thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions
6129 commits 1 branch 0 tags 94 MiB
Commit graph

308 commits

Author SHA1 Message Date
thibaud-leclere
4c30592ae4 feat: add local auth onboarding 2026-05-06 08:41:02 +02:00
thibaud-leclere
60cf156230 feat: expose local auth endpoints 2026-05-06 08:31:39 +02:00
thibaud-leclere
0ec0ae442a feat: add local auth service 2026-05-06 08:27:26 +02:00
thibaud-leclere
c8b7a172a4 feat: allow local auth provider 2026-05-06 08:21:24 +02:00
thibaud-leclere
7b4cfb4103 feat: add local auth data model 2026-05-06 08:17:05 +02:00
Mir Arif Hasan
c4e1f02abf
fix(backend): harden onboarding config endpoint (#6240) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-29 00:10:03 +05:30
Mir Arif Hasan
078d71036b
chore: security patch for the dependency chain v2026.4.0 (#6191) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-28 17:51:43 +05:30
John An
696ddc336c
feat: add collection-level pre-request and test scripts (#5745) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: “mirarifhasan” <arif.ishan05@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-27 23:48:52 +05:30
sahilkhan09k
bc3dbdea42
fix: improve environment validation in published docs (#5962) 2026-04-22 21:55:10 +06:00
Mir Arif Hasan
eb801889ba
feat: add SMTP OAuth2 authentication support (#6141) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-04-22 17:11:03 +05:30
Mir Arif Hasan
76329eaf31
feat(backend): use stateless OAuth2 state store (#6098) 2026-04-15 19:02:43 +06:00
Mir Arif Hasan
8ac1b29b88
fix: use team.findMany for fetching user teams (#6057) 2026-03-28 08:37:10 +06:00
Nahid Hasan
60c607c185
fix: validate device-login redirect_uri to prevent token theft via DNS wildcard bypass (#6012) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-27 14:45:46 +05:30
Mir Arif Hasan
59c1b595a6
feat: show user workspace memberships in admin dashboard (#5968) 
Co-authored-by: Anwarul Islam <anwaarulislaam@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-26 00:28:36 +05:30
Mir Arif Hasan
06bdd7ca6a
feat: add MAILER_SMTP_IGNORE_TLS and optional SMTP auth (#5972) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-25 23:30:46 +05:30
Mir Arif Hasan
da3b8c5d37
fix(backend): prevent stored XSS via mock server responses and cross-team request moves (#6006) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-25 16:16:38 +05:30
Mir Arif Hasan
1f4ae3dd88
fix(backend): enforce user ownership when deleting PAT (#5916) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-02 23:35:19 +05:30
Mir Arif Hasan
d6ea86dcca
fix(backend): prevent request payload from overriding id and name (#5913) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-02 21:50:43 +05:30
Mir Arif Hasan
57be05cdcb
fix(backend): prevent IDOR in user collection and request endpoints (#5902) 2026-02-24 23:32:43 +05:30
Mir Arif Hasan
803e4633a2
feat: api documentation versioning (#5676) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-23 20:11:55 +05:30
Mir Arif Hasan
a1be60da64
fix(backend): resolve security advisories for IDOR and onboarding bypass (#5897) 
Improve error handling in the onboarding status check

---

Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-23 18:11:45 +05:30
Leonic
1de672b8bd
feat(sh-admin): add search and pagination to teams list (#5803) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-20 14:13:14 +05:30
Mir Arif Hasan
37e9207b43
fix(backend): resolve database connection leak in infra-config operations (#5825) 2026-02-04 17:25:00 +05:30
No jae gun
2dc3463b69
fix(backend): use duration instead of timestamp for auth cookie maxAge (#5821) 
The maxAge option in Express's res.cookie() expects a duration in milliseconds, not an absolute timestamp. The previous code was adding `Date.now()` to the validity period, causing cookies to expire decades in the future instead of the intended 1 day / 7 days.

This was particularly problematic on macOS due to stricter cookie handling by Safari/WebKit.

Addresses #5818

Co-authored-by: njg7194 <njg7194@users.noreply.github.com>
 2026-02-04 11:08:07 +05:30
shaezard
1824990980
fix: add teamID/userUid filter to updateMany queries, Fixed Row level locking to prevent deadlocks and achieve ~100x performance improvement (#5647) 
* fix: add teamID/userUid filter to updateMany queries

Prevents cross-user/cross-team orderIndex corruption

* fix: fix orderIndex of existing collections

* feat(backend): add cascade delete for collections

- Add onDelete: Cascade to TeamCollection parent relationship
- Add onDelete: Cascade to UserRequest → UserCollection relationship
- Remove manual recursive deleteCollectionData methods
- Simplify deleteUserCollection and deleteTeamCollection services
- Add Prisma migration for cascade delete foreign keys

Resolves #5654

* refactor(team-collection): remove manual deleteCollectionData method

Resolves #5654

* fix(backend): fixed locking mechanisms for collections and requests

- User/Team Collection/Requests

Resolves #5666

---------

Co-authored-by: Abdur Rahman Daanish <abdurrahman_daanish@intuit.com>
 2026-01-23 00:32:48 +06:00
Mir Arif Hasan
992579e285
fix: improve endpoint parsing in parseExample method (#5762) 2026-01-20 12:46:13 +06:00
Mir Arif Hasan
212b15890e
chore: apply ThrottlerBehindProxyGuard across controllers (#5746) 2026-01-05 14:02:56 +06:00
Mir Arif Hasan
92e3f52b47
chore: add sslmode support to PrismaService database URL parser (#5671) 2025-12-10 12:19:17 +06:00
Mir Arif Hasan
52735a166d
fix: add database URL parsing to PrismaService (#5656) 
* fix: add database URL parsing to PrismaService

* fix: feedback

* chore: add pool connectivity check to PrismaService
 2025-12-04 11:55:22 +06:00
Mir Arif Hasan
008335c715
feat: add auto-create collection option to mock server creation (#5637) 
Co-authored-by: Anwarul Islam <anwaarulislaam@gmail.com>
 2025-12-03 23:01:06 +05:30
Mir Arif Hasan
88c7e189cf
hotfix: clean up published docs with deleted collections (#5624) 2025-12-02 14:07:08 +06:00
Nivedin
ab52efc075
feat: improve documentation UI and add published docs indicators (#5620) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
 2025-11-27 12:29:29 +05:30
Anwarul Islam
03212386fb
feat: add platform-specific import support for personal collections (#5570) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-11-25 22:03:21 +05:30
Nivedin
e63bfe3723
feat: API Documentation (#5499) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-11-25 11:26:57 +05:30
Mir Arif Hasan
92031c84c1
fix: filter undefined values in config and update build files (#5610) 2025-11-24 19:55:08 +06:00
Mir Arif Hasan
904a1b0405
chore: security patch for the dependency chain v2025.11.0 (#5590) 
Bump dependencies and account for breaking changes.

---------

Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-11-24 14:21:29 +05:30
James George
dae02c839f
fix: prevent log injection 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-10-30 23:06:42 +05:30
Anwarul Islam
e607f9db24
feat(common): mock server ui improvements (#5532) 
- Update active state styles for better visibility in the mock server.
- BE updates catered to improving content type handling in the mock server.
- Introduced a `disableMockServerInPersonalWorkspace` platform-level feature flag.
- Remove inactive keyboard shorthand nudges from the Mock server dashboard context menu.

---

Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-10-30 15:17:16 +05:30
Anwarul Islam
c0e3ff49b3
fix (common): address mock server issues and improve the UI (#5517) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
 2025-10-29 16:25:02 +05:30
Mir Arif Hasan
213c5436bc
chore: mock server name validation and prevent duplicates (#5524) 2025-10-29 14:41:52 +06:00
Harshit Chandra
453b5fc088
feat: add configurable session cookie name (#5425) 
Added support for overriding the default session cookie name using the `INFRA.SESSION_COOKIE_NAME` config or the `SESSION_COOKIE_NAME` environment variable. This helps compatibility with proxies or load balancers that cannot handle cookie names containing dots.

---

Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-10-28 13:45:08 +05:30
Mir Arif Hasan
3acc0ec9b6
feat: mock server (#5482) 
Co-authored-by: Anwarul Islam <anwaarulislaam@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-10-27 23:03:22 +05:30
Abhishek3880
dd8744f292 chore(backend): cleanup code quality issues (#5466) 
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-10-27 21:13:43 +05:30
Mir Arif Hasan
cd084ebbb3
fix: ensure graceful shutdown and container stop when stopApp is called (#5494) 
* fix: graceful shutdown handling for backend app

* chore: add startup delay to health check script
 2025-10-21 19:39:39 +06:00
Mir Arif Hasan
6064186d30
fix: reset ONBOARDING_COMPLETED to false during infra config reset (#5496) 
fix: reset ONBOARDING_COMPLETED config to false on reset
 2025-10-20 19:57:59 +06:00
Prit Rojivadiya
c31f74829d
refactor: cleanup sync logic and imports (#5428) 2025-10-08 13:31:29 +05:30
Nivedin
35e01e1280
chore: accept single character length name and trim white spaces (#5412) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
 2025-09-29 13:25:40 +05:30
Mir Arif Hasan
81fe98f25d
feature: add alphabetical sort for user and team collections (#5383) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: Nivedin <53208152+nivedin@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-09-23 14:46:23 +05:30
Chhavi Goyal
637c380c07
fix: handle actions for logged-in users in case of token expiration (#5249) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: Nivedin <53208152+nivedin@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-09-22 19:06:40 +05:30
Nivedin
5bab04a487
feat: allow non-empty shared workspace names (#5363) 2025-09-02 13:48:28 +05:30