David Nguyen
15549a6758
fix: add early quota warning ( #2986 )
...
## Description
- Add banners when plans near fair use limits
- Automated email alerts to our support when nearing fair use limits
2026-06-15 16:02:18 +10:00
Lucas Smith
3887aa67c8
fix: rework stripe webhooks into idempotent subscription sync ( #2977 )
...
Replace per-event webhook handlers with a single sync function that
fetches the current state from Stripe and converges the local
subscription, claim, and organisation type.
- Create organisations upfront before checkout, restricted as
"pending payment" until the first payment syncs
- Add rate-limited subscription sync route, triggered on checkout
success so the UI doesn't wait on webhooks
- Surface pending payment state in banner, billing table, and limits
2026-06-12 16:01:03 +10:00
David Nguyen
8448e333cf
fix: update new quota and rates UX ( #2954 )
2026-06-08 14:14:22 +10:00
David Nguyen
993a494784
fix: add email reporting ( #2918 )
2026-06-03 16:05:39 +10:00
David Nguyen
536142be03
feat: add admin org stats ( #2904 )
2026-06-01 17:26:51 +10:00
David Nguyen
44c4826e92
fix: track monthly usage for unlimited quotas ( #2894 )
2026-05-31 13:34:10 +10:00
David Nguyen
61138cdd81
fix: add dynamic rate limits ( #2892 )
2026-05-31 00:34:28 +10:00
David Nguyen
d304d8720c
fix: add temp email rate limit ( #2879 )
2026-05-28 17:09:09 +10:00
David Nguyen
8671f269e8
fix: lint project ( #2693 )
2026-05-08 16:04:22 +10:00
Lucas Smith
f54a8ed72f
feat: add turnstile captcha to auth flow ( #2703 )
2026-04-16 14:29:07 +10:00
Lucas Smith
653ab3678a
feat: better ratelimiting ( #2520 )
...
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.
- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
(2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
2026-02-20 12:23:02 +11:00