apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-05-01 20:03:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
4873 commits 3 branches 209 tags 385 MiB
Commit graph

20 commits

Author SHA1 Message Date
Vonic
4eb6ed18d6 Epic 5 Complete: Billing, Subscriptions, and Admin Features 
Resolve all 5 deferred items from Epic 5 adversarial code review:
- Migration 124: Add CASCADE to subscriptionstatus enum drop (prevent orphaned references)
- Stripe rate limiting: In-memory per-user limiter (20 calls/60s) on verify-checkout-session
- Subscription request cooldown: 24h cooldown before resubmitting rejected requests
- Token reset date: Initialize on first subscription activation
- Checkout URL validation: Confirmed HTTPS-only (Stripe always returns HTTPS)

Implement Story 5.4 (Usage Tracking & Rate Limit Enforcement):
- Page quota pre-check at HTTP upload layer
- Extend UserRead schema with token quota fields
- Frontend 402 error handling in document upload
- Quota indicator in dashboard sidebar

Story 5.5 (Admin Seed & Approval Flow):
- Seed admin user migration with default credentials warning
- Subscription approval/rejection routes with admin guard
- 24h rejection cooldown enforcement

Story 5.6 (Admin-Only Model Config):
- Global model config visible across all search spaces
- Per-search-space model configs with user access control
- Superuser CRUD for global configs

Additional fixes from code review:
- PageLimitService: PAST_DUE subscriptions enforce free-tier limits
- TokenQuotaService: PAST_DUE subscriptions enforce free-tier limits
- Config routes: Fixed user_id.is_(None) filter on mutation endpoints
- Stripe webhook: Added guard against silent plan downgrade on unrecognized price_id

All changes formatted with Ruff (Python) and Biome (TypeScript).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-15 03:54:45 +07:00
CREDO23
11387268a7 Seed default prompts on registration and for existing users 2026-03-31 18:12:09 +02:00
Anish Sarkar
a11c95e30f feat: add last_login column to user table and update user login tracking 2026-03-08 18:24:29 +05:30
Anish Sarkar
c1016591da refactor: update authentication error handling to prevent user enumeration and improve error messages 2026-02-09 12:57:32 +05:30
Anish Sarkar
bcdfd23ea1 chore: ran linting 2026-02-08 20:42:05 +05:30
Anish Sarkar
79f004bbb1 feat: implement rate limiting for authentication endpoints and enhance error handling for login attempts 2026-02-08 18:08:56 +05:30
Anish Sarkar
54b4501ca6 feat: enhance user authentication by adding specific error handling for non-existent accounts 2026-02-08 17:10:40 +05:30
DESKTOP-RTLN3BA\$punk
f85adefe5e chore: made generate_image more agnostic 2026-02-05 17:18:27 -08:00
CREDO23
287e5afbac Fix JWT audience validation when creating refresh token 2026-02-05 18:11:33 +02:00
CREDO23
233852b681 Switch refresh token storage from cookies to localStorage 2026-02-05 17:55:21 +02:00
CREDO23
f3a9922eb9 Add refresh token auth routes and utilities 2026-02-05 17:29:50 +02:00
CREDO23
9bd7d74755 Add RefreshToken model and multi-session refresh token logic 2026-02-05 16:49:37 +02:00
CREDO23
aeb0deb21e feat: enable public access for podcasts in shared chats 2026-01-26 15:56:49 +02:00
CREDO23
3ad2dbeeaf fix: fetch Google profile with names,photos fields 2026-01-14 15:05:48 +02:00
CREDO23
acb9ba5a88 capture Google profile in oauth_callback 2026-01-14 14:37:42 +02:00
CREDO23
caf8d43afc auto-create default search space on registration 2026-01-07 17:22:38 +02:00
DESKTOP-RTLN3BA\$punk
133e2639ec fix: docker backend entrpoint issues 2025-10-28 23:35:53 -07:00
Utkarsh-Patel-13
d359a59f6d Fixed all ruff lint and formatting errors 2025-07-24 14:43:48 -07:00
DESKTOP-RTLN3BA\$punk
521ee4a1c4 feat: Removed Hard Dependecy on Google Auth 
- Introduced LOCAL auth mode
 2025-05-21 20:56:23 -07:00
DESKTOP-RTLN3BA\$punk
da23012970 feat: SurfSense v0.0.6 init 2025-03-14 18:53:14 -07:00