Lucas Smith
d5ce222482
feat: add CSC AES/QES signing (v1 instance-wide config) ( #2874 )
...
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing
against a configured TSP. v1 ships as instance-wide configuration via
environment variables, with per-envelope signature level selection,
license gating, and an OAuth-driven signing flow (capture + FIFO
signers, SAD session, blocking/in-progress recipient pages).
Includes signature level compatibility checks (role, signing order,
dictate next signer), envelope mutability assertions, Prisma migration
for signature level and CSC tables, and docs for the new signing
certificate options.
2026-06-16 23:37:34 +10:00
David Nguyen
8671f269e8
fix: lint project ( #2693 )
2026-05-08 16:04:22 +10:00
Catalin Pit
ae497092d7
fix: security improvements ( #2593 )
2026-04-30 14:43:20 +10:00
Lucas Smith
ad559f72dd
feat: add BullMQ background job provider with Bull Board dashboard ( #2657 )
...
Add a new BullMQ/Redis-backed job provider as an alternative to the
existing Inngest and Local providers. Includes Bull Board UI for job
monitoring at /api/jobs/board (admin-only in production, open in dev).
2026-04-01 13:07:47 +11:00
Lucas Smith
653ab3678a
feat: better ratelimiting ( #2520 )
...
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.
- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
(2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
2026-02-20 12:23:02 +11:00
Lucas Smith
006b1d0a57
feat: per-recipient envelope expiration ( #2519 )
2026-02-20 11:36:20 +11:00
Lucas Smith
2e3d22c856
fix: use instance-specific emails for service accounts ( #2502 )
2026-02-16 11:52:19 +11:00
David Nguyen
1b0df2d082
feat: add license integration ( #2346 )
...
Changes:
- Adds integration for the license server.
- Prevent adding flags that the instance is not allowed to add
2026-01-29 13:30:48 +11:00
Lucas Smith
7a94ee3b83
feat: add ai detection for recipients and fields ( #2271 )
...
Use Gemini to handle detection of recipients and fields within
documents.
Opt in using organisation or team settings.
Replaces #2128 since the branch was cursed and would include
dependencies that weren't even in the lock file.
https://github.com/user-attachments/assets/e6cbb58f-62b9-4079-a9ae-7af5c4f2e4ec
2025-12-03 23:39:41 +11:00
Lucas Smith
11a56f3228
chore: telemetry ( #2240 )
2025-11-25 16:01:31 +11:00
David Nguyen
d05bfa9fed
feat: add envelopes api ( #2105 )
2025-11-07 14:17:52 +11:00
Lucas Smith
f15c0778b5
fix: authoring token arg and null email settings
2025-10-21 10:42:44 +11:00
Lucas Smith
20c8969272
fix: get real ip for rate limit key
2025-06-27 22:17:02 +10:00
David Nguyen
e07a497b69
feat: api logging by pino ( #1865 )
...
experiemental
2025-06-27 21:44:51 +10:00
David Nguyen
dc2042a1ee
fix: rate limit api endpoints ( #1863 )
...
Rate limit API endpoint
2025-06-27 18:50:22 +10:00
David Nguyen
6474b4a524
fix: add preferred team middleware
2025-02-26 19:42:42 +11:00
David Nguyen
250381fec8
fix: billing
2025-02-20 12:17:55 +11:00
David Nguyen
ac30654913
fix: add auth session lifetime
2025-02-19 18:04:36 +11:00
David Nguyen
a319ea0f5e
fix: add public profiles tests
2025-02-19 16:07:04 +11:00
David Nguyen
383b5f78f0
feat: migrate nextjs to rr7
2025-02-13 14:10:38 +11:00