43 commits

Author	SHA1	Message	Date
Lucas Smith	34b31c0d80	chore: deps upgrades (#2712)	2026-04-21 14:43:49 +10:00
Lucas Smith	f54a8ed72f	feat: add turnstile captcha to auth flow (#2703)	2026-04-16 14:29:07 +10:00
Lucas Smith	2346de83a6	fix: replace z.string().email() with RFC 5322 compliant zEmail() (#2656)	2026-03-26 16:31:21 +11:00
Lucas Smith	814f6e62de	fix: replace z.string().email() with RFC 5322 compliant ZEmail/zEmail (#2655)	2026-03-26 13:31:26 +11:00
Catalin Pit	455fef70bd	fix: folder view all page nested navigation and search filtering (#2450) ... Add parentId query param support to documents/templates folder index pages so View All correctly shows subfolders. Fix search not filtering unpinned folders on documents page and broken mt- Tailwind class on templates page.	2026-03-17 12:02:32 +02:00
Ephraim Duncan	66e357c9b3	feat: add email domain restriction for signups (#2266) ... Co-authored-by: Lucas Smith <me@lucasjamessmith.me>	2026-03-14 16:32:34 +11:00
Ted Liang	11eb4dd2cd	fix: security CVE-2026-29045 (#2589)	2026-03-09 16:46:11 +11:00
Lucas Smith	f8ac782f2e	deps: 2026-02-26 upgrades (#2545)	2026-02-26 14:17:08 +11:00
Lucas Smith	653ab3678a	feat: better ratelimiting (#2520) ... Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter approach that works correctly across multiple instances without sticky sessions. - Add RateLimit model with composite PK (key, action, bucket) and atomic upsert - Create rate limit factory with window parsing, bucket computation, and fail-open - Define auth-tier and API-tier rate limit instances - Add Hono middleware, rateLimitResponse helper, and tRPC assertRateLimit helper - Wire rate limit headers through AppError constructor (was declared but never assigned) - Apply rate limits to auth routes (email-password, passkey), tRPC routes (2FA email, link org account), API routes, and file upload endpoints - Add cleanup cron job for expired rate limit rows (batched delete every 15 min) - Remove hono-rate-limiter dependency	2026-02-20 12:23:02 +11:00
Lucas Smith	2e3d22c856	fix: use instance-specific emails for service accounts (#2502)	2026-02-16 11:52:19 +11:00
Lucas Smith	7a583aa7af	fix: preserve prompt parameter in OAuth authorize URL builder (#2421) ... The prompt option was being discarded for OAuth authorize URLs after adding support for the NEXT_PRIVATE_OIDC_PROMPT env var. This meant select_account (used elsewhere) was not being passed through. Now defaults prompt to the provided option (or 'login'), and only overwrites it when a valid OIDC prompt env var is set. Also adds a type guard to validate the env var value.	2026-01-27 20:25:16 +11:00
Ted Liang	158b36a9b7	fix: security CVE-2026-22817 CVE-2026-22818 (#2390)	2026-01-15 18:27:04 +11:00
Lucas Smith	fabd69bd62	build: upgrade simplewebauthn packages from v9 to v13 (#2389) ... The v9 packages are deprecated. This updates to v13 which includes breaking API changes: optionsJSON wrapper for auth functions, renamed properties (authenticator→credential), and base64 encoding for credential IDs via isoBase64URL helper.	2026-01-15 14:22:37 +11:00
Valentin Cocaud	df4316ac5c	fix: log unknown errors in the auth error handler (#2014)	2025-12-15 12:44:03 +11:00
Ephraim Duncan	8fca029d96	fix: invalidate sessions on password reset and update (#2076)	2025-12-08 19:17:23 +11:00
Lucas Smith	d2176627ca	chore: dependency updates (#2229)	2025-11-22 20:28:20 +11:00
Karlo	f5d63fb76c	feat: add option to change or disable OIDC login prompt parameter (#2037)	2025-11-20 13:08:36 +11:00
Lucas Smith	7f19ec1265	fix: embedded direct template recipient auth	2025-11-07 14:23:46 +11:00
David Nguyen	d05bfa9fed	feat: add envelopes api (#2105)	2025-11-07 14:17:52 +11:00
Ephraim Duncan	4a3859ec60	feat: signin with microsoft (#1998)	2025-10-22 12:05:11 +11:00
Lucas Smith	a902bec96d	fix: use select account prompt for sso oidc (#2065) ... Use the `select_account` prompt for SSO OIDC to avoid constantly asking for credentials to be entered with a client has an existing session with the SSO provider.	2025-10-07 17:06:28 +11:00
David Nguyen	9ac7b94d9a	feat: add organisation sso portal (#1946) ... Allow organisations to manage an SSO OIDC compliant portal. This method is intended to streamline the onboarding process and paves the way to allow organisations to manage their members in a more strict way.	2025-09-09 17:14:07 +10:00
David Nguyen	44f5da95b3	chore: refactor routes (#1992)	2025-08-25 21:00:35 +10:00
David Nguyen	d7e5a9eec7	fix: refactor document router (#1990)	2025-08-25 08:23:12 +10:00
Ephraim Duncan	400d2a2b1a	feat: sign out of all sessions (#1797)	2025-06-11 17:57:38 +10:00
David Nguyen	e6dc237ad2	feat: add organisations (#1820)	2025-06-10 11:49:52 +10:00
Lucas Smith	93aece9644	chore: dependency updates (#1808)	2025-05-22 14:30:22 +10:00
David Nguyen	25bb6ffe77	fix: imports	2025-03-03 14:49:28 +11:00
David Nguyen	6474b4a524	fix: add preferred team middleware	2025-02-26 19:42:42 +11:00
David Nguyen	c1c7cfaf8b	chore: cleanup	2025-02-25 16:37:36 +11:00
David Nguyen	d4c1bad407	fix: add default oauth user url	2025-02-23 18:49:22 +11:00
David Nguyen	139bc265c7	fix: migrate billing to RR7	2025-02-21 01:16:23 +11:00
David Nguyen	50a41d0799	fix: pdf viewer and embeds	2025-02-20 15:06:36 +11:00
David Nguyen	ac30654913	fix: add auth session lifetime	2025-02-19 18:04:36 +11:00
David Nguyen	a319ea0f5e	fix: add public profiles tests	2025-02-19 16:07:04 +11:00
David Nguyen	5fc724b247	fix: rework sessions	2025-02-17 22:46:36 +11:00
David Nguyen	1ed1cb0773	chore: refactor sessions	2025-02-16 00:44:01 +11:00
David Nguyen	e518985833	fix: migrate 2fa to custom auth	2025-02-14 22:00:55 +11:00
David Nguyen	df8ea09021	fix: add oidc env variables	2025-02-14 18:11:54 +11:00
David Nguyen	180656978b	feat: add themes	2025-02-14 17:50:23 +11:00
David Nguyen	31de86e425	feat: add oidc	2025-02-14 16:01:16 +11:00
David Nguyen	ebc2b00067	fix: add sign up hook	2025-02-13 20:21:23 +11:00
David Nguyen	383b5f78f0	feat: migrate nextjs to rr7	2025-02-13 14:10:38 +11:00