mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-04-25 00:36:31 +02:00
4eb6ed18d6
Resolve all 5 deferred items from Epic 5 adversarial code review: - Migration 124: Add CASCADE to subscriptionstatus enum drop (prevent orphaned references) - Stripe rate limiting: In-memory per-user limiter (20 calls/60s) on verify-checkout-session - Subscription request cooldown: 24h cooldown before resubmitting rejected requests - Token reset date: Initialize on first subscription activation - Checkout URL validation: Confirmed HTTPS-only (Stripe always returns HTTPS) Implement Story 5.4 (Usage Tracking & Rate Limit Enforcement): - Page quota pre-check at HTTP upload layer - Extend UserRead schema with token quota fields - Frontend 402 error handling in document upload - Quota indicator in dashboard sidebar Story 5.5 (Admin Seed & Approval Flow): - Seed admin user migration with default credentials warning - Subscription approval/rejection routes with admin guard - 24h rejection cooldown enforcement Story 5.6 (Admin-Only Model Config): - Global model config visible across all search spaces - Per-search-space model configs with user access control - Superuser CRUD for global configs Additional fixes from code review: - PageLimitService: PAST_DUE subscriptions enforce free-tier limits - TokenQuotaService: PAST_DUE subscriptions enforce free-tier limits - Config routes: Fixed user_id.is_(None) filter on mutation endpoints - Stripe webhook: Added guard against silent plan downgrade on unrecognized price_id All changes formatted with Ruff (Python) and Biome (TypeScript). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| 1-0-authentication-system.md | ||
| 1-1-project-infrastructure-database-init.md | ||
| 1-2-backend-auth-api-jwt.md | ||
| 1-3-frontend-auth-ui.md | ||
| 1-6-settings-sync.md | ||
| 2-1-celery-worker-pdf-parser.md | ||
| 2-2-upload-api-rate-limiting.md | ||
| 2-3-knowledge-base-ui-micro-sync-indicators.md | ||
| 2-4-delete-document-flow.md | ||
| 3-1-chat-session-api.md | ||
| 3-2-rag-engine-sse-endpoint.md | ||
| 3-3-chat-ui-sse-client.md | ||
| 3-4-split-pane-layout-interactive-citation.md | ||
| 3-5-model-selection-via-quota.md | ||
| 4-1-chat-history-sync.md | ||
| 4-2-graceful-degradation-offline-ui.md | ||
| 4-3-global-network-sync-indicators.md | ||
| 5-1-pricing-plan-selection-ui.md | ||
| 5-2-stripe-payment-integration.md | ||
| 5-3-stripe-webhook-sync.md | ||
| 5-4-usage-tracking-rate-limit-enforcement.md | ||
| 5-5-admin-seed-and-approval-flow.md | ||
| 5-6-admin-only-model-config.md | ||
| deferred-work.md | ||
| sprint-status.yaml | ||