Commit Graph

20 Commits

Author SHA1 Message Date
Lucas Smith d5ce222482 feat: add CSC AES/QES signing (v1 instance-wide config) (#2874)
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing
against a configured TSP. v1 ships as instance-wide configuration via
environment variables, with per-envelope signature level selection,
license gating, and an OAuth-driven signing flow (capture + FIFO
signers, SAD session, blocking/in-progress recipient pages).

Includes signature level compatibility checks (role, signing order,
dictate next signer), envelope mutability assertions, Prisma migration
for signature level and CSC tables, and docs for the new signing
certificate options.
2026-06-16 23:37:34 +10:00
David Nguyen 8671f269e8 fix: lint project (#2693) 2026-05-08 16:04:22 +10:00
Catalin Pit ae497092d7 fix: security improvements (#2593) 2026-04-30 14:43:20 +10:00
Lucas Smith ad559f72dd feat: add BullMQ background job provider with Bull Board dashboard (#2657)
Add a new BullMQ/Redis-backed job provider as an alternative to the
existing Inngest and Local providers. Includes Bull Board UI for job
monitoring at /api/jobs/board (admin-only in production, open in dev).
2026-04-01 13:07:47 +11:00
Lucas Smith 653ab3678a feat: better ratelimiting (#2520)
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.

- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
  (2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
2026-02-20 12:23:02 +11:00
Lucas Smith 006b1d0a57 feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
Lucas Smith 2e3d22c856 fix: use instance-specific emails for service accounts (#2502) 2026-02-16 11:52:19 +11:00
David Nguyen 1b0df2d082 feat: add license integration (#2346)
Changes:
- Adds integration for the license server.
- Prevent adding flags that the instance is not allowed to add
2026-01-29 13:30:48 +11:00
Lucas Smith 7a94ee3b83 feat: add ai detection for recipients and fields (#2271)
Use Gemini to handle detection of recipients and fields within
documents.

Opt in using organisation or team settings.

Replaces #2128 since the branch was cursed and would include
dependencies that weren't even in the lock file.



https://github.com/user-attachments/assets/e6cbb58f-62b9-4079-a9ae-7af5c4f2e4ec
2025-12-03 23:39:41 +11:00
Lucas Smith 11a56f3228 chore: telemetry (#2240) 2025-11-25 16:01:31 +11:00
David Nguyen d05bfa9fed feat: add envelopes api (#2105) 2025-11-07 14:17:52 +11:00
Lucas Smith f15c0778b5 fix: authoring token arg and null email settings 2025-10-21 10:42:44 +11:00
Lucas Smith 20c8969272 fix: get real ip for rate limit key 2025-06-27 22:17:02 +10:00
David Nguyen e07a497b69 feat: api logging by pino (#1865)
experiemental
2025-06-27 21:44:51 +10:00
David Nguyen dc2042a1ee fix: rate limit api endpoints (#1863)
Rate limit API endpoint
2025-06-27 18:50:22 +10:00
David Nguyen 6474b4a524 fix: add preferred team middleware 2025-02-26 19:42:42 +11:00
David Nguyen 250381fec8 fix: billing 2025-02-20 12:17:55 +11:00
David Nguyen ac30654913 fix: add auth session lifetime 2025-02-19 18:04:36 +11:00
David Nguyen a319ea0f5e fix: add public profiles tests 2025-02-19 16:07:04 +11:00
David Nguyen 383b5f78f0 feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00