thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions
6137 commits 1 branch 0 tags 94 MiB
Commit graph

506 commits

Author SHA1 Message Date
thibaud-leclere
860000d0b3 fix: expose coolify production envs 2026-05-06 16:30:10 +02:00
thibaud-leclere
4c30592ae4 feat: add local auth onboarding 2026-05-06 08:41:02 +02:00
thibaud-leclere
60cf156230 feat: expose local auth endpoints 2026-05-06 08:31:39 +02:00
thibaud-leclere
0ec0ae442a feat: add local auth service 2026-05-06 08:27:26 +02:00
thibaud-leclere
c8b7a172a4 feat: allow local auth provider 2026-05-06 08:21:24 +02:00
thibaud-leclere
7b4cfb4103 feat: add local auth data model 2026-05-06 08:17:05 +02:00
Mir Arif Hasan
c4e1f02abf
fix(backend): harden onboarding config endpoint (#6240) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-29 00:10:03 +05:30
Mir Arif Hasan
078d71036b
chore: security patch for the dependency chain v2026.4.0 (#6191) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-28 17:51:43 +05:30
James George
67782b2b30 chore: bump version to 2026.4.0 2026-04-28 00:48:24 +05:30
John An
696ddc336c
feat: add collection-level pre-request and test scripts (#5745) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: “mirarifhasan” <arif.ishan05@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-27 23:48:52 +05:30
sahilkhan09k
bc3dbdea42
fix: improve environment validation in published docs (#5962) 2026-04-22 21:55:10 +06:00
Mir Arif Hasan
eb801889ba
feat: add SMTP OAuth2 authentication support (#6141) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-22 17:11:03 +05:30
Mir Arif Hasan
76329eaf31
feat(backend): use stateless OAuth2 state store (#6098) 2026-04-15 19:02:43 +06:00
dependabot[bot]
3e63bdab02 chore: patch axios CVEs and bump related dependencies (#6131) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-14 12:57:58 +05:30
James George
2837ef789a chore: bump version to 2026.3.1 2026-04-10 13:52:32 +05:30
James George
ad4041e51a chore: address remaining production audit findings 
Bump handlebars to 4.7.9, @apollo/server to 5.5.0, and
nodemailer to 8.0.4 in the backend. Add narrow pnpm
overrides for path-to-regexp (8.4.0) and dompurify (3.3.3).
Move unplugin-icons to devDependencies in sh-admin to keep
dev-only transitive packages out of the production audit.
 2026-03-30 12:50:14 +05:30
Mir Arif Hasan
8ac1b29b88
fix: use team.findMany for fetching user teams (#6057) 2026-03-28 08:37:10 +06:00
James George
d5a19320b8 chore: bump version to 2026.3.0 2026-03-27 19:52:07 +05:30
Mir Arif Hasan
e4eee306a7
chore: patch dependency vulnerabilities and harden production image (#6055) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-27 19:26:26 +05:30
Nahid Hasan
60c607c185
fix: validate device-login redirect_uri to prevent token theft via DNS wildcard bypass (#6012) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-27 14:45:46 +05:30
Mir Arif Hasan
59c1b595a6
feat: show user workspace memberships in admin dashboard (#5968) 
Co-authored-by: Anwarul Islam <anwaarulislaam@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-26 00:28:36 +05:30
Mir Arif Hasan
06bdd7ca6a
feat: add MAILER_SMTP_IGNORE_TLS and optional SMTP auth (#5972) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-25 23:30:46 +05:30
Mir Arif Hasan
da3b8c5d37
fix(backend): prevent stored XSS via mock server responses and cross-team request moves (#6006) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-25 16:16:38 +05:30
Mir Arif Hasan
2fcf5b7a5f
chore: security patch for the dependency chain v2026.3.0 (#6013) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-24 16:34:36 +05:30
James George
4cbe23cf00 chore: bump version to 2026.2.1 2026-03-04 19:09:52 +05:30
Mir Arif Hasan
a91acdd6bf
fix(backend): bump Prisma packages to 7.4.2 (#5932) 2026-03-04 11:42:59 +05:30
Mir Arif Hasan
1f4ae3dd88
fix(backend): enforce user ownership when deleting PAT (#5916) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-02 23:35:19 +05:30
Mir Arif Hasan
d6ea86dcca
fix(backend): prevent request payload from overriding id and name (#5913) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-02 21:50:43 +05:30
Mir Arif Hasan
57be05cdcb
fix(backend): prevent IDOR in user collection and request endpoints (#5902) 2026-02-24 23:32:43 +05:30
Mir Arif Hasan
803e4633a2
feat: api documentation versioning (#5676) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-23 20:11:55 +05:30
Mir Arif Hasan
a1be60da64
fix(backend): resolve security advisories for IDOR and onboarding bypass (#5897) 
Improve error handling in the onboarding status check

---

Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-23 18:11:45 +05:30
James George
a40c491f7a chore: bump version to 2026.2.0 2026-02-23 17:46:08 +05:30
Leonic
1de672b8bd
feat(sh-admin): add search and pagination to teams list (#5803) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-20 14:13:14 +05:30
Mir Arif Hasan
4fe0e376bb
chore: security patch for the dependency chain v2026.2.0 (#5887) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-19 12:48:50 +05:30
James George
32114fc8ef chore: bump version to 2026.1.1 2026-02-04 22:54:23 +05:30
Mir Arif Hasan
bf11e7ee22
chore(backend): upgrade nodemailer dependency to v8 (#5833) 2026-02-04 18:40:13 +05:30
Mir Arif Hasan
37e9207b43
fix(backend): resolve database connection leak in infra-config operations (#5825) 2026-02-04 17:25:00 +05:30
No jae gun
2dc3463b69
fix(backend): use duration instead of timestamp for auth cookie maxAge (#5821) 
The maxAge option in Express's res.cookie() expects a duration in milliseconds, not an absolute timestamp. The previous code was adding `Date.now()` to the validity period, causing cookies to expire decades in the future instead of the intended 1 day / 7 days.

This was particularly problematic on macOS due to stricter cookie handling by Safari/WebKit.

Addresses #5818

Co-authored-by: njg7194 <njg7194@users.noreply.github.com>
 2026-02-04 11:08:07 +05:30
James George
8991f2a490 chore: bump version to 2026.1.0 2026-01-23 21:18:39 +05:30
shaezard
1824990980
fix: add teamID/userUid filter to updateMany queries, Fixed Row level locking to prevent deadlocks and achieve ~100x performance improvement (#5647) 
* fix: add teamID/userUid filter to updateMany queries

Prevents cross-user/cross-team orderIndex corruption

* fix: fix orderIndex of existing collections

* feat(backend): add cascade delete for collections

- Add onDelete: Cascade to TeamCollection parent relationship
- Add onDelete: Cascade to UserRequest → UserCollection relationship
- Remove manual recursive deleteCollectionData methods
- Simplify deleteUserCollection and deleteTeamCollection services
- Add Prisma migration for cascade delete foreign keys

Resolves #5654

* refactor(team-collection): remove manual deleteCollectionData method

Resolves #5654

* fix(backend): fixed locking mechanisms for collections and requests

- User/Team Collection/Requests

Resolves #5666

---------

Co-authored-by: Abdur Rahman Daanish <abdurrahman_daanish@intuit.com>
 2026-01-23 00:32:48 +06:00
Mir Arif Hasan
4f13549ed2
chore: security patch for the dependency chain v2026.1.0 (#5786) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-01-21 23:25:40 +05:30
Mir Arif Hasan
992579e285
fix: improve endpoint parsing in parseExample method (#5762) 2026-01-20 12:46:13 +06:00
James George
9693a82a87 chore: bump version to 2025.12.1 2026-01-05 16:15:09 +05:30
Mir Arif Hasan
212b15890e
chore: apply ThrottlerBehindProxyGuard across controllers (#5746) 2026-01-05 14:02:56 +06:00
Mir Arif Hasan
442242c8ca
chore: security patch for the quic-go vulnerability (#5710) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
Co-authored-by: Nahid Hasan <52489202+nahidhasan94@users.noreply.github.com>
 2025-12-19 21:00:22 +05:30
James George
440868d635 chore: bump version to 2025.12.0 2025-12-19 17:19:24 +05:30
Mir Arif Hasan
05927f3d4d
chore: security patch for the dependency chain v2025.12.0 (#5678) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-12-12 16:58:35 +05:30
James George
3527f217c9 chore: bump version to 2025.11.2 2025-12-10 18:58:30 +05:30
Mir Arif Hasan
92e3f52b47
chore: add sslmode support to PrismaService database URL parser (#5671) 2025-12-10 12:19:17 +06:00
Mir Arif Hasan
52735a166d
fix: add database URL parsing to PrismaService (#5656) 
* fix: add database URL parsing to PrismaService

* fix: feedback

* chore: add pool connectivity check to PrismaService
 2025-12-04 11:55:22 +06:00