Commit Graph

149 Commits

Author SHA1 Message Date
Amruth Pillai c6e8df0a00 - Pinned some packages to specific versions to avoid potential security vulnerabilities through transitive dependencies. (through running pnpm audit)
- Updated dependencies and lockfile.
- Synced translation catalogs from Crowdin.
2026-04-22 15:15:10 +02:00
Amruth Pillai c19b9746c8 📦 v5.0.18 - https://docs.rxresu.me/changelog (Passkeys Support) 2026-04-14 10:51:04 +02:00
Amruth Pillai bea8ff1beb Fix MCP tool names for Claude Desktop incompatibility (#2885)
* fixes #2884, rename tool names for claude to work

* update dependencies
2026-04-09 15:03:18 +02:00
Amruth Pillai 1b266ba7ac Implement Resume Analysis (#2882)
* Implement Resume Analysis

* 📦 v5.0.17 - https://docs.rxresu.me/changelog
2026-04-09 09:04:27 +02:00
Amruth Pillai 1810dc8b07 better mcp server 2026-04-09 00:28:31 +02:00
Amruth Pillai bcbe70d231 📦 v5.0.16 - https://docs.rxresu.me/changelog 2026-04-04 12:31:24 +02:00
Amruth Pillai 4fd43657dc 📦 v5.0.15 - https://docs.rxresu.me/changelog 2026-04-02 00:14:54 +02:00
Amruth Pillai 3653baad9b 📦 v5.0.14 - https://docs.rxresu.me/changelog 2026-03-24 11:22:45 +01:00
Christian Pojoni b4aaf9712f feat(mcp): add OAuth 2.1 for claude.ai MCP connector (#2829)
* feat(mcp): add OAuth 2.1 authentication for claude.ai MCP connector

Enable OAuth 2.1 (RFC 8414 + RFC 7591) for the MCP endpoint using
better-auth's MCP plugin. This allows claude.ai and other MCP clients
to authenticate via Dynamic Client Registration and Authorization Code
flow with PKCE, using the existing login page.

- Add `mcp()` plugin to better-auth config with login page redirect
- Add `.well-known/oauth-authorization-server` discovery endpoint
- Add `.well-known/oauth-protected-resource` metadata endpoint
- Update MCP handler to accept Bearer tokens via `getMcpSession`
- Retain `x-api-key` fallback for backward compatibility
- Return proper HTTP 401 + WWW-Authenticate header for unauthed requests
- Add `oauthApplication`, `oauthAccessToken`, `oauthConsent` tables

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(mcp): use typed AuthError and suppress noisy verifyApiKey throws

- Replace string-matching error detection with instanceof AuthError
- Wrap verifyApiKey in try-catch to avoid logging malformed key errors
- Move console.error below auth check so 401s don't pollute logs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat(mcp): add database migration for OAuth tables

Creates oauth_application, oauth_access_token, and oauth_consent tables
required for MCP OAuth 2.1 Dynamic Client Registration flow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(mcp): resolve OAuth Bearer token auth for oRPC tool calls

The oRPC context only checked session cookies and API keys, causing
MCP tool calls from OAuth clients (claude.ai) to fail with Unauthorized
even though the MCP endpoint itself authenticated successfully.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(mcp): look up user by userId from OAuth access token

getMcpSession returns OAuthAccessToken (with userId), not a session
object with a user property. Must query the user table by userId.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* refactor(mcp): migrate from deprecated mcp() plugin to @better-auth/oauth-provider

The better-auth MCP plugin is marked for deprecation in favor of the
OAuth Provider plugin. This refactors the entire OAuth 2.1 flow to use
@better-auth/oauth-provider with JWT-based token verification, replacing
the opaque token lookup via getMcpSession().

Key changes:
- Replace mcp() with jwt() + oauthProvider() in auth config
- Replace getMcpSession() with verifyAccessToken() (JWT/JWKS)
- Replace oauthApplication table with oauthClient (RFC 7591 compliant)
- Add oauthRefreshToken table and jwks table for JWT signing keys
- Extract shared authBaseUrl and verifyOAuthToken helper
- Hoist McpServer to module scope (avoid per-request reconstruction)
- Update .well-known discovery endpoints for OAuth Provider

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(mcp): resolve OAuth 2.1 flow for claude.ai MCP connector

Multiple fixes required to make the full MCP OAuth flow work with
claude.ai's implementation:

- Add RFC 8414 discovery route at /.well-known/oauth-authorization-server/api/auth
  (claude.ai appends the issuer path per spec)
- Add /auth/oauth server route to handle login/consent flow
  (generates auth codes directly, bypassing h3 cookie issues)
- Default token_endpoint_auth_method to "none" via onRequest plugin hook
  (claude.ai omits this field, causing confidential client rejection)
- Strip prompt=consent from authorize requests via onRequest hook
  (better-auth checks prompt before skipConsent, causing redirect loops)
- Add validAudiences for MCP resource URL
  (JWT aud claim contains the MCP URL, not the base URL)
- Disable CSRF check for cross-origin OAuth flows
- Log token endpoint errors for debugging
- Set skipConsent on OAuth clients via /auth/oauth route

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(mcp): harden OAuth security and enforce lock on delete

- Scope CSRF bypass to OAuth2 paths only instead of disabling globally
- Validate redirect_uri against registered client URIs (prevents code interception)
- Use pathname matching instead of fragile url.includes() for route guards
- Replace biased modulo code generation with crypto.randomBytes
- Enforce resume lock check on delete (previously silently ignored)
- Remove debug console.error logging of OAuth token response bodies
- Use Response.json() consistently for MCP 401 response

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Update dependencies, refine ignore patterns, and enhance documentation

- Updated various dependencies in package.json and pnpm-lock.yaml for improved stability and features.
- Adjusted ignore patterns in knip.json to include specific component directories.
- Enhanced documentation for the MCP server, clarifying authentication methods and configuration options.
- Made minor adjustments to VSCode settings for better code organization.

* fix(mcp): resolve OAuth client registration and stale token handling

Claude.ai sends token_endpoint_auth_method: "client_secret_post" without
a client_secret during Dynamic Client Registration, causing Better Auth to
reject it as an unauthenticated confidential client. Force to "none" for
unauthenticated registrations.

Also catch JWKS verification errors (e.g. key rotation after redeployment)
so stale Bearer tokens return 401 instead of 200 with an error body,
allowing clients to re-initiate the OAuth flow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* reiterate on tests

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Amruth Pillai <im.amruth@gmail.com>
2026-03-24 11:03:56 +01:00
Amruth Pillai 7da5e2c0c2 update schema.json and openapi/spec.json 2026-03-19 10:07:19 +01:00
Amruth Pillai 177c550a0c fix changelog formatting 2026-03-19 10:03:15 +01:00
Amruth Pillai 882725cabf 📦 v5.0.13 - https://docs.rxresu.me/changelog 2026-03-19 09:57:34 +01:00
Amruth Pillai 192880e416 use vite+ 2026-03-18 22:03:24 +01:00
Amruth Pillai 99c602e3c7 Migrate from Biome to Oxlint/Oxfmt (#2822)
* Migrate from Biome to Oxlint/Oxfmt

* pin version of autofix

* set version of autofix

* pin version of autofix

* [autofix.ci] apply automated fixes

* better comments, test formatter

* [autofix.ci] apply automated fixes

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-03-18 14:59:05 +01:00
Amruth Pillai 7789c39fe3 better changelog 2026-03-17 23:48:14 +01:00
Amruth Pillai bfb2e8bb7e update changelog 2026-03-17 23:45:33 +01:00
Amruth Pillai 5cd16a62d9 v5.0.12 (#2814)
* refactor to @base-ui/react

* fix all

* fixes to accordion

* more updates

* switch to chat/completions api from openai

* update version to v5.0.12
2026-03-17 23:38:06 +01:00
Amruth Pillai b7e4c86f4e Project quality audit (#2758)
* Harden security, health checks, and dependency hygiene

Co-authored-by: Amruth Pillai <im.amruth@gmail.com>

* Finalize health and storage hardening adjustments

Co-authored-by: Amruth Pillai <im.amruth@gmail.com>

* remove use of [REDACTED]

* update dependencies

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2026-02-28 01:14:02 +01:00
Amruth Pillai 269dbc600f 📦 v5.0.10 · Changelog: https://docs.rxresu.me/changelog 2026-02-24 10:55:58 +01:00
Amruth Pillai 87e2f2f391 add new feature flag FLAG_DISABLE_IMAGE_PROCESSING 2026-02-10 18:33:07 +01:00
Amruth Pillai f237c42093 replace discord invite link 2026-02-10 03:30:03 +01:00
Amruth Pillai c3c771002f add computer modern fonts to the list of possible typography options 2026-02-10 00:12:04 +01:00
Amruth Pillai 554903b818 update spec.json 2026-02-09 23:20:27 +01:00
Amruth Pillai 833b8343ac building a better mcp server 2026-02-09 23:09:14 +01:00
Amruth Pillai 6242c8c182 fix: temporarily disable passkeys functionality due to upstream issues (#2700)
* fix: temporarily disable passkeys functionality due to upstream issues

* remove sourcemaps from git
2026-02-09 14:52:39 +01:00
Amruth Pillai 90c34ca572 📦 v5.0.7 - Changelog: https://docs.rxresu.me/changelog (#2696) 2026-02-09 01:50:31 +01:00
Amruth Pillai 01c75bd796 📦 v5.0.6 · Changelog: https://docs.rxresu.me/changelog 2026-02-08 01:18:41 +01:00
Amruth Pillai cc01fb9418 Feature: Implement Atomic Resume Patching API (#2692) 2026-02-08 00:16:11 +01:00
Amruth Pillai 66d09820c3 rename service from "app" to "reactive_resume" 2026-02-02 13:27:14 +01:00
Amruth Pillai 14ea464c0a add changelog, update README.md 2026-02-02 01:01:02 +01:00
Amruth Pillai 71dac2021d Feature: Implement Cover Letters as a custom section type (#2659) 2026-01-31 03:17:20 +01:00
Amruth Pillai 3d1c2d1fb6 Feature: Create a new useFormBlocker hook to block the user from closing a dialog or navigating away from a page if the form is dirty (#2654)
* feat: add useFormBlocker hook for dialog dirty state protection

* feat: add useFormBlocker hook for dialog dirty state protection

- Create useFormBlocker hook that blocks dialog closing when forms have unsaved changes
- Use onPointerDownOutside and onEscapeKeyDown to intercept close attempts
- Show confirmation dialog with Leave/Stay options using useConfirm
- Integrate with CreateResumeDialog, UpdateResumeDialog, and DuplicateResumeDialog
- All strings are translatable via Lingui

* Feature: Create a new `useFormBlocker` hook to block the user from closing a dialog or navigating away from a page if the form is dirty.
2026-01-31 01:13:38 +01:00
Amruth Pillai 19ae21e797 📦 v5.0.4 - Changelog: https://docs.rxresu.me/changelog 2026-01-28 11:45:58 +01:00
Amruth Pillai 4e4d3670a2 desperate attempts to reduce chrome usage 2026-01-26 19:36:50 +01:00
Amruth Pillai 9257d62216 update links to pdf examples 2026-01-25 23:44:45 +01:00
Amruth Pillai 3a9d2e7652 New Feature: Free-Form Page Formats for PDFs (#2595) 2026-01-25 23:39:16 +01:00
Amruth Pillai de89ab957b 📦 v5.0.3 - Changelog: https://docs.rxresu.me/changelog 2026-01-25 19:41:32 +01:00
Amruth Pillai 0c65612368 - an assortment of bugfixes and improvements
- remove line numbers from generated locale files
- add .gitattributes to not display diffs of .po files
2026-01-25 17:49:23 +01:00
Amruth Pillai be84f0cca6 📦 v5.0.2 · Changelog: https://docs.rxresu.me/changelog 2026-01-24 23:00:54 +01:00
Amruth Pillai 21aec46763 updates to printer, added changelog entry, restored deploy script in CI 2026-01-24 16:58:14 +01:00
Amruth Pillai 4e73a81d4b - fixes #2562, add better error messages for duplicate resume slugs
- improvements made to ditgar template
- general improvements to all templates with backgrounds
- update dependencies and translations
- improved print function that handles single page and multi page resumes
2026-01-23 23:31:24 +01:00
Amruth Pillai ed74fb67f2 - fixes #2565
- adds pages for a variety of guides
- add images to the many of the guides and docs pages
2026-01-23 14:18:48 +01:00
Amruth Pillai a32450ab22 add community spotlight page to the docs 2026-01-23 10:18:04 +01:00
Amruth Pillai 11cbeb27f8 fixes #2552, implement FLAG_DISABLE_SIGNUPS and FLAG_DISABLE_EMAIL_AUTH 2026-01-23 01:45:42 +01:00
Amruth Pillai 0bc53b9c2a - simplify imports
- update translations
- convert image to base64 before sending to printer
- update development docs
2026-01-22 15:46:09 +01:00
Amruth Pillai 5d73998f82 add an alternative to browserless, for lightweight servers 2026-01-21 23:24:37 +01:00
Amruth Pillai 70064be7de - Use browserless over gotenberg
- Implement functionality to move items between sections or pages
- Enhance custom sections to have a `type` property
- Update the v4 importer to account for custom sections
- Update healthcheck to be a simple curl command
- Update dependencies to latest
and a lot more changes
2026-01-21 18:49:54 +01:00
Amruth Pillai 9dd0611ccc add sso documentation, fixes #2518 2026-01-20 14:20:13 +01:00
Amruth Pillai b87e5dd023 add more guides on migration and self-hosting docker compose examples, change launch date for banner, update dependencies 2026-01-20 10:35:37 +01:00
Amruth Pillai 7e5597271b update naming convention of repository 2026-01-20 01:22:00 +01:00