v0.8.1

What's Changed

Implement CSV export/download functionality, in which statements can be downloaded in CSV format. The CSV column headers are paths to statement properties, which can be selected in the UI; for example, if the user wants to download statements' ID and verb ID, the file will look like this:

id,verb_id
fdfb9f6d-123f-4851-9763-520a1ea0f182,http://example.org/verb/1
72f3c1b3-6129-4ed8-9e97-ccc8753d906a,http://example.org/verb/2

• Add two GET endpoints: /admin/csv and /admin/csv/auth
  • /admin/csv/auth returns a one-time JWT for use with /admin/csv. This is important because the latter endpoint is used as a download attribute for HTML anchor tags in the UI, which cannot accept headers.
  • /admin/csv downloads statements in the LRS as a CSV filestream. This endpoint accepts the statement query parameters defined in the xAPI spec, but allows two additional parameters: the one-time JWT token string and the URL-encoded property-path vector strings, which define the CSV column headers.
• Add new config variable: LRSQL_STMT_GET_MAX_CSV, which defines the maximum number of statements that can be included in a CSV download. If this is negative (e.g. the default value of -1), then it is ignored and all statements in the LRS are downloaded (subject to query filters).

Pull Requests

• [SQL-283] Authentication for CSV export by @kelvinqian00 in #467
• [SQL-281] CSV export by @kelvinqian00 in #464

Full Changelog: v0.8.0...v0.8.1

v0.8.0

Release Notes

Overhaul to login mechanics and the frontend UI.

Changes:

JSON Web Token/Login Mechanics

• Implement JSON Web Token renewal, so that users can stay logged in while actively using the UI.
• Add logout revocation: logging out invalidates the current JWT by adding it to a blocklist
• New config vars:
  • LRSQL_JWT_REFRESH_EXP_TIME: JWT refresh expiration time, after which refreshes can no longer be performed
  • LRSQL_JWT_REFRESH_INTERVAL: time interval for frontend to send a JWT refresh request
  • LRSQL_JWT_INTERACTION_WINDOW: time interval to check for user interaction before a potential JWT refresh
• New admin API endpoints:
  • /admin/account/logout: log out and invalidate current JWT
  • /admin/account/renew: renew the current JWT to extend the current login session
  • /admin/verify: returns 204 No Content if currently logged in

Routing Changes

• The default UI endpoint is now /admin/ui and not /admin/index.html. Navigation links, instead of going to /admin/index.html#, now direct to the following pages:
  • /credentials (same as /)
  • /accounts
  • /accounts/password
  • /browser (statement browser)
  • /data-management (actor delete)
  • /status
  • /reactions
  • /reactions/new
  • /reactions/[reaction-id]/view
  • /reactions/[reaction-id]/edit
  • /not-found
• SPA routing was implemented using re-route.
• Ban users from setting /admin as the route prefix to avoid clashes

Miscellaneous

• Update the UI to use oidc-client-ts instead of the deprecated oidc-client library.

Pull Requests

• [SQL-267] /admin/verify endpoint by @kelvinqian00 in #433
• [SQL-222] Admin logout endpoint by @kelvinqian00 in #434
• [SQL-268] Admin JWT renewal endpoint by @kelvinqian00 in #435
• Update base UI path to /admin/ui by @kelvinqian00 in #439
• Development checklist by @kelvinqian00 in #441
• [SQL-274] Prevent user from setting LRSQL_URL_PREFIX to /admin by @kelvinqian00 in #449
• [SQL-264] JWT and Routing Enhancement Suite by @kelvinqian00 in #456 (main combined PR)
• Update UI version to v0.2.0 by @kelvinqian00 in #466

Full Changelog: v0.7.27...v0.8.0

For frontend changes, see the release notes for v0.2.0.

v0.7.27

What's Changed

• Add entity relation diagrams as documentation by @kelvinqian00 in #454
• Fix bug where Reactions cannot be accessed with OIDC login by @kelvinqian00 in #465

Full Changelog: v0.7.26...v0.7.27

v0.7.26

What's Changed

• Update copyright years to include 2025 by @blakeplock and @kelvinqian00 in #452
• Update UI version to v0.1.26 by @kelvinqian00 in #453

Full Changelog: v0.7.25...v0.7.26

v0.7.25

What's Changed

• [SQL-275][SQL-277] Update maven-dependency-submission-action to v4 by @kelvinqian00 in #443
• [SQL-275][SQL-276] Replace nvd-clojure scanning with Dependabot by @kelvinqian00 in #442
• fix link in docs by @milt in #448
• Patch logback-classic for CVE-2024-12798 by @milt in #451

Full Changelog: v0.7.24...v0.7.25

v0.7.24

What's Changed

This release updates the Reactions UI. For a full description of the UI changes, see here.

• [SQL-269] Update UI version for reactions UI changes by @kelvinqian00 in #440
• [SQL-261] Reactions tutorial rewrite by @kelvinqian00 in #428

Full Changelog: v0.7.23...v0.7.24

v0.7.23

What's Changed

• Suppress additional CVE-2024-6763 warnings by @kelvinqian00 in #437
• Update workflow-runtimer version by @kelvinqian00 in #436
• Activity Definition Upsert by @milt in #438

Full Changelog: v0.7.22...v0.7.23

v0.7.22

What's Changed

• Jetty CVE fixes by @kelvinqian00 in #431

Full Changelog: v0.7.21...v0.7.22

v0.7.21

What's Changed

UI Updates:

• Update UI to implement reactions upload/download by @kelvinqian00 in #427

Documentation and Demos:

• TLA demo by @cliffcaseyyet in #426

Bugfixes and Maintenance:

• Patch commons-io to 2.14.0 to resolve CVE-2024-47554 by @milt in #429
• Update GitHub Actions by @kelvinqian00 in #423
• [LRS-83] POST with empty list by @deathtenk in #421

Full Changelog: v0.7.20...v0.7.21

v0.7.20

What's Changed

• Docker remove bench by @cliffcaseyyet in #419
• Generates openapi spec from annotated routes by @invaliduser in #402
• proxy example with addtl path by @cliffcaseyyet in #424
• [SQL-251] Bench updates by @kelvinqian00 in #422
• upgrade UI v0.1.23 by @cliffcaseyyet in #425

Full Changelog: v0.7.19...v0.7.20