a197bf113f
feat: add granular signup disable flags ( #2765 )
2026-05-09 01:16:13 +00:00
8671f269e8
fix: lint project ( #2693 )
2026-05-08 16:04:22 +10:00
edbf65969b
fix: replace linter with biome ( #2645 )
2026-05-08 15:40:31 +10:00
f10d3284ba
feat: remove default personal orgs from custom sso ( #2741 )
2026-05-05 14:50:07 +10:00
ae497092d7
fix: security improvements ( #2593 )
2026-04-30 14:43:20 +10:00
34b31c0d80
chore: deps upgrades ( #2712 )
2026-04-21 14:43:49 +10:00
f54a8ed72f
feat: add turnstile captcha to auth flow ( #2703 )
2026-04-16 14:29:07 +10:00
2346de83a6
fix: replace z.string().email() with RFC 5322 compliant zEmail() ( #2656 )
2026-03-26 16:31:21 +11:00
814f6e62de
fix: replace z.string().email() with RFC 5322 compliant ZEmail/zEmail ( #2655 )
2026-03-26 13:31:26 +11:00
455fef70bd
fix: folder view all page nested navigation and search filtering ( #2450 )
...
Add parentId query param support to documents/templates folder index
pages so View All correctly shows subfolders. Fix search not filtering
unpinned folders on documents page and broken mt- Tailwind class on
templates page.
2026-03-17 12:02:32 +02:00
66e357c9b3
feat: add email domain restriction for signups ( #2266 )
...
Co-authored-by: Lucas Smith <me@lucasjamessmith.me >
2026-03-14 16:32:34 +11:00
11eb4dd2cd
fix: security CVE-2026-29045 ( #2589 )
2026-03-09 16:46:11 +11:00
f8ac782f2e
deps: 2026-02-26 upgrades ( #2545 )
2026-02-26 14:17:08 +11:00
653ab3678a
feat: better ratelimiting ( #2520 )
...
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.
- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
(2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
2026-02-20 12:23:02 +11:00
2e3d22c856
fix: use instance-specific emails for service accounts ( #2502 )
2026-02-16 11:52:19 +11:00
7a583aa7af
fix: preserve prompt parameter in OAuth authorize URL builder ( #2421 )
...
The prompt option was being discarded for OAuth authorize URLs after
adding support for the NEXT_PRIVATE_OIDC_PROMPT env var. This meant
select_account (used elsewhere) was not being passed through.
Now defaults prompt to the provided option (or 'login'), and only
overwrites it when a valid OIDC prompt env var is set. Also adds a
type guard to validate the env var value.
2026-01-27 20:25:16 +11:00
158b36a9b7
fix: security CVE-2026-22817 CVE-2026-22818 ( #2390 )
2026-01-15 18:27:04 +11:00
fabd69bd62
build: upgrade simplewebauthn packages from v9 to v13 ( #2389 )
...
The v9 packages are deprecated. This updates to v13 which includes
breaking API changes: optionsJSON wrapper for auth functions,
renamed properties (authenticator→credential), and base64 encoding
for credential IDs via isoBase64URL helper.
2026-01-15 14:22:37 +11:00
df4316ac5c
fix: log unknown errors in the auth error handler ( #2014 )
2025-12-15 12:44:03 +11:00
8fca029d96
fix: invalidate sessions on password reset and update ( #2076 )
2025-12-08 19:17:23 +11:00
d2176627ca
chore: dependency updates ( #2229 )
2025-11-22 20:28:20 +11:00
f5d63fb76c
feat: add option to change or disable OIDC login prompt parameter ( #2037 )
2025-11-20 13:08:36 +11:00
7f19ec1265
fix: embedded direct template recipient auth
2025-11-07 14:23:46 +11:00
d05bfa9fed
feat: add envelopes api ( #2105 )
2025-11-07 14:17:52 +11:00
4a3859ec60
feat: signin with microsoft ( #1998 )
2025-10-22 12:05:11 +11:00
a902bec96d
fix: use select account prompt for sso oidc ( #2065 )
...
Use the `select_account` prompt for SSO OIDC to avoid constantly asking
for credentials to be entered with a client has an existing session with
the SSO provider.
2025-10-07 17:06:28 +11:00
9ac7b94d9a
feat: add organisation sso portal ( #1946 )
...
Allow organisations to manage an SSO OIDC compliant portal. This method
is intended to streamline the onboarding process and paves the way to
allow organisations to manage their members in a more strict way.
2025-09-09 17:14:07 +10:00
44f5da95b3
chore: refactor routes ( #1992 )
2025-08-25 21:00:35 +10:00
d7e5a9eec7
fix: refactor document router ( #1990 )
2025-08-25 08:23:12 +10:00
400d2a2b1a
feat: sign out of all sessions ( #1797 )
2025-06-11 17:57:38 +10:00
e6dc237ad2
feat: add organisations ( #1820 )
2025-06-10 11:49:52 +10:00
93aece9644
chore: dependency updates ( #1808 )
2025-05-22 14:30:22 +10:00
25bb6ffe77
fix: imports
2025-03-03 14:49:28 +11:00
6474b4a524
fix: add preferred team middleware
2025-02-26 19:42:42 +11:00
c1c7cfaf8b
chore: cleanup
2025-02-25 16:37:36 +11:00
d4c1bad407
fix: add default oauth user url
2025-02-23 18:49:22 +11:00
139bc265c7
fix: migrate billing to RR7
2025-02-21 01:16:23 +11:00
50a41d0799
fix: pdf viewer and embeds
2025-02-20 15:06:36 +11:00
ac30654913
fix: add auth session lifetime
2025-02-19 18:04:36 +11:00
a319ea0f5e
fix: add public profiles tests
2025-02-19 16:07:04 +11:00
5fc724b247
fix: rework sessions
2025-02-17 22:46:36 +11:00
1ed1cb0773
chore: refactor sessions
2025-02-16 00:44:01 +11:00
e518985833
fix: migrate 2fa to custom auth
2025-02-14 22:00:55 +11:00
df8ea09021
fix: add oidc env variables
2025-02-14 18:11:54 +11:00
180656978b
feat: add themes
2025-02-14 17:50:23 +11:00
31de86e425
feat: add oidc
2025-02-14 16:01:16 +11:00
ebc2b00067
fix: add sign up hook
2025-02-13 20:21:23 +11:00
383b5f78f0
feat: migrate nextjs to rr7
2025-02-13 14:10:38 +11:00
Ephraim Duncan
David Nguyen
Catalin Pit
Lucas Smith
Ted Liang
Valentin Cocaud
Karlo