8 Commits

Author	SHA1	Message	Date
BilalG1	024da3cacb	[Fix] freestyle-mock honors $PORT, drop server.listen string-patch (#1432) ... ## Summary The multi-worker freestyle-mock rewrite ([#1430](https://github.com/hexclave/stack-auth/pull/1430)) hardcoded `server.listen(8080)`, which collides with qstash inside the local-emulator container. Supervisord sets `PORT=8180` for freestyle-mock specifically to avoid this clash, but the new source ignores `process.env.PORT`. The local-emulator Dockerfile previously bridged this with a `server.replace('server.listen(8080)', ...)` string-patch on the embedded source. The new code is `server.listen(8080, () => { ... })` — the literal `'server.listen(8080)'` substring no longer matches, so the replace silently no-ops and freestyle-mock binds 8080. qstash then can't start (`address already in use: 127.0.0.1:8080` → FATAL), the backend (which depends on qstash) never comes up, and the emulator smoke test times out. Observed in [this run](https://github.com/hexclave/stack-auth/actions/runs/25832479377): ``` smoke-test: FTL address already in use: 127.0.0.1:8080 smoke-test: WARN exited: qstash (exit status 1; not expected) smoke-test: INFO gave up: qstash entered FATAL state, too many start retries too quickly [603s] SMOKE TEST FAILED: backend /health?db=1 did not return 200 within 300s ``` ## Changes - `docker/dependencies/freestyle-mock/Dockerfile`: `server.listen(PORT)` where `PORT = process.env.PORT || 8080`, plus the startup log reflects the actual port. - `docker/local-emulator/Dockerfile`: drop the now-redundant string-replace for the listen call. The two remaining replaces (`fs/promises` import + node_modules symlink) are unrelated and kept. ## Test plan - [ ] QEMU emulator build workflow passes on this branch (smoke test reaches healthy backend). - [ ] Verify locally that supervisord's `PORT=8180` is honored by freestyle-mock and qstash binds 8080 cleanly. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Server listening port is now configurable via PORT (default 8080). * Local emulator startup adjusted to better handle dependencies and create a node_modules symlink for smoother local runs. * Seed/process transaction timeout increased to 90s for reliability. * Local database statement timeout changed to 0 (no statement timeout). * **CI** * Added step to enable and validate KVM access during emulator builds. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1432) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-14 15:31:16 -07:00
Aman Ganapathy	c0871e64b2	[Feat(tests)] multi-worker freestyle mock (#1430) ... ### Context Lots of flakiness comes from email polling leading to timeouts. This usually happens when freestyle mock cannot service requests in time. Old mock was single threaded and so clogged up by a lot of requests. ### Summary of Changes A multiworker system should be better.	2026-05-13 16:32:00 -07:00
Aman Ganapathy	abc320b4db	[Refactor] [Fix] Email Rendering Pipeline Refactor, Error Handling, and Bug Fixes (#1140) ... ### Context We noticed some errors pop up on sentry related to email rendering. These errors seem to have been triggered by the same issue, and could be categorized as follows: 1. Sanity test mismatch, even when the errors from freestyle and vercel sandbox were broadly similar. This occurred due to stack traces differing in different execution environments. 2. Rendering errors from freestyle and vercel sandbox caused by the theme not being imported/ empty theme component. Upon investigation, this occurred because hitting save on the email themes page with an invalid theme (ex: deleting the `export` keyword, or renaming the `EmailTheme` component) still triggers `bundleAndExecute` with the invalid themes. This will obviously fail and cause the errors to be logged, however there is no cause for concern here because the error is returned and the save is denied because an error is returned. It's more of a matter of noisy error logs and too strict sanity test comparisons. Beyond that, `js-execution` is a little opaque and hard to understand, and this can mask errors in logic. We also noticed a new issue: manually throwing an error in the email theme code editor, and then trying to save was actually successful. This was because the version of `react-email/components` we were using had faulty error handling, and fell back to client side rendering, masking the error. This wasn't caught by our `try-catch` safeguards because it was a render time issue that was masked. More specifically, this was what `react-email` was doing: `Switched to client rendering because the server rendering errored`. ### Summary of Changes We loosen the sanity test comparison between engine execution results in case of errors. We then refactor the `js-execution` and `email-rendering` files to read better, and to only `captureError` when a service is down, but not for runtime errors in the user submitted code. To deal with the other bug, we bumped `react-email/components` to the latest version. However, doing so exposed a gap between real `freestyle` and our `freestyle-mock`: with the mock, the errors that were now raised were treated as uncaught exceptions, crashing the mock server. Consequently, we switched to using `node` over `bun`. We also expanded test coverage to account for different error paths. Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2026-02-02 17:35:51 -08:00
Aman Ganapathy	091d3f2a26	Update SDK dependencies to latest version and handle the breaking changes (#1100) ... We update the sdk dependencies (the ones present in `package-template.json`) to the latest versions. Since several packages have major version bumps, this results in a variety of breaking changes that have been handled here. Incidentally, when possible, we update similar dependencies across the codebase. We decide to defer the tailwind update to another PR owing to its scale. The rest of the updates and changes have been catalogued below: 1. [Bumping](https://github.com/panva/oauth4webapi/blob/v3.x/CHANGELOG.md) `oauth4webapi` to 3.8.3: this was a major version changed. While there were no compatibility issues in the sdk, there were several breaking changes in `stack-shared`. Namely: a. The removal of `isOauth2Error`. We used this to check if the results of our `oauth4webapi` api invocations had issues. The functions were changed to explicitly throw either `ResponseBodyErrors` or `AuthorizationResponseErrors`, so the code was reworked to account for that with no loss in error handling. b. Dropping of support for http broadly: `oauth4webapi` now only accepts https. This is desired, but I add a carve out for our test environments only. c. `refreshTokenGrantRequest` and `authorizationCodeGrantRequest` now require `clientAuthentication` to be passed explicitly to them. d. Changes in how we handle our `MultiFactorAuthenticationRequired` error: This is an error that we created and is passed to the `oauth4webapi` API if there are MFA issues. Since the `processAuthorizationCodeResponse` now explicitly throws a `ResponseBodyError`, we access the error cause from the body of the error instead. 2. [Bumping](https://github.com/Qix-/color/releases) `color` to 5.0.4: this was a major version bump. Simple type checking change, I checked the API for the correct interface. 3. [Bumping](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md) `simplewebauthn` to 13.2.2: two major version bumps, but no incompatibilities surprisingly 4. [Bumping](https://github.com/jshttp/cookie/releases) `cookie` to 1.1.1: this was a major version bump. a. Changing `parse` to `parseCookie`. In the most recent version, `parse` is still maintained as an alias for `parseCookie` for backwards compatibility, but I thought it would be best to change it over now. No change in functionality. b. Typing is now strongly enforced. A cookie can be `string | undefined`, and the `Cookies` are now `Record<string, string | undefined>`. We already have code to handle if a cookie is returned as undefined/ null, so the changes here were more to ensure type compatibility rather than big changes in functionality. 5. [Bumping ](https://github.com/isaacs/rimraf#readme)`rimraf` to 6.1.2: No breaking changes, mostly just bug fixes. 6. [Bumping](https://github.com/panva/jose/releases?page=1) `jose` to 6.1.3: This is another major version bump. We update it across the codebase to ensure compatibility. We use this for importing and processing jwk tokens. There are a few big changes in the version bump, but the only one that applies to us is that `importJwk` now yields a `CryptoKey` instead of a `KeyObject` in Node.js. However, this doesn't appear to break our code. We use `importJwk` in `stack-auth/packages/stack-shared/src/utils/jwt.tsx`. 7. [Bumping](https://github.com/react-hook-form/resolvers/releases) `hookform/resolvers` to 5.2.2 (two major version jumps), and consequently bumping `react-hook-form` to 7.70.0: We already use the patterns that `hookform/resolvers`' latest versions seem to be enforcing. The only other breaking change is that it requires version 7.55.0+ of `react-hook-form`. Though we should pay attention to any interactions with zod and `hookform/resolvers`, some people have reported compatibility issues if they aren't using the latest compatible versions of both. 8. [Bumping](https://github.com/jquense/yup/blob/master/CHANGELOG.md) `yup` to 1.7.1: this was a minor version change, but we had incompatibility issues with this change. Versions 1.4.1 and 1.7.1 cannot exist in the same codebase due to incompatibility, so we bumped it up across the codebase, including in peer dependencies. 9. Some minor version changes for some packages, but these were mostly bug fixes. 10. **Edited to add**: Bumping freestyle to 0.1.6, and reworking the freestyle mock server. In 0.1.6, freestyle changed their API in two ways: a. We're now supposed to hit their `execute/v2/...` endpoint and b. They've flattened the `config` argument to `serverless.runs.create`. These changes are minor, but are important. As part of a general suite of dependency bumps, this was judged to fit here. We have linked the changelogs for the packages on each line.	2026-01-16 16:02:07 -08:00
BilalG1	e8e78cf148	faster mock freestyle (#1033) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added environment variable handling and logging interception for improved script execution visibility. * **Bug Fixes** * Enhanced error handling with structured error responses and logs. * **Chores** * Updated dependencies: arktype and react-dom. * Improved temporary work directory management and cleanup process. * Optimized script execution model for better performance. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-12-01 09:35:31 -08:00
Bilal Godil	d65cc61509	fix freestyle-mock	2025-08-25 10:28:30 -07:00
BilalG1	4899632ea4	Email sending sdk function, freestyle mock, small fixes (#813) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Enhances email sending API with template support, improved error handling, and new interfaces, while adding comprehensive tests and updating rendering logic. > > - **Behavior**: > - Adds support for sending emails using templates with variables and optional theming in `send-email/route.tsx`. > - Introduces per-user notification category checks before sending emails. > - Adds optional unsubscribe link in email themes. > - **Error Handling**: > - Refines error handling in `send-email/route.tsx` for missing content, non-existent user IDs, and shared email server configurations. > - Uses `KnownErrors` for specific error cases. > - **API Changes**: > - Adds new interfaces and methods for email sending in `server-interface.ts` and `admin-interface.ts`. > - Removes deprecated email sending methods from admin interfaces. > - **Testing**: > - Adds e2e tests in `email.test.ts` for various email sending scenarios, including HTML content, templates, and error cases. > - **Misc**: > - Updates email rendering logic in `email-rendering.tsx` to handle new template and theme options. > - Simplifies import statements and cleans up code structure across multiple files. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for 1d5a056699. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced email sending to support both raw HTML and template-based emails with variables and optional theming. * Added per-user notification category checks before sending emails. * Email themes now support an optional unsubscribe link in the footer. * **Improvements** * Updated email rendering to pass the unsubscribe link as a prop to themes. * Refined error handling for email sending. * Improved flexibility of email sending options and result reporting. * **API Changes** * Introduced new interfaces and methods for sending emails on the server side, including detailed result reporting. * Removed deprecated admin-side email sending methods and interfaces. * Added new types for email sending options and results. * **Bug Fixes** * Fixed navigation and property naming inconsistencies in dashboard email template editing and sending flows. * **Chores** * Simplified import statements and cleaned up internal code structure. * Updated Docker environment for freestyle mock service to use Bun runtime and adjusted port mappings. * **Tests** * Added comprehensive tests covering email sending scenarios, including error handling and multi-user support. * Updated existing tests to reflect refined email subjects, template rendering, and unsubscribe link features. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>	2025-08-01 18:40:28 -07:00
Konstantin Wohlwend	7a0a26d6fd	Freestyle mock	2025-07-29 13:52:44 -07:00