update version in package.json

Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.8 to 2.2.2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](c062e08bd5...da05d55257)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/CONTRIBUTING.md

@@ -0,0 +1,63 @@
+# Contribution Guidelines
+
+Table of Contents:
+
+<!-- vim-markdown-toc GFM -->
+
+* [Did you find a bug?](#did-you-find-a-bug)
+  * [Is it a Security Vulnerability?](#is-it-a-security-vulnerability)
+  * [Is it already a known issue?](#is-it-already-a-known-issue)
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Is there a patch for the bug?](#is-there-a-patch-for-the-bug)
+* [Do you want to add a new feature?](#do-you-want-to-add-a-new-feature)
+  * [Is it just an idea?](#is-it-just-an-idea)
+  * [Is there a patch for the feature?](#is-there-a-patch-for-the-feature)
+* [Do you have questions about the Synapse Admin project or need guidance?](#do-you-have-questions-about-the-synapse-admin-project-or-need-guidance)
+
+<!-- vim-markdown-toc -->
+
+## Did you find a bug?
+
+### Is it a Security Vulnerability?
+
+Please follow the [Security Policy](https://github.com/etkecc/synapse-admin/blob/main/.github/SECURITY.md) for reporting
+security vulnerabilities.
+
+### Is it already a known issue?
+
+Please ensure the bug was not already reported by searching [the Issues section](https://github.com/etkecc/synapse-admin/issues).
+
+### Reporting a Bug
+
+If you think you have found a bug in Synapse Admin, it is not a security vulnerability, and it is not already reported,
+please open [a new issue](https://github.com/etkecc/synapse-admin/issues/new) with:
+    * A proper title and clear description of the problem.
+    * As much relevant information as possible:
+        * The version of Synapse Admin you are using.
+        * The version of Synapse you are using.
+        * Any relevant browser console logs, failed requests details, and error messages.
+
+### Is there a patch for the bug?
+
+If you already have a patch for the bug, please open a pull request with the patch,
+and mention the issue number in the pull request description.
+
+## Do you want to add a new feature?
+
+### Is it just an idea?
+
+Please open [a new issue](https://github.com/etkecc/synapse-admin/issues/new) with:
+    * A proper title and clear description of the requested feature.
+    * Any relevant information about the feature:
+        * Why do you think this feature is needed?
+        * How do you think it should work? (provide Synapse Admin API endpoint)
+        * Any relevant screenshots or mockups.
+
+### Is there a patch for the feature?
+
+If you already have a patch for the feature, please open a pull request with the patch,
+and mention the issue number in the pull request description.
+
+## Do you have questions about the Synapse Admin project or need guidance?
+
+Please use the official community Matrix room: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Report a Synapse Admin bug
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Browser console logs**
+If applicable, add the browser console's log
+
+**Instance configuration:**
+ - Synapse Admin version: [e.g. v0.10.3-etke39]
+ - Synapse version [v1.127.1]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,23 @@
+---
+name: Feature request
+about: Suggest an idea for Synapse Admin
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Provide related Synapse Admin API endpoints**
+If applicable, provide links to the Synapse Admin API's endpoints that could be used to implement that feature
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Only [the last published version](https://github.com/etkecc/synapse-admin/releases/latest) of the project is supported.
+This means that only the latest version will receive security updates.
+If you are using an older version, you are strongly encouraged to upgrade to the latest version.
+
+## Reporting a Vulnerability
+
+Please contact us using the [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc) Matrix room.
+The Synapse Admin project is a static JS UI for the Synapse server,
+so it is unlikely that there are (or will be) any impactful security vulnerabilities in the project itself.
+However, we do not rule out the possibility of such cases, so we will be happy to receive any reports!

.github/workflows/workflow.yml

@@ -48,25 +48,31 @@ jobs:
           name: dist
           path: dist/
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Login to ghcr.io
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to hub.docker.com
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: etkecc
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: |
+            ${{ github.repository }}
             ghcr.io/${{ github.repository }}
             registry.etke.cc/${{ github.repository }}
           tags: |
             type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
             type=semver,pattern={{raw}}
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
         with:
           platforms: linux/amd64,linux/arm64
           context: .
@@ -106,7 +112,7 @@ jobs:
         run: |
           mv dist synapse-admin
           tar chvzf synapse-admin.tar.gz synapse-admin
-      - uses: softprops/action-gh-release@v2
+      - uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
         with:
           files: synapse-admin.tar.gz
           generate_release_notes: true

README.md

@@ -55,7 +55,7 @@ The full list is described below in the [Changes](#changes) section.
 * As a core/default component on [etke.cc](https://etke.cc/?utm_source=github&utm_medium=readme&utm_campaign=synapse-admin)
 * As a standalone app on [admin.etke.cc](https://admin.etke.cc)
 * As a prebuilt distribution on [GitHub Releases](https://github.com/etkecc/synapse-admin/releases)
-* As a Docker container on [GitHub Container Registry](https://github.com/etkecc/synapse-admin/pkgs/container/synapse-admin)
+* As a Docker container on [Docker Hub](https://hub.docker.com/r/etkecc/synapse-admin) and [GitHub Container Registry](https://github.com/etkecc/synapse-admin/pkgs/container/synapse-admin)
 * As a component in [Matrix-Docker-Ansible-Deploy Playbook](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-synapse-admin.md)
 
 ### Changes
@@ -109,10 +109,10 @@ The following changes are already implemented:
 * 📞 [Support E.164-based Matrix IDs (MSC4009)](https://github.com/etkecc/synapse-admin/pull/214)
 * 🛑 [Add support for Account Suspension (MSC3823)](https://github.com/etkecc/synapse-admin/pull/195)
 * 🗑️ [Add "Purge Remote Media" button](https://github.com/etkecc/synapse-admin/pull/237)
-* [Respect base url (`BASE_PATH` / `vite build --base`) when loading `config.json`](https://github.com/etkecc/synapse-admin/pull/274)
-* [Add Users' Account Data tab](https://github.com/etkecc/synapse-admin/pull/276)
-* [Make bulk registration CSV import more user-friendly](https://github.com/etkecc/synapse-admin/pull/411)
-* [Configurable CORS Credentials](https://github.com/etkecc/synapse-admin/pull/456)
+* 📁 [Respect base url (`BASE_PATH` / `vite build --base`) when loading `config.json`](https://github.com/etkecc/synapse-admin/pull/274)
+* 🗂️ [Add Users' Account Data tab](https://github.com/etkecc/synapse-admin/pull/276)
+* 🧾 [Make bulk registration CSV import more user-friendly](https://github.com/etkecc/synapse-admin/pull/411)
+* 🌐 [Configurable CORS Credentials](https://github.com/etkecc/synapse-admin/pull/456)
 
 #### exclusive for [etke.cc](https://etke.cc) customers
 

docs/README.md

@@ -17,6 +17,7 @@ Table of contents:
 
 Specific configuration options:
 
+* [Customizing CORS credentials](./cors-credentials.md)
 * [Restricting available homeserver](./restrict-hs.md)
 * [System / Appservice-managed Users](./system-users.md)
 * [Custom Menu Items](./custom-menu.md)
@@ -33,6 +34,10 @@ they are not available for any other Synapse Admin deployments.
 
 * [Server Status icon](../src/components/etke.cc/README.md#server-status-icon)
 * [Server Status page](../src/components/etke.cc/README.md#server-status-page)
+* [Server Actions page](../src/components/etke.cc/README.md#server-actions-page)
+* [Server Commands Panel](../src/components/etke.cc/README.md#server-commands-panel)
+* [Server Notifications icon](../src/components/etke.cc/README.md#server-notifications-icon)
+* [Server Notifications page](../src/components/etke.cc/README.md#server-notifications-page)
 
 ## Deployment
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "synapse-admin",
-  "version": "0.10.3",
+  "version": "0.11.0",
   "description": "Admin GUI for the Matrix.org server Synapse",
   "type": "module",
   "author": "etke.cc (originally by Awesome Technologies Innovationslabor GmbH)",
@@ -11,35 +11,35 @@
     "url": "https://github.com/etkecc/synapse-admin"
   },
   "devDependencies": {
-    "@eslint/js": "^9.22.0",
+    "@eslint/js": "^9.25.0",
     "@testing-library/dom": "^10.0.0",
     "@testing-library/jest-dom": "^6.6.3",
     "@testing-library/react": "^16.3.0",
     "@testing-library/user-event": "^14.6.1",
     "@types/jest": "^29.5.14",
     "@types/lodash": "^4.17.16",
-    "@types/node": "^22.14.1",
-    "@types/papaparse": "^5.3.15",
-    "@types/react": "^19.1.1",
-    "@typescript-eslint/eslint-plugin": "^8.29.1",
-    "@typescript-eslint/parser": "^8.29.0",
-    "@vitejs/plugin-react": "^4.3.4",
-    "eslint": "^9.24.0",
-    "eslint-config-prettier": "^10.1.2",
+    "@types/node": "^22.15.19",
+    "@types/papaparse": "^5.3.16",
+    "@types/react": "^19.1.4",
+    "@typescript-eslint/eslint-plugin": "^8.32.0",
+    "@typescript-eslint/parser": "^8.32.0",
+    "@vitejs/plugin-react": "^4.4.1",
+    "eslint": "^9.27.0",
+    "eslint-config-prettier": "^10.1.5",
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-jsx-a11y": "^6.10.2",
-    "eslint-plugin-prettier": "^5.2.6",
+    "eslint-plugin-prettier": "^5.4.0",
     "eslint-plugin-unused-imports": "^4.1.4",
     "jest": "^29.7.0",
     "jest-environment-jsdom": "^29.7.0",
     "jest-fetch-mock": "^3.0.3",
     "prettier": "^3.5.3",
     "react-test-renderer": "^19.1.0",
-    "ts-jest": "^29.3.2",
+    "ts-jest": "^29.3.4",
     "ts-node": "^10.9.2",
     "typescript": "^5.8.3",
-    "typescript-eslint": "^8.29.1",
-    "vite": "^6.2.6",
+    "typescript-eslint": "^8.32.1",
+    "vite": "^6.3.5",
     "vite-plugin-version-mark": "^0.1.4"
   },
   "dependencies": {
@@ -49,8 +49,8 @@
     "@haxqer/ra-language-chinese": "^4.16.2",
     "@mui/icons-material": "^6.4.8",
     "@mui/material": "^6.4.8",
-    "@mui/utils": "^6.4.9",
-    "@tanstack/react-query": "^5.74.0",
+    "@mui/utils": "^7.1.0",
+    "@tanstack/react-query": "^5.76.1",
     "history": "^5.3.0",
     "jest-fixed-jsdom": "^0.0.9",
     "lodash": "^4.17.21",
@@ -59,17 +59,17 @@
     "ra-i18n-polyglot": "^5.4.4",
     "ra-language-english": "^5.4.4",
     "ra-language-farsi": "^5.1.0",
-    "ra-language-french": "^5.7.2",
+    "ra-language-french": "^5.8.2",
     "ra-language-italian": "^3.13.1",
     "ra-language-russian": "^5.4.3",
     "react": "^19.1.0",
-    "react-admin": "^5.7.2",
+    "react-admin": "^5.8.2",
     "react-dom": "^19.1.0",
-    "react-hook-form": "^7.55.0",
+    "react-hook-form": "^7.56.4",
     "react-is": "^19.1.0",
     "ts-jest-mock-import-meta": "^1.3.0",
-    "react-router": "^7.5.0",
-    "react-router-dom": "^7.5.0"
+    "react-router": "^7.6.0",
+    "react-router-dom": "^7.6.0"
   },
   "scripts": {
     "start": "vite serve",

src/pages/LoginPage.test.tsx

@@ -1,7 +1,6 @@
 import { render, screen } from "@testing-library/react";
 import polyglotI18nProvider from "ra-i18n-polyglot";
 import { AdminContext } from "react-admin";
-import { BrowserRouter } from "react-router-dom";
 
 import LoginPage from "./LoginPage";
 import { AppContext } from "../Context";
@@ -14,11 +13,9 @@ describe("LoginForm", () => {
   it("renders with no restriction to homeserver", async () => {
     await act(async () => {
       render(
-        <BrowserRouter>
-          <AdminContext i18nProvider={i18nProvider}>
-            <LoginPage />
-          </AdminContext>
-        </BrowserRouter>
+        <AdminContext i18nProvider={i18nProvider}>
+          <LoginPage />
+        </AdminContext>
       );
     });
 
@@ -35,20 +32,18 @@ describe("LoginForm", () => {
 
   it("renders with single restricted homeserver", () => {
     render(
-      <BrowserRouter>
-        <AppContext.Provider
-          value={{
-            restrictBaseUrl: "https://matrix.example.com",
-            asManagedUsers: [],
-            menu: [],
-            corsCredentials: "include",
-          }}
-        >
-          <AdminContext i18nProvider={i18nProvider}>
-            <LoginPage />
-          </AdminContext>
-        </AppContext.Provider>
-      </BrowserRouter>
+      <AppContext.Provider
+        value={{
+          restrictBaseUrl: "https://matrix.example.com",
+          asManagedUsers: [],
+          menu: [],
+          corsCredentials: "include",
+        }}
+      >
+        <AdminContext i18nProvider={i18nProvider}>
+          <LoginPage />
+        </AdminContext>
+      </AppContext.Provider>
     );
 
     screen.getByText(englishMessages.synapseadmin.auth.welcome);
@@ -73,9 +68,7 @@ describe("LoginForm", () => {
         }}
       >
         <AdminContext i18nProvider={i18nProvider}>
-          <BrowserRouter>
-            <LoginPage />
-          </BrowserRouter>
+          <LoginPage />
         </AdminContext>
       </AppContext.Provider>
     );

src/resources/users.tsx

@@ -171,7 +171,7 @@ export const UserList = (props: ListProps) => (
   <List
     {...props}
     filters={userFilters}
-    filterDefaultValues={{ deactivated: false, locked: false, suspended: false }}
+    filterDefaultValues={{ guests: false, deactivated: false, locked: false, suspended: false }}
     sort={{ field: "name", order: "ASC" }}
     actions={<UserListActions />}
     pagination={<UserPagination />}

src/synapse/authProvider.ts

@@ -190,8 +190,6 @@ const authProvider: AuthProvider = {
     const access_token = localStorage.getItem("access_token");
     return typeof access_token === "string" ? Promise.resolve() : Promise.reject();
   },
-  // called when the user navigates to a new location, to check for permissions / roles
-  getPermissions: () => Promise.resolve(),
 };
 
 export default authProvider;

src/utils/fetchMedia.ts

@@ -1,5 +1,5 @@
 export const getServerAndMediaIdFromMxcUrl = (mxcUrl: string): { serverName: string; mediaId: string } => {
-  const re = /^mxc:\/\/([^/]+)\/(\w+)/;
+  const re = /^mxc:\/\/([^/]+)\/([\w-]+)$/;
   const ret = re.exec(mxcUrl);
   if (ret == null) {
     throw new Error("Invalid mxcUrl");