manifest.json
  • Remote attachment blobs are stored separately under attachments/
  • Repeated remote backups reuse existing attachment blobs by stable blob name instead of re-uploading everything
• Added manual export support that still produces a single importable ZIP, while internally reusing the new backup structure.

Backup Restore Improvements

• Remote restore now validates and loads attachments from the shared attachments/ folder.
• Missing remote attachments are now skipped safely during restore instead of breaking the whole restore flow.
• Restored databases no longer keep attachment rows for blobs that are missing or fail to restore, preventing broken attachment references.
• Added clearer restore progress states and safer “clear and restore” confirmation behavior in the web UI.

Password Hint

• Added password hint support for web registration, login assistance, unlock flow, and account settings.
• Added dedicated rate limiting for public password hint lookups to reduce abuse risk.

Direct Upload

• Added direct upload support for attachments and Sends in the web app.
• Added official-client-compatible upload URLs and upload token validation.
• Added upload progress UI for both vault attachments and file Sends.

Vault & Web App

• Added a dedicated TOTP Codes page for quickly viewing active verification codes.
• Added duplicate item detection in the vault, with a dedicated duplicate view and batch selection helpers.
• Added bulk attachment deletion for a cipher in a single request.
• Added invite-code URL bootstrap for registration pages.
• Added more mobile-oriented layout polish across the web vault.

Notifications

• Added a Durable Object based NotificationsHub for real-time vault sync and device-related push updates.

Compatibility & Fixes

• Added support for steam:// style TOTP secrets and completed Steam code generation/display compatibility.
• Improved favicon proxy fallback behavior so site icons no longer rely on a single upstream source.
• Fixed several refresh/login/sync edge cases in the auth flow and sync cache behavior.
• Improved setup/bootstrap handling for static assets and worker asset serving.
• Simplified and hardened backup export behavior to reduce Cloudflare Worker CPU pressure.

Security & Operations

• Added GitHub Actions based security scanning workflow and reporting.
• Improved JWT/token-related helper structure for uploads, downloads, and internal auth handling.
• Improved public and authenticated rate-limit handling, including password hint request control.

UI / UX Improvements

• Added app version display on standalone auth pages.
• Refactored the web app into clearer route, API, and component boundaries for easier maintenance.
• Continued splitting large legacy components into smaller vault, auth, backup, and admin modules.

---

中文

这个版本主要围绕 云端备份、大附件处理、直传链路 和 网页端密码库体验 做了完整升级。

新功能

云端备份中心

• 新增网页端 云端备份中心，可直接在管理界面里配置、浏览和操作远程备份。
• 新增 WebDAV 与 E3 / 兼容 S3 备份目标支持。
• 新增远程备份文件的浏览、下载、删除与还原能力。
• 远程备份附件采用新结构：
  • 备份 ZIP 内只包含 db.json 与 manifest.json
  • 真实附件单独存放在 attachments/ 目录
  • 后续远程备份会按稳定 blob 名复用已有附件，不再每次全量重传
• 手动导出仍然保持为单个可导入 ZIP，但底层已经复用新的备份结构。

备份还原改进

• 远程还原现在会从共享的 attachments/ 目录中读取所需附件。
• 当远程附件缺失时，改为安全跳过，不会再直接导致整次还原失败。
• 若附件缺失或恢复失败，数据库里也不会残留对应的附件记录，避免出现“有记录但文件不存在”的脏状态。
• 网页端还原过程新增了更明确的状态提示，并优化了“清空后还原”的确认与禁用态交互。

密码提示

• 新增网页端 密码提示 功能，覆盖注册、登录辅助、解锁页面和账户设置。
• 为公开密码提示查询增加了专门的限流控制，降低被滥用的风险。

流式上传

• 新增附件与 Send 文件的 流式上传 支持。
• 新增兼容官方客户端的上传地址和上传令牌校验。
• 为网页端附件和文件 Send 补齐了上传进度显示。

密码库与网页端

• 新增独立的 TOTP 验证码页面，便于快速查看当前动态码。
• 新增密码库 重复项视图 与批量选择辅助能力。
• 新增单条目附件的批量删除接口，减少多附件逐个请求的问题。
• 新增邀请码链接直达注册页的能力。
• 持续优化网页端在移动设备上的布局和交互体验。

实时通知

• 新增基于 Durable Object 的 NotificationsHub，用于实时同步和设备相关通知。

兼容性与修复

• 新增对 steam:// 形式 TOTP 密钥的支持，补齐 Steam 动态码兼容性。
• 改进站点图标代理的多源兜底逻辑，不再依赖单一图标服务。
• 修复了一批登录、刷新、同步与缓存边界问题。
• 优化静态资源启动与 Worker 资源服务逻辑。
• 调整备份导出实现，明显降低 Cloudflare Worker 的 CPU 压力。

安全与运维

• 新增基于 GitHub Actions 的 安全扫描工作流。
• 优化 JWT / 上传 / 下载 / 内部授权相关的辅助逻辑结构。
• 完善公开接口与认证接口的限流逻辑，包括密码提示查询控制。

UI / UX 改进

• 在认证页底部新增应用版本号显示。
• 进一步拆分网页端的路由、API 和组件结构，提升可维护性。
• 持续把大型页面拆分为更清晰的 vault / auth / backup / admin 模块。

v1.3.0 Import & Export

Release Notes

v1.3.0 - 2026-03-04

Compared with v1.2.0, this release standardizes Import & Export capabilities and improves cross-client compatibility.

New Features

Web Import

• Added full import support in Web Vault for:
  • Bitwarden (json)
  • Bitwarden (csv)
  • Bitwarden (json + attachments zip)
  • NodeWarden (json) (vault + attachments payload support)
• Added encrypted Bitwarden JSON import flows:
  • Account-verified encrypted import
  • Password-protected encrypted import
  • Supports both PBKDF2 and Argon2id decryption parameters
• Added encrypted ZIP import password flow:
  • Prompts for ZIP password when required
  • Handles missing/invalid ZIP password cases with explicit errors
• Added import folder strategies:
  • Keep original path from source file
  • Import with no folder
  • Import into one selected folder

Web Export

• Added export support for:
  • Bitwarden (vault as json)
  • Bitwarden (encrypted vault as json) (account/password modes)
  • Bitwarden (vault + attachments as zip)
  • Bitwarden (encrypted vault + attachments as zip)
  • NodeWarden (vault + attachments as json)
  • NodeWarden (encrypted vault + attachments as json)
• Added mandatory master-password verification before export (web parity with official behavior).
• Added optional ZIP password support for ZIP export modes.
• NodeWarden JSON export is designed to remain importable by Bitwarden clients for vault data; non-supported attachment payloads are safely ignored by clients that do not implement them.

Compatibility & Fixes

• Fixed cross-client compatibility for imported vault items that could appear blank in official clients.
• Fixed import folder mapping when choosing original path mode.
• Fixed Android sync failure for SSH ciphers by normalizing sshKey.keyFingerprint (legacy fingerprint remains compatible).
• Improved SSH fingerprint compatibility across create/update/import/export paths.
• Completed folder management UX in web (including direct delete action with confirmation).

UI / UX Improvements

• Redesigned the Import & Export page layout to align with the rest of the web app.
• Added a feature summary section describing NodeWarden-specific capabilities.
• Improved import success summary dialog and surrounding form ergonomics.

Other Updates

• Improved two-factor response compatibility details for Android clients.
• Added Worker build command integration for deployment and CI compatibility.

---

v1.3.0 - 2026-03-04

中文

与 v1.2.0 相比，此版本对 导入与导出（Import & Export） 功能进行了标准化，并提升了跨客户端兼容性。

---

新功能

Web 导入（Web Import）

• 在 Web Vault 中新增完整导入支持：

  • Bitwarden (json)
  • Bitwarden (csv)
  • Bitwarden (json + attachments zip)
  • NodeWarden (json)（支持 vault + 附件 payload）

• 新增 Bitwarden 加密 JSON 导入流程：

  • 账户验证的加密导入
  • 密码保护的加密导入
  • 同时支持 PBKDF2 和 Argon2id 解密参数

• 新增 加密 ZIP 导入密码流程：

  • 当 ZIP 需要密码时会提示输入
  • 对缺失或错误的 ZIP 密码提供明确的错误提示

• 新增 导入文件夹策略：

  • 保留源文件中的原始路径
  • 不使用文件夹导入
  • 导入到指定的单个文件夹

---

Web 导出（Web Export）

• 新增导出支持：

  • Bitwarden (vault as json)
  • Bitwarden (encrypted vault as json)（账户 / 密码模式）
  • Bitwarden (vault + attachments as zip)
  • Bitwarden (encrypted vault + attachments as zip)
  • NodeWarden (vault + attachments as json)
  • NodeWarden (encrypted vault + attachments as json)

• 新增 导出前必须进行主密码验证（与官方客户端行为保持一致）。

• 为 ZIP 导出模式新增 可选 ZIP 密码支持。

• NodeWarden JSON 导出设计为 仍可被 Bitwarden 客户端导入 vault 数据；不支持的附件 payload 会被未实现该功能的客户端安全忽略。

---

兼容性与修复

• 修复了某些导入的 vault 项在官方客户端中显示为空的问题。
• 修复在选择 original path 模式时的导入文件夹映射问题。
• 修复 Android 客户端同步 SSH cipher 失败的问题，通过规范化 sshKey.keyFingerprint（旧字段 fingerprint 仍保持兼容）。
• 提升 SSH 指纹在 创建 / 更新 / 导入 / 导出 流程中的兼容性。
• 完成 Web 端文件夹管理 UX（包括带确认提示的直接删除操作）。

---

UI / UX 改进

• 重新设计 Import & Export 页面布局，使其与 Web 应用整体风格保持一致。
• 新增 功能概览区域，说明 NodeWarden 的特有能力。
• 优化导入成功提示对话框及相关表单交互体验。

---

其他更新

• 改进 Android 客户端的 双因素认证响应兼容性。
• 新增 Worker 构建命令集成，以提升部署与 CI 的兼容性。

---

v1.2.0 – Web Vault, Send & Multi-User Administration

Release Notes

v1.2.0 - 2026-03-01

This is a major feature release. The headline addition is the built-in Web Vault — a full web-based password manager that works directly in any browser without installing a Bitwarden client. Alongside it comes complete Send support and a full multi-user administration system.

✨ New Features

Web Vault (webapp)

• New built-in web client served at the Worker's root URL (/).
• Vault page: browse, create, edit, delete, and restore ciphers (login, card, identity, secure note, SSH key).
• Full cipher detail view with field decryption, TOTP live code display, and one-click copy for passwords, usernames, TOTPs, and SSH keys.
• Folder management: create, rename, delete; filter vault items by folder.
• Attachment upload and download support.
• Vault lock / unlock flow: vault auto-locks after idle timeout; master password required to decrypt without re-authenticating.
• Settings page: change master password, enable/disable per-account TOTP 2FA, view recovery code, manage authorized devices.
• Sends page: create, view, edit, and delete text and file Sends.
• Public Send viewer (/send/:accessId#keyPart): access password-protected or open Sends without an account.
• JWT secret safety check: displays a warning page if the server is misconfigured.
• Admin panel: list users, invite new users, enable/disable accounts, delete accounts, manage and revoke invites.
• Toast notification system for all async operations.
• Confirmation dialog for destructive actions.

Internationalization (i18n)

• Full Chinese (zh-CN) and English (en) UI support.
• Language auto-detected from browser preferences.

Send (backend + frontend)

• Text and file Send creation, editing, deletion.
• Password-protected Sends with client-side PBKDF2 hash verification (plaintext password never sent to server).
• Access count limits and expiration dates enforced server-side with atomic SQL counter.
• Public Send access endpoints: POST /api/sends/access/:accessId, v2 bearer variant, and file download flow.

Multi-User Administration

• Admin user management: list all users, change account status (enable/disable), delete accounts with full R2 file cleanup.
• Invite system: admin can generate single-use invite codes; registration requires a valid code after the first user.
• TOTP recovery code: per-user recovery code generation and verification for 2FA account recovery.
• Authorized device management: view and revoke trusted 2FA-remember devices.

🔒 Security Improvements

• Server-side password re-hashing: client PBKDF2 hash is re-hashed with PBKDF2-SHA256 (100k iterations) before storage, tagged with $s$ prefix; legacy raw hashes migrated transparently on next login.
• Constant-time comparison for TOTP tokens and recovery codes (prevents timing attacks).
• Login rate limiting extended to IP + email dual dimension.
• API rate limiting unified and moved to Cloudflare Cache API (zero D1 writes under attack).
• KDF parameter validation on registration and password change (PBKDF2 ≥ 100,000 iterations, Argon2id ≥ 2/16/1).
• handleSetKeys now requires master password verification before replacing encryption keys.
• CORS: removed trust for origin: null (sandboxed iframe attack vector).
• Content-Security-Policy header added (restricts script/connect/frame sources).
• Security response headers added globally (X-Content-Type-Options, X-Frame-Options, etc.).
• Send access count race condition fixed with atomic UPDATE ... WHERE access_count < max_access_count.
• Admin delete user now cleans up all R2 attachment and Send files before removing DB records.
• Import endpoint limited to 5,000 items per request.
• Request body size hard-capped at 25 MB for all non-upload endpoints.
• DB initialization errors no longer forwarded to clients (generic message only).
• TOTP secret removed from localStorage after successful enrollment.

🛠 Changes & Improvements

• New favicon and project logo assets.
• Build pipeline: Vite webapp builds into dist/ before Wrangler deploy; npm run deploy is now the single deploy command.
• Production builds disable source maps and use manual chunk splitting (vendor, query, icons) to reduce per-deploy upload size.
• Routing regex patterns hardened for more precise path matching.
• Removed bundled legacy Bitwarden web-client subprojects from the repository.

---

本版本是重大功能版本，核心新增内置 Web 密码库——无需安装任何 Bitwarden 客户端，直接在浏览器中管理密码。同时完整实现 Send 功能和 多用户管理 体系。

✨ 新功能

Web 密码库（webapp）

• 内置网页客户端，通过 Worker 根 URL（/）直接访问。
• 密码库页：浏览、新建、编辑、删除、恢复密码项（登录、银行卡、身份信息、安全笔记、SSH 密钥）。
• 密码项详情视图：字段解密显示、TOTP 实时验证码、一键复制密码/用户名/TOTP/SSH 密钥。
• 文件夹管理：新建、重命名、删除文件夹；按文件夹过滤密码库。
• 附件上传与下载。
• 密码库锁定/解锁流程：闲置超时自动锁定，输入主密码即可解锁（无需重新登录）。
• 设置页：修改主密码、启用/禁用个人 TOTP 两步验证、查看恢复码、管理已授权设备。
• Send 页：创建、查看、编辑、删除文本和文件 Send。
• 公开 Send 查看页（/send/:accessId#keyPart）：无账号即可访问开放或密码保护的 Send。
• JWT 密钥安全检测：服务端配置不安全时显示警告页面。
• 管理员面板：用户列表、邀请新用户、启用/禁用账号、删除账号（含 R2 文件清理）、管理邀请码。
• 全局 Toast 通知。
• 危险操作确认对话框。

国际化（i18n）

• 完整支持中文（zh-CN）和英文（en）界面。
• 根据浏览器语言偏好自动选择。

Send（后端 + 前端）

• 文本和文件 Send 的创建、编辑、删除。
• 密码保护 Send：客户端 PBKDF2 哈希验证，明文密码不发往服务端。
• 访问次数限制和过期时间服务端原子 SQL 计数强制执行。
• 公开 Send 访问端点：POST /api/sends/access/:accessId、v2 bearer 变体及文件下载流程。

多用户管理

• 管理员用户管理：查看所有用户、修改账号状态（启用/禁用）、删除账号（同步清理 R2 文件）。
• 邀请码系统：管理员生成一次性邀请码，首用户后的注册均需有效邀请码。
• TOTP 恢复码：每用户独立恢复码，用于两步验证账号恢复。
• 已授权设备管理：查看并撤销已信任的 2FA 记住设备。

🔒 安全改进

• 服务端密码二次哈希：客户端 PBKDF2 哈希在存储前再次用 PBKDF2-SHA256（10 万次迭代）哈希，加 $s$ 前缀标识；旧格式哈希在下次登录时透明迁移。
• TOTP 令牌与恢复码均改为恒定时间比较，防止时序攻击。
• 登录限流扩展为 IP + 邮箱双维度。
• API 限流统一移至 Cloudflare Cache API，攻击时零 D1 写入。
• 注册和改密码时校验 KDF 参数下限（PBKDF2 ≥ 100,000 次，Argon2id ≥ 2/16/1）。
• handleSetKeys 替换加密密钥前需验证主密码。
• CORS 移除对 origin: null 的信任。
• 新增 Content-Security-Policy 响应头。
• 新增全局安全响应头（X-Content-Type-Options、X-Frame-Options 等）。
• Send 访问计数竞态条件修复，改为原子 SQL。
• 管理员删除用户时先清理 R2 附件和 Send 文件。
• 导入接口限制单次最多 5,000 条。
• 非文件上传接口请求体大小上限 25 MB。
• DB 初始化错误不再直接透传给客户端。
• TOTP 密钥注册成功后立即从 localStorage 删除。

🛠 变更与改进

• 新增 favicon 和项目 Logo 资源。
• 构建流程：Vite 编译 webapp 到 dist/ 后 Wrangler 打包部署，npm run deploy 一键完成。
• 生产构建关闭 source map，手动分包（vendor、query、icons）减少每次部署上传量。
• 路由正则表达式收紧，提升路径匹配精度。
• 移除仓库内遗留的旧版 Bitwarden 网页客户端子项目。

---

v1.1.0 Stability & Compatibility Update

Release Notes

v1.1.0 - 2026-02-20

Added

• Added login TOTP (2FA) support via environment secret TOTP_SECRET (set to enable, remove to disable).
• Added Bitwarden-compatible two-step login flow support: password step -> TOTP challenge -> token issuance.
• Added device registration/persistence based on client deviceIdentifier.
• Added trusted-device 2FA records and fixed remember-device lifetime to 30 days.
• Added token revocation endpoint compatibility for logout flows:
  • POST /identity/connect/revocation
  • POST /identity/connect/revoke

Changed

• Reworked database auto-initialization strategy:
  • Initialization now runs once on the first request of each isolate.
  • Added isolate-level single-flight guard for concurrent first-request initialization.
  • Uses idempotent schema DDL (CREATE ... IF NOT EXISTS) to keep setup/update self-healing.
• Updated import handling (/api/ciphers/import) to preserve more client fields with stronger passthrough behavior.

Fixed

• Fixed cipher import field loss: login.fido2Credentials (passkey), sshKey, and key are now preserved.
• Fixed invalid TOTP handling to keep clients in a proper 2FA challenge state instead of falling into ambiguous error loops.
• Aligned 2FA challenge payload closer to Bitwarden expectations (TwoFactorProviders2["0"] = null).
• Added explicit rejection for unsupported two-factor providers to avoid undefined client behavior.

---

新增

• 新增登录 TOTP（2FA）支持，通过环境变量 TOTP_SECRET 控制（有值启用、无值关闭）。
• 新增兼容 Bitwarden 的两阶段登录流程：密码阶段 -> TOTP 挑战 -> 发放令牌。
• 新增基于客户端 deviceIdentifier 的设备注册与持久化。
• 新增 2FA 记住设备数据，并将“记住此设备”有效期固定为 30 天。
• 新增注销相关令牌撤销端点兼容：
  • POST /identity/connect/revocation
  • POST /identity/connect/revoke

变更

• 重构数据库自动初始化策略：
  • 初始化改为每个 isolate 首次请求执行一次。
  • 增加 isolate 级单飞保护，避免并发首请求重复初始化。
  • 采用幂等建表 SQL（CREATE ... IF NOT EXISTS），提升首次部署与更新补齐稳定性。
• 调整 /api/ciphers/import 导入处理，增强字段透传能力，减少客户端字段损失风险。

修复

• 修复 /api/ciphers/import 字段丢失：导入时保留 login.fido2Credentials（passkey）、sshKey、key。
• 修复错误 TOTP 时客户端可能进入模糊错误循环的问题，改为保持在 2FA 挑战流程。
• 将 2FA 挑战返回进一步对齐 Bitwarden 预期（TwoFactorProviders2["0"] = null）。
• 对不支持的 two-factor provider 返回明确错误，避免客户端进入未定义状态。

NodeWarden v1.0.0 is the first stable release.

Release Notes

v1.0.0 - 2026-02-19

NodeWarden v1.0.0 is the first stable release.

This release marks the project as production-ready for single-user Bitwarden-compatible self-hosting on Cloudflare Workers, with a complete core flow for setup, authentication, sync, and daily vault usage.

It focuses on reliability, compatibility, and maintainability:

• Reliable setup and registration lifecycle for single-user mode.
• Improved compatibility behavior across official Bitwarden clients.
• Hardened security defaults and safer write-path protections.
• Cleaner architecture and configuration boundaries for future evolution.

Thank you to everyone who tested, reported issues, and shared feedback. v1.0.0 is the stable baseline for upcoming releases.

---

NodeWarden v1.0.0 正式发布，这是项目的首个稳定版本。

该版本标志着 NodeWarden 已可作为 Cloudflare Workers 上的单用户 Bitwarden 兼容自托管方案稳定使用，覆盖从初始化、认证、同步到日常密码库使用的核心链路。

v1.0.0 的重点是稳定性、兼容性与可维护性：

• 单用户模式下更可靠的初始化与注册生命周期。
• 对官方 Bitwarden 客户端更稳健的兼容行为。
• 更严格的默认安全策略与写入路径保护。
• 更清晰的工程结构与配置边界，便于后续演进。

感谢所有测试、反馈与问题报告。v1.0.0 将作为后续版本迭代的稳定基线。

Compatibility, Security Hardening, and Performance Improvements

Release Notes

v0.3.0 - 2026-02-18

Added

• Pagination support for list endpoints:
  • Added pageSize + continuationToken handling for /api/ciphers and /api/folders.
  • Added reusable pagination utility module (src/utils/pagination.ts).
• Added a comprehensive self-check script (tests/selfcheck.ts) and npm command:
  • npm run selfcheck
  • Covers compatibility, auth flow, CORS, sync, attachments, blocked endpoints, and gap checks.
• Added centralized limits/config constants (src/config/limits.ts) for auth, rate limits, cache, cleanup, pagination, compatibility versioning, and more.
• Added in-memory /api/sync response cache (short TTL) and support for excludeDomains query handling.
• Added one-time-use protection for attachment download tokens:
  • New used_attachment_download_tokens table and consume-once check.

Changed

• Refactored setup page rendering into a dedicated template module (src/setup/pageTemplate.ts), replacing older split setup page handlers.
• Improved icon proxy and favicon behavior:
  • Added custom NW favicon (/favicon.ico, /favicon.svg).
  • Added devtools probe endpoint (/.well-known/appspecific/com.chrome.devtools.json).
  • Added icon hostname validation and edge cache usage for /icons/{hostname}/icon.png.
• Improved rate limiting strategy:
  • Login throttling now tracks by client IP (login_attempts_ip) instead of email.
  • Split API budgets into write-operations budget and dedicated /api/sync read budget.
  • Added low-frequency cleanup for stale limiter records.
• Improved cipher model compatibility:
  • Introduced opaque passthrough for unknown cipher fields so new client fields can round-trip without server changes.
• Improved refresh token storage:
  • New tokens are stored as SHA-256 keyed values (with legacy plaintext token migration compatibility).
• Updated routing and API behavior for single-user mode and compatibility alignment:
  • Some blocked account operations now return 501 Not implemented in single-user mode.
  • /config.version and /api/version now share a single source of truth from limits config.

Fixed

• Fixed folder deletion behavior to clear folderId references in related ciphers.
• Fixed potential D1 bind errors by normalizing undefined to null in storage bindings.
• Fixed registration race path by creating first user atomically (createFirstUser) to enforce single-user bootstrap safely.
• Fixed identity error responses to consistently match OAuth-style expectations.
• Fixed setup/register write protections by requiring same-origin browser evidence (Origin/Referer) on setup-sensitive write endpoints.
• Fixed attachment download endpoint security and behavior:
  • Added strict JWT secret safety guard checks for attachment public download path.
  • Removed permissive attachment CORS response behavior.

Security

• Strengthened CORS policy:
  • Replaced wildcard behavior with allowlist-style origin handling for same-origin and trusted Bitwarden client origins.
  • Added stricter preflight validation.
• Hardened first-time setup and registration path:
  • Stronger JWT secret checks and clearer setup flow guidance.
  • Additional safety checks for encrypted key-like payloads during registration/key updates.

Docs & Project

• Documentation refresh:
  • Added English README (README_EN.md) and updated README structure/content.
  • Updated feature comparison tables and deployment guidance.
  • Replaced README_ZH.md with README.md as the Chinese primary doc.
• Added upstream sync workflow (.github/workflows/sync-upstream.yml).
• Updated wrangler.toml project naming and removed placeholder D1 database ID.

---

发布说明

v0.3.0 - 2026-02-18

新增

• 列表接口分页能力：
  • /api/ciphers、/api/folders 支持 pageSize + continuationToken。
  • 新增通用分页工具模块（src/utils/pagination.ts）。
• 新增完整自检脚本（tests/selfcheck.ts）与 npm 命令：
  • npm run selfcheck
  • 覆盖兼容性、认证流程、CORS、同步、附件、受限端点、缺口分析等。
• 新增统一配置常量（src/config/limits.ts），集中管理认证、限流、缓存、清理、分页、兼容版本号等参数。
• 新增 /api/sync 短时内存缓存，并支持 excludeDomains 请求参数。
• 新增附件下载令牌一次性消费保护：
  • 增加 used_attachment_download_tokens 表并校验“只可使用一次”。

变更

• 重构 setup 页面渲染结构：
  • 将初始化页面整合到独立模板模块（src/setup/pageTemplate.ts），替代原有拆分 handler。
• 改进图标代理与站点图标行为：
  • 增加 NW 自定义 favicon（/favicon.ico、/favicon.svg）。
  • 增加 devtools 探测端点（/.well-known/appspecific/com.chrome.devtools.json）。
  • 为 /icons/{hostname}/icon.png 增加主机名校验与边缘缓存。
• 调整限流策略：
  • 登录限流从按邮箱改为按客户端 IP（login_attempts_ip）。
  • API 限流拆分为写请求预算 + /api/sync 读请求预算。
  • 增加低频过期记录清理。
• 提升 cipher 模型兼容性：
  • 引入“未知字段透传”能力，新版客户端新增字段可无损往返。
• 改进 refresh token 存储：
  • 新令牌按 SHA-256 key 存储，同时兼容旧明文 token 迁移。
• 单用户模式与兼容策略细化：
  • 部分受限账户操作改为返回 501 Not implemented in single-user mode。
  • /config.version 与 /api/version 统一由配置常量驱动。

修复

• 修复删除文件夹后 cipher 仍残留 folderId 引用的问题。
• 修复 D1 参数绑定时 undefined 导致的运行错误（统一转换为 null）。
• 修复首次注册竞争路径：通过原子化 createFirstUser 安全保证单用户初始化。
• 修复 identity 端点错误响应格式，与 OAuth 风格保持一致。
• 修复 setup/register 写操作保护：对敏感写端点要求同源浏览器证据（Origin/Referer）。
• 修复附件下载链路的安全与行为细节：
  • 附件公开下载端点增加 JWT 密钥安全检查。
  • 移除附件下载响应中的宽松 CORS 行为。

安全

• 强化 CORS 策略：
  • 从通配符改为 allowlist 风格，仅允许同源和受信任 Bitwarden 客户端来源。
  • 预检请求校验更严格。
• 强化初始化与注册阶段安全性：
  • 更严格的 JWT_SECRET 校验和引导流程。
  • 对注册/密钥更新中的加密字段做结构校验。

文档与工程

• 文档更新：
  • 新增英文文档 README_EN.md，并整体调整 README 结构与内容。
  • 更新功能对比表与部署说明。
  • 以 README.md 作为中文主文档，移除 README_ZH.md。
• 新增上游同步工作流（.github/workflows/sync-upstream.yml）。
• 更新 wrangler.toml 项目名并移除占位 D1 database_id。

---