Lucas Smith
653ab3678a
feat: better ratelimiting ( #2520 )
...
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.
- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
(2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
2026-02-20 12:23:02 +11:00
Lucas Smith
2e3d22c856
fix: use instance-specific emails for service accounts ( #2502 )
2026-02-16 11:52:19 +11:00
Lucas Smith
fabd69bd62
build: upgrade simplewebauthn packages from v9 to v13 ( #2389 )
...
The v9 packages are deprecated. This updates to v13 which includes
breaking API changes: optionsJSON wrapper for auth functions,
renamed properties (authenticator→credential), and base64 encoding
for credential IDs via isoBase64URL helper.
2026-01-15 14:22:37 +11:00
Ephraim Duncan
8fca029d96
fix: invalidate sessions on password reset and update ( #2076 )
2025-12-08 19:17:23 +11:00
Ephraim Duncan
4a3859ec60
feat: signin with microsoft ( #1998 )
2025-10-22 12:05:11 +11:00
Lucas Smith
a902bec96d
fix: use select account prompt for sso oidc ( #2065 )
...
Use the `select_account` prompt for SSO OIDC to avoid constantly asking
for credentials to be entered with a client has an existing session with
the SSO provider.
2025-10-07 17:06:28 +11:00
David Nguyen
9ac7b94d9a
feat: add organisation sso portal ( #1946 )
...
Allow organisations to manage an SSO OIDC compliant portal. This method
is intended to streamline the onboarding process and paves the way to
allow organisations to manage their members in a more strict way.
2025-09-09 17:14:07 +10:00
Ephraim Duncan
400d2a2b1a
feat: sign out of all sessions ( #1797 )
2025-06-11 17:57:38 +10:00
David Nguyen
e6dc237ad2
feat: add organisations ( #1820 )
2025-06-10 11:49:52 +10:00
David Nguyen
25bb6ffe77
fix: imports
2025-03-03 14:49:28 +11:00
David Nguyen
a319ea0f5e
fix: add public profiles tests
2025-02-19 16:07:04 +11:00
David Nguyen
5fc724b247
fix: rework sessions
2025-02-17 22:46:36 +11:00
David Nguyen
1ed1cb0773
chore: refactor sessions
2025-02-16 00:44:01 +11:00
David Nguyen
e518985833
fix: migrate 2fa to custom auth
2025-02-14 22:00:55 +11:00
David Nguyen
31de86e425
feat: add oidc
2025-02-14 16:01:16 +11:00
David Nguyen
ebc2b00067
fix: add sign up hook
2025-02-13 20:21:23 +11:00
David Nguyen
383b5f78f0
feat: migrate nextjs to rr7
2025-02-13 14:10:38 +11:00