mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
7a35751f8e
260 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Konsti Wohlwend
|
7a35751f8e
|
Sign up rules (#1138)
<!-- CURSOR_SUMMARY --> > [!NOTE] > **High Risk** > Touches core sign-up/auth flows and user restriction semantics (including new DB constraints) and introduces dynamic rule evaluation/logging; misconfiguration or CEL/parser bugs could block sign-ups or incorrectly restrict users. > > **Overview** > Introduces **CEL-based sign-up rules** (config-driven) that are evaluated during password/OTP/OAuth sign-ups and anonymous upgrades; matching rules can reject sign-ups or mark users as admin-restricted, and triggers are logged for analytics. > > Extends `ProjectUser` with `restrictedByAdmin` plus public/private restriction details, updates restriction computation/filtering, and exposes these fields via user CRUD (including validation + DB constraint enforcing consistency when unrestricted). > > Adds a new dashboard **Sign-up Rules** page with a visual condition builder (CEL <-> visual tree), drag-reorder by priority, per-rule 48h sparkline analytics via a new hidden internal endpoint, and adds user-page UI to view/edit manual restrictions. Also refactors ClickHouse client initialization to require env vars (removing `isClickhouseConfigured` checks) and adjusts CI container startup wait time. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2141e689e8c1b72303b805e9234f996010d0880. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Sign-up Rules: visual rule builder, in-project CRUD with drag-reorder, per-rule analytics, backend evaluation, and admin UI. * Admin user restrictions: dashboard controls, banners/status, public/private admin details surfaced in user views. * **APIs & Schema** * Config and user schemas extended; new SignUpRejected error and sign-up rule types added. * **Tests** * Extensive unit and E2E coverage for rules, parser, evaluator, analytics, and restricted-user flows. * **Docs** * Editorial guidance added to AGENTS.md. * **Chores** * DB statement timeout, updated clean script, minor dependency additions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
BilalG1
|
31b8d8040d
|
query timing route (#1146)
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a dedicated endpoint to retrieve query timing statistics using query identifiers. * Query responses now include a unique query_id for tracking and reference. * **Improvements** * Query timeout validation now enforces a maximum limit of 2 minutes. * Query response structure updated to support separate timing information retrieval. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Konstantin Wohlwend
|
6856f8761e |
Reorder imports
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migrations are backwards-compatible / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test With Custom Base Port / restart-dev-and-test-with-custom-base-port (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests with custom base port / setup-tests-with-custom-base-port (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migrations are backwards-compatible / Test migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migrations are backwards-compatible / No migration changes (skipped) (push) Has been cancelled
|
||
|
BilalG1
|
efefa5d31b
|
Partial refunds frontend (#1123)
https://www.loom.com/share/bb7abfde507f40d386ee856f5ffbd506 <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * USD-based refund system enabling partial and full refunds with explicit USD amounts * Per-entry refund selection with granular quantity controls in refund dialogs * **Bug Fixes** * Stronger refund validation and error handling to prevent invalid or out-of-bounds refunds * **Tests** * Expanded end-to-end coverage for refund edge cases and scenarios * **Style** * Improved refund dialog UI with contextual alerts and better controls <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Konstantin Wohlwend
|
13542cf6ff | Fix event migration page | ||
|
BilalG1
|
484c3a6332
|
clickhouse setup (#1032) | ||
Aman Ganapathy
|
c8694c7ff5
|
[Fix] [Feat] Update OAuth Sign-In and Get Token Functions to Work (#1130)
### Summary of Changes Previously, on the Swift SDK, the `signInWithOAuth` function wasn't working. In this PR, we fix it by having the `getOAuthUrl` function to actually redirect correctly. Note that to do so, we updated the `validRedirectUrl` check on the backend to accept app native redirects (from our new trusted url scheme). Another thing to note is that we added functionality to the `TokenStore` abstraction to conditionally refresh the access token that the user is trying to fetch if it is expired/close to expiring if possible. `getOAuthUrl` will attempt to get a valid access token, and thus will rely on our algorithm documented in `utilities.md`. The specs serve as the source of truth. We go further and implement Apple Native sign in. To do so, we have it hit a new route on the backend and verify the `jwtToken` retrieved by the sdk against an Apple-provided set of `jwks`. We use jose to do so, in line with the rest of the codebase. We take this opportunity to refactor the oauth provider route owing to the amount of duplicated logic. Additionally, to enable the apple sign in, users will have to update the Apple authentication method modal on the dashboard and add accepted bundle ids. These are identifiers for projects, and we will check the `JWT` on the backend to make sure the audience is set to an accepted bundleId. We also update the Apple modal to be more informative. ### Using the new Features To use the Apple native sign in, users will have to 1) sign up with an apple developer account, 2) set up their bundleids for their projects by connecting them to the apple developer account, 3) update the Stack-Auth Authentication Methods dashboard apple modal with the relevant fields. Then, trying to sign in with apple with our Swift SDK will use the apple native sign in. ### UI Changes Renamed the fields in the apple modal. Added a new field for bundle ids. See below. https://github.com/user-attachments/assets/0e760c0e-3198-4818-ac7f-4900d7a125bb Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com> |
||
|
BilalG1
|
4e45aed530
|
fix product route access (#1134)
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Security** * Added client-side access checks on payments endpoints and expanded customer-type handling (including a new "custom" type). * **SDK / Client** * Client interface methods now accept explicit request types (client/server/admin) to route requests appropriately. * **Server** * New server-side product listing to support server requests and caching. * **Tests** * E2E tests updated to use a fast sign-up flow and pass authentication tokens for authorized requests. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Konsti Wohlwend
|
6c22e6e511
|
Config sources (#1083) | ||
|
BilalG1
|
373fb48e7f
|
payment email templates (#1106)
<img width="553" height="471" alt="Screenshot 2026-01-14 at 12 16 36 PM"
src="https://github.com/user-attachments/assets/9f32473d-5294-4cf7-b527-0668fb04ae47"
/>
<img width="630" height="514" alt="Screenshot 2026-01-14 at 12 17 06 PM"
src="https://github.com/user-attachments/assets/b17f57f7-148d-4438-b337-df7516d1793e"
/>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Expanded Stripe webhooks: handles invoice and one‑time/subscription
events, sends templated payment receipt and failure emails, posts
chargeback alerts to Telegram.
* Customer invoices API plus client and UI support for listing invoices;
backend stores invoice status, total, and hosted URL.
* **Tests**
* Added end‑to‑end tests for new webhook scenarios (receipts, failures,
chargebacks) and invoices API with email outbox checks.
* **Chores**
* Centralized Telegram helpers and improved formatting, validation, and
reliability.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Introduces end-to-end invoice visibility and payment notifications.
>
> - **Emails:** Adds default `payment_receipt` and `payment_failed`
templates and sends them from Stripe webhooks for one-time and
subscription payments (skips non‑uncollectible failures); resolves
recipients for users/teams.
> - **Webhooks:** Expands handled events; upserts invoices on
`invoice.*`; stricter unknown-type handling; adds Telegram chargeback
alert; refactors init script Telegram sending.
> - **Data model:** Extends `SubscriptionInvoice` with `status`,
`amountTotal`, `hostedInvoiceUrl` and writes them via
`upsertStripeInvoice`.
> - **API/SDK/UI:** New paginated `GET
/payments/invoices/{customer_type}/{customer_id}`; client interface
(`listInvoices`, hooks) and template Payments panel render an invoices
table.
> - **Tests:** E2E for invoices access, webhook behaviors, and email
delivery.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Aman Ganapathy
|
710c820e6b
|
[Feat] Add payment methods page to dashboard (#1103)
### Summary of Changes We would like to setup a payment settings page. Here, developers should be able to toggle test mode, see their stripe connection status, and adjust the payment method configs. ## Test Mode Toggle This will exist in concert with the test mode banner. ## Stripe Connection Status While users cannot see the page unless they create a stripe account, they can still see it if they've created the stripe connected account but haven't finished onboarding. This is a handy place for them to finish their onboarding. ## Payment Methods We would like developers using our payments feature to be able to set what payment options should be made available to their users. Consequently, we create a route and a page on the dashboard which hits that route to update what payment options are made available. The UI stores "pending changes" which represent updates to be made to the payment method configs corresponding to that project's connected stripe account. These are then sent to the backend, validated with a schema, and then updated using stripe. We also note that some payment methods have dependencies on others: for example, the "apple pay" method cannot be enabled if the "debit/credit cards" method is not enabled. We note the two cases where it is observed to happen and raise an alert using `toast` to make it clear to the developer, and make it extensible in case other dependencies are added in the future. To ensure synchronization between the frontend dashboard UI and the backend route handler on the payment method names, we have both pull from a shared utility file. This ensures only one update will need to be made. **NOTE 1:** We chose to build our own component rather than using the Stripe embedded component as the Stripe component is still in pre-release mode. **NOTE 2:** To disable specific payment methods for all our users, we should update the platform account config in Stripe for stack-auth. This will prevent said payment method from being made available to them. **NOTE 3:** We skip the multi-account method config isolation test because the stripe mock server does not support testing with multiple accounts. However, the logic of the test has been verified with a real stripe account. ### UI Demo For this demo, I had a pre-created checkout link for a one-time purchase of a product for 100$. https://github.com/user-attachments/assets/a0139ee8-a9ce-480c-b8b5-9b5fb1e9c15f |
||
|
Konstantin Wohlwend
|
52668d769c |
fix non-Next package deployments
closes #1122 |
||
|
BilalG1
|
2e13eb1ea7
|
fix sign in bug on dev (#1119)
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Updated internal environment detection mechanism for OAuth flows. Insecure HTTP requests are now allowed when running outside of production environments, rather than only during testing scenarios. No changes to public APIs. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Aman Ganapathy
|
091d3f2a26
|
Update SDK dependencies to latest version and handle the breaking changes (#1100)
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migrations are backwards-compatible with main branch / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test With Custom Base Port / restart-dev-and-test-with-custom-base-port (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests with custom base port / setup-tests-with-custom-base-port (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migrations are backwards-compatible with main branch / Test migrations with main branch code (push) Has been cancelled
DB migrations are backwards-compatible with main branch / No migration changes (skipped) (push) Has been cancelled
We update the sdk dependencies (the ones present in `package-template.json`) to the latest versions. Since several packages have major version bumps, this results in a variety of breaking changes that have been handled here. Incidentally, when possible, we update similar dependencies across the codebase. We decide to defer the tailwind update to another PR owing to its scale. The rest of the updates and changes have been catalogued below: 1. [Bumping](https://github.com/panva/oauth4webapi/blob/v3.x/CHANGELOG.md) `oauth4webapi` to 3.8.3: this was a major version changed. While there were no compatibility issues in the sdk, there were several breaking changes in `stack-shared`. Namely: a. The removal of `isOauth2Error`. We used this to check if the results of our `oauth4webapi` api invocations had issues. The functions were changed to explicitly throw either `ResponseBodyErrors` or `AuthorizationResponseErrors`, so the code was reworked to account for that with no loss in error handling. b. Dropping of support for http broadly: `oauth4webapi` now only accepts https. This is desired, but I add a carve out for our test environments only. c. `refreshTokenGrantRequest` and `authorizationCodeGrantRequest` now require `clientAuthentication` to be passed explicitly to them. d. Changes in how we handle our `MultiFactorAuthenticationRequired` error: This is an error that we created and is passed to the `oauth4webapi` API if there are MFA issues. Since the `processAuthorizationCodeResponse` now explicitly throws a `ResponseBodyError`, we access the error cause from the body of the error instead. 2. [Bumping](https://github.com/Qix-/color/releases) `color` to 5.0.4: this was a major version bump. Simple type checking change, I checked the API for the correct interface. 3. [Bumping](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md) `simplewebauthn` to 13.2.2: two major version bumps, but no incompatibilities surprisingly 4. [Bumping](https://github.com/jshttp/cookie/releases) `cookie` to 1.1.1: this was a major version bump. a. Changing `parse` to `parseCookie`. In the most recent version, `parse` is still maintained as an alias for `parseCookie` for backwards compatibility, but I thought it would be best to change it over now. No change in functionality. b. Typing is now strongly enforced. A cookie can be `string | undefined`, and the `Cookies` are now `Record<string, string | undefined>`. We already have code to handle if a cookie is returned as undefined/ null, so the changes here were more to ensure type compatibility rather than big changes in functionality. 5. [Bumping ](https://github.com/isaacs/rimraf#readme)`rimraf` to 6.1.2: No breaking changes, mostly just bug fixes. 6. [Bumping](https://github.com/panva/jose/releases?page=1) `jose` to 6.1.3: This is another major version bump. We update it across the codebase to ensure compatibility. We use this for importing and processing jwk tokens. There are a few big changes in the version bump, but the only one that applies to us is that `importJwk` now yields a `CryptoKey` instead of a `KeyObject` in Node.js. However, this doesn't appear to break our code. We use `importJwk` in `stack-auth/packages/stack-shared/src/utils/jwt.tsx`. 7. [Bumping](https://github.com/react-hook-form/resolvers/releases) `hookform/resolvers` to 5.2.2 (two major version jumps), and consequently bumping `react-hook-form` to 7.70.0: We already use the patterns that `hookform/resolvers`' latest versions seem to be enforcing. The only other breaking change is that it requires version 7.55.0+ of `react-hook-form`. Though we should pay attention to any interactions with zod and `hookform/resolvers`, some people have reported compatibility issues if they aren't using the latest compatible versions of both. 8. [Bumping](https://github.com/jquense/yup/blob/master/CHANGELOG.md) `yup` to 1.7.1: this was a minor version change, but we had incompatibility issues with this change. Versions 1.4.1 and 1.7.1 cannot exist in the same codebase due to incompatibility, so we bumped it up across the codebase, including in peer dependencies. 9. Some minor version changes for some packages, but these were mostly bug fixes. 10. **Edited to add**: Bumping freestyle to 0.1.6, and reworking the freestyle mock server. In 0.1.6, freestyle changed their API in two ways: a. We're now supposed to hit their `execute/v2/...` endpoint and b. They've flattened the `config` argument to `serverless.runs.create`. These changes are minor, but are important. As part of a general suite of dependency bumps, this was judged to fit here. We have linked the changelogs for the packages on each line. |
||
|
BilalG1
|
d6dc85b6d6
|
upgrade/downgrade plans (#1087)
https://www.loom.com/share/f218c4d16b4d4306be93685aad7aed7a <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * One-click subscription switching (client + server) and UI dialog to choose alternative plans * Products now show available plan alternatives (switch options) * **Improvements** * More robust default payment-method handling, validation, and clearer errors when none is set * Improved payment-method retrieval and customer metadata persistence * **Tests** * End-to-end tests for plan switching and updated billing snapshots <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
BilalG1
|
570249f67a
|
show products in account settings (#1071)
<img width="1193" height="827" alt="Screenshot 2026-01-09 at 1 46 38 PM" src="https://github.com/user-attachments/assets/2703cb15-0be6-4df5-9c79-a45ac514444e" /> <img width="1192" height="750" alt="Screenshot 2026-01-09 at 1 49 01 PM" src="https://github.com/user-attachments/assets/9cfd4936-ed2f-4e4d-a5f9-0c25c87623f1" /> <! -- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Manage and set default payment methods (user & team) via Setup Intents; Payments page in Account Settings to view/update card and active plans. * Product listings now include type (one_time | subscription) and subscription details (period end, cancelable, cancel-at-period-end). * Client/SDK: new billing APIs and Customer methods to fetch billing, create setup intents, and apply default payment methods. * **Tests** * New end-to-end tests for billing flows, setup-intent, and access control. * **Chores** * Added Stripe frontend libraries. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Konsti Wohlwend
|
1618f89c46
|
Onboarding app & restricted users (#1069)
- restricted users - onboarding app - waitlist app - fixed an exception when setting primary email - automatically update the JWT token on the client when the user object changes |
||
|
BilalG1
|
502963b4ab
|
payouts tab (#1065)
<img width="1299" height="967" alt="Screenshot 2025-12-12 at 5 26 23 PM" src="https://github.com/user-attachments/assets/5a33482a-510c-464c-a770-e71222ffc336" /> <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a "Payouts" section to the Payments dashboard with a dedicated page and navigation link. * Integrated a Stripe Connect payouts UI, allowing users to manage and configure payout options (instant payouts, standard payouts, edit payout schedule, external account collection). * **Chores** * Internal module path updates (no user-facing behavior changes). <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Konstantin Wohlwend
|
90ac480f43 | Fix email outbox pagination | ||
|
Konsti Wohlwend
|
e76ed50bf7
|
Email outbox CRUD endpoints (#1062) | ||
|
Konstantin Wohlwend
|
a09188f947 | Make config endpoints SmartRouteHandlers | ||
|
Konsti Wohlwend
|
e7e792d462
|
Email outbox backend (#1030) | ||
|
Konstantin Wohlwend
|
c96757173d | currentSession.useTokens hook | ||
Madison
|
4480991789
|
[Docs][SDK] - Various small fixes (#1040)
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> # 🔒 Hidden Internal Endpoints from Public API Docs Internal endpoints were incorrectly appearing in public API documentation. Added hidden: true metadata to: - /internal/init-script-callback - Telegram notification callback - /internal/send-sign-in-invitation - Team invitation endpoint (public equivalent: /team-invitations/send-code) - /internal/projects/current - Internal project CRUD (adminRead, adminUpdate, adminDelete) - /internal/emails - Internal emails CRUD (adminList) # 🏷️ Fixed Endpoint Categorization (moved from "Others") Several endpoints were appearing in the "Others" category instead of their proper sections: - /emails/send-email -> Added tags: ["Emails"] - Notification preferences CRUD -> Added complete docs with tags: ["Emails"] - OAuth providers CRUD -> Changed tag from "OAuth Providers" → "Oauth" to match naming convention; added missing clientUpdate docs # 📝 API Documentation Improvements - Fixed duplicate API Key titles: Updated handlers to use dynamic summary (Create ${type} API key) instead of hardcoded "Create API key" for both user and team keys - Fixed empty Request section: API playground now only renders the Request panel when there are actual parameters or request body fields to display # 🎨 UserButton Component Fixes ### Component (packages/template/src/components/user-button.tsx): - Fixed hover effect centering (removed w-12 constraint, added p-1.5 padding) - Fixed showUserInfo not displaying (changed flex-grow w-0 → min-w-0) - Updated text styling with proper font sizes and theme-aware colors - Added hover:transition-none for snappy UX ### Documentation Demo (docs/src/components/stack-auth/stack-user-button-demo.tsx): - Added not-prose class to fix avatar not rendering in MDX context <img width="482" height="190" alt="image" src="https://github.com/user-attachments/assets/c7c847c8-3ca5-4a40-bb33-f89949b6dbad" /> | Old | New | |-----|-----| | <img src="https://github.com/user-attachments/assets/b0f2afe4-1499-49c0-946a-618a29876479" width="180" /> | <img src="https://github.com/user-attachments/assets/a358499c-f7e6-42c0-a0a0-2e6ad21728d2" width="180" /> | | Old | New | |-----|-----| | <img width="176" height="73" alt="image" src="https://github.com/user-attachments/assets/1e17d77e-e4df-484d-adf4-19fcdaa0b471" /> | <img width="198" height="76" alt="image" src="https://github.com/user-attachments/assets/61d95ca8-61e5-48db-8fd8-75335751622f" /> | |
||
Zai Shi
|
4b955ced3e
|
Email templates and project logos (#852)
https://www.loom.com/share/7628a0b5f14e4367bcde93e4817a50e8 <img width="811" height="437" alt="image" src="https://github.com/user-attachments/assets/6b02aae0-c723-43d4-92ab-a26e97623d9c" /> <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Enhance email templates with project branding and dark-mode support, update schemas and API responses for new logo fields. > > - **Behavior**: > - Email templates now support project branding with compact/full logos and dark-mode variants in `email-rendering.tsx` and `emails.ts`. > - Project name displays beside logos in Light and Dark themes in `email-rendering.tsx`. > - Email rendering groups branding and unsubscribe data for consistent theming. > - **API Changes**: > - Project payloads and admin/project schemas rename `full_logo` to `logo_full` and add dark-mode logo fields in `projects.ts` and `schema-fields.ts`. > - Updates to `projects.tsx` and `page-client.tsx` to handle new logo fields. > - **Style**: > - Improved unsubscribe link contrast in Dark theme in `emails.ts`. > - **Database**: > - Adds `logoFullUrl`, `logoDarkModeUrl`, and `logoFullDarkModeUrl` columns to `Project` table in `migration.sql`. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for |
||
|
BilalG1
|
243caf9a23
|
Payment transactions (#990)
https://www.loom.com/share/db645a1799454ec6b0234c55ee28cee9
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Multi-currency, entry-based transaction model; unified transaction
builders.
- Refund API for subscriptions and one-time purchases; Stripe invoice
handling and webhook invoice-paid processing.
- **Refactor**
- Admin UI and SDK migrated to the new transaction shape; table
rendering simplified with summary-driven columns and avatar cells.
- **Bug Fixes**
- Improved aggregation, sorting and cursor pagination across mixed
transaction sources; refund state handling.
- **Tests**
- Expanded end-to-end tests, webhook simulation helpers, and snapshot
updates.
- **Chores**
- Database migrations for subscription invoices and refundedAt fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Replaces AdminTransaction with a unified, entry-based Transaction
model, updates the backend route/builders, admin SDK, dashboard table,
and tests (incl. filtering and serializer tweaks).
>
> - **Backend**:
> - **Entry-based transactions**: Add `transaction-builder.ts` to build
`Transaction` objects (product grants, money transfers, item quantity
changes) with multi-currency amounts and
`effective_at_millis`/`adjusted_by`.
> - **API**: `/internal/payments/transactions` now returns
`transactionSchema`, supports filtering by `TRANSACTION_TYPES`, merges
sources, and preserves concatenated-cursor pagination.
> - **Shared (stack-shared)**:
> - Add `transactionEntrySchema`, `transactionSchema`,
`TRANSACTION_TYPES`, and `TransactionType`; remove `AdminTransaction`
surface.
> - **Admin SDK/Template**:
> - Update `listTransactions` signatures, caches, and types to use
`Transaction`/`TransactionType` across interfaces and app
implementations.
> - **Dashboard UI**:
> - Refactor transaction table to new model: iconified type, avatar
customer cells, amount/details columns, and filters for type and
customer.
> - **Tests**:
> - Update e2e snapshots to new `Transaction` shape; add tests for
type/customer filters and server-granted subscriptions; serializer now
strips `effective_at_millis`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
BilalG1
|
e843a2b637
|
svix embedded portal (#1007)
https://www.loom.com/share/ade557d34b674ecb9ae1d703b5332c9d
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for inline webhook configuration portal rendering when
available
* Enhanced webhooks page with improved theming support
* **Refactor**
* Updated webhook token API to return structured data including optional
server URL alongside token
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Enables embedded Svix portal on the Webhooks page when available,
updating the token API and shared types to return an optional portal URL
and wiring it through the admin app.
>
> - **Frontend (Dashboard Webhooks page)**:
> - Conditionally render Svix `AppPortal` when `svixToken.url` is
provided; otherwise fall back to `SvixProvider` with token.
> - Integrate theme support (`next-themes`) for portal `darkMode`;
import `svix-react` styles.
> - **Backend (API)**:
> - Update `POST /api/latest/webhooks/svix-token` to return `{ token,
url? }`, deriving `url` only when no `STACK_SVIX_SERVER_URL` is set.
> - **Shared Types/SDK**:
> - Extend `svixTokenAdminReadSchema` to include optional `url`.
> - Change admin app `useSvixToken()` to return `{ token, url }` and
propagate through implementation.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Konsti Wohlwend
|
89e6d8a2a2
|
Add signOut, getAuthJson, and getAuthHeaders to Stack<Xyz>App (#989) | ||
|
Konstantin Wohlwend
|
f4419c9fba | Fix retry issue | ||
|
BilalG1
|
7f2de7e1ec
|
Cookie subdomain sharing (#971)
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Projects now expose a domains field in the client API. - Cookie API expanded: domain and secure options added, plus getAll and isSecure helpers. - **Refactor** - Domain-aware cookie and token handling for cross-domain refresh flows. - Minor signature/formatting tweaks to IP and URL utilities. - **Tests** - E2E coverage added: refresh-cookie scenarios and a project scaffolding test. - Backend snapshot updated to include domains. - **Chores** - Added a new dependency for domain parsing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com> |
||
|
BilalG1
|
2e892664f3
|
webhook testing (#964)
https://www.loom.com/share/abbd19d1deaa4b3d8f8ae9c1f2f9b098?sid=d105ee21-f380-4c37-85f1-a58610cfff9d <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR adds webhook testing functionality to the dashboard, allowing users to send test events to their configured webhook endpoints and verify they're working correctly. The implementation adds a new backend API endpoint that creates a `stack.test` event via Svix, verifies successful delivery, and provides clear feedback. The dashboard UI is enhanced with a test dialog that shows a preview of the test payload and displays success or error messages, with the test action accessible both from the endpoint creation flow and the action menu for existing endpoints. ⏱️ Estimated Review Time: 15-30 minutes <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | |-------|-----------| | 1 | `packages/stack-shared/src/interface/admin-interface.ts` | | 2 | `packages/template/src/lib/stack-app/apps/interfaces/admin-app.ts` | | 3 | `packages/template/src/lib/stack-app/apps/implementations/admin-app-impl.ts` | | 4 | `apps/backend/src/app/api/latest/internal/send-test-webhook/route.tsx` | | 5 | `apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/webhooks/page-client.tsx` | </details> [](https://discord.gg/n3SsVDAW6U) [
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Sign-up accepts an optional verification callback URL and a new opt-out flag to disable email verification; when opted-out or absent, URL checks and verification emails are skipped. * Client APIs and runtime validation updated to forbid providing a callback URL when opting out. Sign-up now retries without a callback if a redirect URL is not whitelisted. * **Tests** * End-to-end tests added for sign-up without verification and for conflicting verification settings. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: Konsti Wohlwend <N2D4@users.noreply.github.com> |
||
|
Konstantin Wohlwend
|
66b6c4f022 |
Better rate limit retries
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Emulator Test / docker (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Test / docker (push) Has been cancelled
Runs E2E API Tests / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
|
||
|
BilalG1
|
c6b00e1a8b
|
dashboard payment customers, grant product routes and sdk (#939)
https://www.loom.com/share/2767f799df9d48519c737a1d082fc3f4?sid=967802e9-5bfb-438d-96cd-2f6fcbd2f69b <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR adds a "Grant Product" feature to the dashboard's customer page, allowing administrators to manually grant products to users, teams, or custom customers. The UI has been updated to rename "Items" to "Customers" in the navigation, and the page now includes a dialog for selecting a product and quantity (for stackable products) to grant. Additionally, the backend payment logic has been enhanced to properly set `currentPeriodEnd` and `cancelAtPeriodEnd` when canceling conflicting subscriptions during product grants. ⏱️ Estimated Review Time: 15-30 minutes <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | |-------|-----------| | 1 | `apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/sidebar-layout.tsx` | | 2 | `apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments/customers/page.tsx` | | 3 | `apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments/customers/page-client.tsx` | | 4 | `apps/backend/src/lib/payments.tsx` | | 5 | `packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts` | </details> <details> <summary>⚠️ Inconsistent Changes Detected</summary> | File Path | Warning | |-----------|---------| | `packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts` | This appears to be a simple variable rename (cache to itemsCache) that seems unrelated to adding grant product functionality to the dashboard | </details> [](https://discord.gg/n3SsVDAW6U) [
https://www.loom.com/share/59ff826f88324a61bb2fefc51769f840?sid=3fe23444-c56e-46c8-a402-8df38a69403c <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR improves the payment products UI by relocating the save/cancel buttons from the top to the bottom of the product card and replacing the generic `EditableInput` component with a custom `ProductEditableInput` component that better handles the specific styling and interaction patterns needed for product fields. The changes include better visual feedback during editing and improved layout alignment for the price input field. ⏱️ Estimated Review Time: 15-30 minutes <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | |-------|-----------| | 1 | `apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments/products/page-client-catalogs-view.tsx` | </details> [](https://discord.gg/n3SsVDAW6U) [ | ||
|
Konsti Wohlwend
|
8a77e07f19
|
Rename offer to product, offer group to product catalog (#914)
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Emulator Test / docker (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Test / docker (push) Has been cancelled
Runs E2E API Tests / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR implements a comprehensive renaming of "offer" to "product" and "offer group" to "product catalog" throughout the codebase. The changes include database migrations, schema updates, API compatibility layers, function renames, and updates to client and server implementations. Backwards compatibility is maintained through migration layers that handle requests using the old terminology, translating them to the new terminology before processing. The PR includes documentation of this approach in CLAUDE-KNOWLEDGE.md. This rename affects multiple parts of the system including the database schema, API endpoints, error types, and SDK interfaces. ⏱️ Estimated Review Time: 1-3 hours <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | |-------|-----------| | 1 | `apps/backend/prisma/migrations/20250923191615_rename_offers_to_products/migration.sql` | | 2 | `apps/backend/src/app/api/migrations/v2beta1/payments/purchases/offers-compat.ts` | | 3 | `apps/backend/src/app/api/migrations/v2beta1/payments/purchases/create-purchase-url/route.ts` | | 4 | `apps/backend/src/app/api/migrations/v2beta1/payments/purchases/validate-code/route.ts` | | 5 | `apps/backend/src/lib/payments.tsx` | | 6 | `.claude/CLAUDE-KNOWLEDGE.md` | | 7 | `packages/stack-shared/src/schema-fields.ts` | | 8 | `packages/stack-shared/src/known-errors.tsx` | | 9 | `packages/stack-shared/src/config/schema.ts` | | 10 | `packages/template/src/lib/stack-app/customers/index.ts` | | 11 | `packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts` | | 12 | `packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts` | </details> [](https://discord.gg/n3SsVDAW6U) <!-- RECURSEML_SUMMARY:END --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Renames 'offer' to 'product' and 'offer group' to 'product catalog' across the codebase, updating database schema, API endpoints, and application logic for consistency and backward compatibility. > > - **Database**: > - Rename columns `offer` to `product` and `offerId` to `productId` in `OneTimePurchase` and `Subscription` tables in `migration.sql`. > - **API & Migrations**: > - Update API endpoints to accept `product_id`/`product_inline` instead of `offer_id`/`offer_inline`. > - Add `v2beta5` compatibility layer to map legacy `offer` fields to `product` equivalents. > - **Shared Schemas**: > - Rename `offerSchema` to `productSchema` and related schemas in `schema-fields.ts`. > - **Server Implementation**: > - Update `createCheckoutUrl` method in `server-app-impl.ts` to use `productId`/`InlineProduct`. > - **Tests**: > - Update tests to reflect renaming in `backend-helpers.ts` and other test files. > - **Miscellaneous**: > - Remove dummy data related to offers in `dummy-data.tsx`. > - Update documentation and comments to reflect terminology changes. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for |
||
|
Konsti Wohlwend
|
d09496df6e
|
Fix project transfers (#926) | ||
|
Konstantin Wohlwend
|
15026d8c76 | Invalid access tokens in cookies no longer break client lib | ||
|
BilalG1
|
ad34cfecc2
|
Transactions page (#900)
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Emulator Test / docker (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Test / docker (push) Has been cancelled
Runs E2E API Tests / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR adds a new `priceId` field to the `OneTimePurchase` and `Subscription` models in the database to store Stripe price identifiers. The change includes database schema updates, corresponding migration files, and modifications to payment processing logic to properly track and store price IDs throughout the purchase flow. The implementation consistently propagates the price ID from Stripe's API responses through various payment processing endpoints and webhooks handlers, ensuring the data is properly stored and synced with the database models. ⏱️ Estimated Review Time: 15-30 minutes <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | |-------|-----------| | 1 | `apps/backend/prisma/schema.prisma` | | 2 | `apps/backend/prisma/migrations/20250917193043_store_price_id/migration.sql` | | 3 | `apps/backend/src/lib/stripe.tsx` | | 4 | `apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx` | | 5 | `apps/backend/src/app/api/latest/internal/payments/test-mode-purchase-session/route.tsx` | | 6 | `apps/backend/src/app/api/latest/integrations/stripe/webhooks/route.tsx` | | 7 | `apps/e2e/tests/backend/endpoints/api/v1/stripe-webhooks.test.ts` | </details> <!-- RECURSEML_SUMMARY:END --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Add `priceId` field to track Stripe price identifiers in purchase and subscription models, updating schema, payment logic, and tests. > > - **Database Changes**: > - Add `priceId` field to `OneTimePurchase` and `Subscription` models in `schema.prisma`. > - Update database schema with migration `20250917193043_store_price_id/migration.sql`. > - **Payment Processing**: > - Update `processStripeWebhookEvent()` in `webhooks/route.tsx` to handle `priceId`. > - Modify `POST` handlers in `purchase-session/route.tsx` and `test-mode-purchase-session/route.tsx` to include `priceId` in metadata. > - Update `syncStripeSubscriptions()` in `stripe.tsx` to sync `priceId`. > - **Testing**: > - Add tests in `stripe-webhooks.test.ts` to validate `priceId` handling in webhook and purchase flows. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for |
||
|
BilalG1
|
5da45d8520
|
Email Drafts (#849)
https://www.loom.com/share/cc379c5372244a169f3ae1d2cc91eae5?sid=ec5bc438-56d8-4cca-9bbc-6cf6c6d313ad
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduce email draft functionality with AI assistance, including
creation, editing, and sending capabilities, and update APIs and UI
components accordingly.
>
> - **Features**:
> - Add email draft functionality: create, list, edit, preview, and send
drafts.
> - Integrate AI-assisted draft generation with `emailDraftAdapter` in
`email-draft-adapter.ts`.
> - Update `send-email` and `render-email` APIs to support drafts.
> - **Backend**:
> - Add `EmailDraft` model in `schema.prisma`.
> - Implement draft CRUD operations in `email-drafts/route.tsx` and
`email-drafts/[id]/route.tsx`.
> - Update `render-email/route.tsx` and `send-email/route.tsx` to handle
draft inputs.
> - **Frontend**:
> - Add email draft UI in `email-drafts/page-client.tsx` and
`email-drafts/[draftId]/page-client.tsx`.
> - Implement theme selection with `EmailThemeSelector` in
`email-theme-selector.tsx`.
> - Update sidebar navigation in `sidebar-layout.tsx` to include drafts.
> - **Tests**:
> - Add E2E tests for draft lifecycle and sending in
`email-drafts.test.ts` and `send-email.test.ts`.
> - **Misc**:
> - Update `admin-interface.ts` and `server-interface.ts` to support
draft operations.
> - Add `XOR` type utility in `types.tsx` for exclusive option handling.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for
|
||
|
Zai Shi
|
d789a097f3
|
OAuth provider client and dashboard (#792)
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add OAuth provider client and dashboard with UI components, server and
client interface updates, schema enhancements, and new tests.
>
> - **New Features**:
> - Add UI components in `page-client.tsx` for viewing, adding, editing,
toggling, and removing OAuth providers.
> - Implement `OAuthProviderDialog` and `OAuthProvidersSection` for
managing OAuth providers.
> - **Server and Client Interfaces**:
> - Update `StackServerInterface` and `StackClientInterface` to include
CRUD operations for OAuth providers.
> - Add `createServerOAuthProvider`, `listServerOAuthProviders`,
`updateServerOAuthProvider`, and `deleteServerOAuthProvider` methods.
> - **Schema and Types**:
> - Add `provider_config_id` to OAuth provider schemas in
`oauth-providers.ts` and `schema-fields.ts`.
> - Define `OAuthProvider` and `ServerOAuthProvider` types in
`users/index.ts`.
> - **Tests**:
> - Add `oauth-providers.test.ts` for client-side OAuth provider
functionality.
> - Update existing tests to include `provider_config_id` assertions.
> - **Miscellaneous**:
> - Update `server-app-impl.ts` and `client-app-impl.ts` to handle OAuth
provider operations.
> - Enhance error handling for account-ID conflicts in OAuth provider
operations.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for
|
||
|
BilalG1
|
e15ed03d3c
|
oauth sign in scope and test (#887)
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Adds `provider_scope` handling to OAuth requests and tests it in a new `oauth.test.ts` file. > > - **Behavior**: > - Adds `provider_scope` handling in `getOAuthUrl()` in `client-interface.ts` for OAuth requests. > - New test `oauth.test.ts` to verify `provider_scope` is set correctly during OAuth sign-in. > - **Functions**: > - Modifies `getOAuthUrl()` in `client-interface.ts` to always set `provider_scope` if provided. > - **Tests**: > - Adds `oauth.test.ts` to test `provider_scope` addition in OAuth sign-in flow. > - Updates `createApp()` in `js-helpers.ts` to accept `appOverrides` for client and server configurations. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for |
||
|
Konstantin Wohlwend
|
8424c4d624 | More fixes | ||
|
Konsti Wohlwend
|
40de0de4b9
|
Workflows (#873) | ||
|
Konstantin Wohlwend
|
1e06ff4c4c | More fixes | ||
|
Konsti Wohlwend
|
509c93e310
|
Data vaults (#871) | ||
|
Konsti Wohlwend
|
6a3459e9ab
|
Payments UX update (#863)
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Emulator Test / docker (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Test / docker (push) Has been cancelled
Runs E2E API Tests / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
Takes `stripeAccountId` out of the schema, adds a new endpoint for
getting a user's account ifo, and adds a new notification banner for
un-onboarded accounts.
<img width="1203" height="524" alt="Screenshot 2025-08-25 at 16 40 18"
src="https://github.com/user-attachments/assets/a2b0626d-dc86-4090-b221-0969ec34f124"
/>
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhances payments UX with new UI components, refactors, and expanded
tests, while introducing breaking changes and improved error handling.
>
> - **Behavior**:
> - Removes `stripeAccountId` from schema and adds new endpoint in
`route.ts` for user account info.
> - Adds notification banner for un-onboarded accounts in `layout.tsx`.
> - Updates `createCheckoutUrl` to expect options object.
> - **UI Componets**:
> - Adds `CreateGroupDialog`, `IncludedItemDialog`, `ItemDialog`,
`OfferDialog`, `PriceDialog`, and `ListSection` in `payments` directory.
> - Implements `Stepper` component in `stepper.tsx` for multi-step
processes.
> - Adds `IllustratedInfo` component in `illustrated-info.tsx`.
> - **Refactor**:
> - Refactors `use-hover.tsx` to improve hover detection.
> - Updates `admin-interface.ts` to handle known errors more robustly.
> - Removes feature gating from Payments and Offers pages.
> - **Tests**:
> - Expands E2E and unit tests in `internal-metrics.test.ts` to cover
new payment flows and error handling.
> - **Misc**:
> - Updates `mapProperty` and `removeProperty` functions in `schema.ts`
for better property handling.
> - Adds `StripeAccountInfoNotFound` error in `known-errors.tsx`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for
|
||
|
BilalG1
|
db02f71b73
|
payments schema changes, ledger algo, stackable items (#862)
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhances payments system with stackable items, Stripe account
management, and improved purchase flow, including schema updates and new
tests.
>
> - **Behavior**:
> - Adds quantity support for stackable offers in
`apps/backend/src/lib/payments.tsx` and
`apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx`.
> - Introduces Stripe account info viewing and onboarding in
`apps/backend/src/app/api/latest/internal/payments/stripe/account-info/route.ts`.
> - Implements "Include by default" pricing and "Plans" group in
`apps/backend/prisma/seed.ts`.
> - **Schema Changes**:
> - Adds `quantity` and `offerId` columns to `Subscription` table in
`apps/backend/prisma/migrations/20250821212828_subscription_quantity/migration.sql`
and
`apps/backend/prisma/migrations/20250822203223_subscription_offer_id/migration.sql`.
> - Adds `stripeAccountId` column to `Project` table in
`apps/backend/prisma/migrations/20250825221947_stripe_account_id/migration.sql`.
> - **Improvements**:
> - Enhances purchase flow to return Stripe `client_secret` and handle
subscription upgrades/downgrades in
`apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx`.
> - Updates item management with new actions and protections in
`apps/backend/src/app/api/latest/payments/items/[customer_type]/[customer_id]/[item_id]/update-quantity/route.ts`.
> - Tightens validation for customer type and offer conflicts in
`apps/backend/src/app/api/latest/payments/purchases/validate-code/route.ts`.
> - **Testing**:
> - Adds extensive tests for new payment features in
`apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts`
and
`apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts`.
> - **Misc**:
> - Removes unused `stripeAccountId` and `stripeAccountSetupComplete`
from `branchPaymentsSchema` in
`packages/stack-shared/src/config/schema.ts`.
> - Refactors currency constants into `currency-constants.tsx` in
`packages/stack-shared/src/utils`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for
|
||
|
BilalG1
|
70b22447af
|
custom customerIds, edit and delete offers/items, test mode
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduces 'custom' customer type support across API, models, and
tests, updating methods and validation schemas accordingly.
>
> - **New Features**:
> - Added 'custom' customer type support in `schema.prisma`,
`payments.tsx`, and `server-app-impl.ts`.
> - **API Changes**:
> - Updated API endpoints in `route.ts` files to include `customer_type`
parameter.
> - Modified `createPurchaseUrl` and `updateItemQuantity` methods to
handle 'custom' type.
> - **Models**:
> - Added 'CUSTOM' to `CustomerType` enum in `schema.prisma`.
> - Changed `customerId` type to `TEXT` in `Subscription` and
`ItemQuantityChange` models.
> - **Validation**:
> - Updated `customerTypeSchema` in `schema-fields.ts` to include
'custom'.
> - **Tests**:
> - Added and updated tests in `payments.test.ts` and `items.test.ts`
for 'custom' type scenarios.
> - **Misc**:
> - Removed `createPurchaseUrl` method from `admin-interface.ts`.
> - Updated `client-app-impl.ts` and `server-app-impl.ts` to support
'custom' type in item-related methods.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for
|