<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhances payments system with stackable items, Stripe account
management, and improved purchase flow, including schema updates and new
tests.
>
> - **Behavior**:
> - Adds quantity support for stackable offers in
`apps/backend/src/lib/payments.tsx` and
`apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx`.
> - Introduces Stripe account info viewing and onboarding in
`apps/backend/src/app/api/latest/internal/payments/stripe/account-info/route.ts`.
> - Implements "Include by default" pricing and "Plans" group in
`apps/backend/prisma/seed.ts`.
> - **Schema Changes**:
> - Adds `quantity` and `offerId` columns to `Subscription` table in
`apps/backend/prisma/migrations/20250821212828_subscription_quantity/migration.sql`
and
`apps/backend/prisma/migrations/20250822203223_subscription_offer_id/migration.sql`.
> - Adds `stripeAccountId` column to `Project` table in
`apps/backend/prisma/migrations/20250825221947_stripe_account_id/migration.sql`.
> - **Improvements**:
> - Enhances purchase flow to return Stripe `client_secret` and handle
subscription upgrades/downgrades in
`apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx`.
> - Updates item management with new actions and protections in
`apps/backend/src/app/api/latest/payments/items/[customer_type]/[customer_id]/[item_id]/update-quantity/route.ts`.
> - Tightens validation for customer type and offer conflicts in
`apps/backend/src/app/api/latest/payments/purchases/validate-code/route.ts`.
> - **Testing**:
> - Adds extensive tests for new payment features in
`apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts`
and
`apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts`.
> - **Misc**:
> - Removes unused `stripeAccountId` and `stripeAccountSetupComplete`
from `branchPaymentsSchema` in
`packages/stack-shared/src/config/schema.ts`.
> - Refactors currency constants into `currency-constants.tsx` in
`packages/stack-shared/src/utils`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 264563541d. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Quantity support for stackable offers across checkout, test purchases,
and admin flows.
- View Stripe account info and interactive payments onboarding per
project.
- "Include-by-default" pricing and new "Plans" group (Free, Extra
Admins).
- **Improvements**
- Purchase flow returns Stripe client_secret and handles group-based
subscription upgrades/downgrades.
- Item management: Update Customer Quantity action, edit/delete
protections, and read-only form mode.
- Validation surfaces offer conflicts (already_bought_non_stackable,
conflicting_group_offers).
- **Changes**
- Default item quantities now start at 0 unless explicitly granted.
- Stripe account linkage is stored per project.
- **Tests**
- Expanded tests for quantities, stackable behavior, and group
transition scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduces 'custom' customer type support across API, models, and
tests, updating methods and validation schemas accordingly.
>
> - **New Features**:
> - Added 'custom' customer type support in `schema.prisma`,
`payments.tsx`, and `server-app-impl.ts`.
> - **API Changes**:
> - Updated API endpoints in `route.ts` files to include `customer_type`
parameter.
> - Modified `createPurchaseUrl` and `updateItemQuantity` methods to
handle 'custom' type.
> - **Models**:
> - Added 'CUSTOM' to `CustomerType` enum in `schema.prisma`.
> - Changed `customerId` type to `TEXT` in `Subscription` and
`ItemQuantityChange` models.
> - **Validation**:
> - Updated `customerTypeSchema` in `schema-fields.ts` to include
'custom'.
> - **Tests**:
> - Added and updated tests in `payments.test.ts` and `items.test.ts`
for 'custom' type scenarios.
> - **Misc**:
> - Removed `createPurchaseUrl` method from `admin-interface.ts`.
> - Updated `client-app-impl.ts` and `server-app-impl.ts` to support
'custom' type in item-related methods.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 509762d716. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added universal "custom" customer type; test-mode purchase flow for
admins.
* **API Changes**
* Routes and payloads now include customer_type and accept non‑UUID
customer identifiers; validation and error responses updated.
* **Breaking Changes**
* SDK/Admin interfaces updated (new payload shapes, removed
createPurchaseUrl, added testModePurchase); item quantity routes now
include customer_type.
* **Dashboard/UI**
* New Offers and Items pages, dialogs, and ConnectPayments integration;
customerType options include "custom".
* **Tests**
* E2E and unit tests updated/added for custom and test‑mode flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<img width="1920" height="968" alt="Screenshot 2025-08-12 at 10 44
41 AM"
src="https://github.com/user-attachments/assets/3fb59810-45d8-46e1-9cfd-5a1a34936887"
/>
<!--
ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Introduces team-based project ownership, refactoring existing
user-based model, and updates UI, backend, and tests to support this
feature.
>
> - **Behavior**:
> - Introduced team-based ownership for projects, replacing user-based
ownership.
> - Updated project creation, transfer, and deletion flows to use team
ownership.
> - Added team selection UI during project creation in the dashboard.
> - Projects now display owning team's name and include "owner team"
field in API responses.
> - **Refactor**:
> - Enhanced backend and schema for team-based project management.
> - Removed legacy user metadata updates related to project ownership.
> - Modified project listing and management to rely on team
associations.
> - Streamlined failed emails digest and contact channel queries to
resolve contacts via team membership.
> - **Tests**:
> - Updated tests to validate team ownership and project-user
association handling.
> - Adjusted test snapshots and assertions for non-null selected team
data.
> - Improved test flows for authentication and project deletion with
team context.
> - **Chores**:
> - Minor improvements to logging and code clarity.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for e457b13b69. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Introduces team-based project ownership, refactoring existing
user-based model, and updates UI, backend, and tests to support this
feature.
>
> - **Behavior**:
> - Introduced team-based project ownership, replacing user-based
ownership.
> - Updated project creation, transfer, and deletion flows to use team
ownership.
> - Added team selection UI during project creation in the dashboard.
> - Projects now display owning team's name and include "owner team"
field in API responses.
> - **Refactor**:
> - Enhanced backend and schema for team-based project management.
> - Removed legacy user metadata updates related to project ownership.
> - Modified project listing and management to rely on team
associations.
> - Streamlined failed emails digest and contact channel queries to
resolve contacts via team membership.
> - **Tests**:
> - Updated tests to validate team ownership and project-user
association handling.
> - Adjusted test snapshots and assertions for non-null selected team
data.
> - Improved test flows for authentication and project deletion with
team context.
> - **Chores**:
> - Minor improvements to logging and code clarity.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 0f6f12b5dc. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Team-based project ownership: teams can own projects; UI to pick a
team when creating projects; dashboard groups projects by team;
TeamSwitcher component added.
* **Improvements**
* API and responses now include owner_team_id and populated
selected_team/selected_team_id; provisioning and transfer flows assign
teams for ownership; seeds create internal/emulator owner teams.
* **Tests**
* E2E and backend tests updated to reflect team ownership and enriched
team fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add support for uploading and managing project logos with image
compression and validation in project settings.
>
> - **Behavior**:
> - Added support for uploading and managing project logos (`logoUrl`,
`fullLogoUrl`) in `Project` model.
> - New `LogoUpload` component in `logo-upload.tsx` for image upload
with compression and validation.
> - Projects display and store logo URLs for branding.
> - **Database**:
> - Added `logoUrl` and `fullLogoUrl` columns to `Project` table in
`migration.sql`.
> - Updated `schema.prisma` to include new fields in `Project` model.
> - **Backend**:
> - Updated `createOrUpdateProjectWithLegacyConfig()` in `projects.tsx`
to handle logo uploads.
> - Increased max image upload size to 1 MB in `images.tsx` and
`s3.tsx`.
> - Added `browser-image-compression` dependency in `package.json`.
> - **Frontend**:
> - Integrated `LogoUpload` component in `page-client.tsx` for project
settings.
> - Updated `AdminProject` type in `projects/index.ts` to include logo
URLs.
> - **Tests**:
> - Updated e2e tests in `projects.test.ts` and others to verify logo
upload functionality.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 1b0cdbf123. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for uploading and managing project logos, including both
square and full (with text) logos, in the project settings page.
* Introduced a new logo upload component with image compression, size
validation, and removal functionality.
* Projects now display and store logo URLs, allowing for enhanced
branding and customization.
* **Improvements**
* Increased maximum allowed image upload size to 1 MB for project logos.
* Added clear image size constraints and unified image validation across
the app.
* **Dependencies**
* Added "browser-image-compression" library to support client-side image
compression.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduce comprehensive payment and subscription management with
Stripe integration, including new models, API endpoints, UI components,
and extensive tests.
>
> - **Features**:
> - Add Stripe integration for payments and subscriptions in
`apps/backend/src/lib/stripe.tsx` and
`apps/backend/src/app/api/latest/integrations/stripe/webhooks/route.tsx`.
> - Implement payment offers and items management in
`apps/backend/src/app/api/latest/payments`.
> - Add UI components for payment management in
`apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments`.
> - **Models**:
> - Add `Subscription` model in `prisma/schema.prisma` and
`prisma/migrations/20250805195319_subscriptions/migration.sql`.
> - **Tests**:
> - Add end-to-end tests for payment APIs in
`apps/e2e/tests/backend/endpoints/api/v1/payments`.
> - **Configuration**:
> - Update environment variables in `.env.development` and
`docker.compose.yaml` for Stripe.
> - **Misc**:
> - Add new known errors related to payments in `known-errors.tsx`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 972c24854f. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Introduced comprehensive payments and subscriptions management with
Stripe integration.
* Added UI for managing payment offers, items, and purchase URLs in the
dashboard.
* Implemented Stripe onboarding, purchase sessions, and return flow
handling.
* Added Stripe Connect and Elements integration with theme-aware UI
components.
* **Bug Fixes**
* Enhanced validation and error handling for payments APIs and
customer/item type consistency.
* **Tests**
* Added extensive end-to-end and backend tests for payments and
purchase-related endpoints.
* **Chores**
* Updated environment variables and dependencies for Stripe support.
* Added Stripe mock service to development Docker Compose.
* **Documentation**
* Extended schemas and types for payment offers, prices, items, and
customer types.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Note for deployment: This PR needs to add some env vars
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds S3-compatible storage for profile images with S3Mock for local
development, updating environment variables, Docker configurations, and
tests.
>
> - **Behavior**:
> - Adds S3-compatible storage for user, team, and team member profile
images using `uploadAndGetUrl()` in `s3.tsx`.
> - Integrates S3Mock for local development in `docker.compose.yaml` and
`emulator/docker.compose.yaml`.
> - Updates `crud.tsx` files for `users`, `teams`, and
`team-member-profiles` to use S3 for profile images.
> - **Environment**:
> - Adds S3-related environment variables to `.env.development`.
> - Updates `package.json` to include `@aws-sdk/client-s3`.
> - **Testing**:
> - Modifies test cases in `teams.test.ts` and `users.test.ts` to
validate S3 URL behavior.
> - Updates `auto-migration.tests.ts` for concurrent migration handling.
> - **Documentation**:
> - Updates `self-host.mdx` to include S3 storage requirements.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 901f0b56cd. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for uploading and storing user, team, and team member
profile images using S3-compatible storage.
* Integrated S3Mock for local development and testing of storage
features.
* Added new services to Docker Compose configurations for S3Mock and
related dependencies.
* Introduced image validation and processing for base64-encoded images
before upload.
* **Bug Fixes**
* Profile image upload now returns a storage URL instead of echoing back
the base64 data.
* **Documentation**
* Updated self-hosting documentation to include S3 storage requirements
and usage.
* **Chores**
* Added and updated environment variables for S3 storage configuration.
* Updated backend dependencies to include the AWS S3 SDK.
* Enhanced test cases to validate new image upload and URL behaviors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add admin-only API endpoints and UI support for project configuration
overrides, with comprehensive tests and documentation updates.
>
> - **New Features**:
> - Added admin-only API endpoints for reading and updating project
configuration overrides in `config/crud.tsx` and
`config/override/crud.tsx`.
> - Admin app supports fetching, caching, and updating configuration
overrides with new React hooks in `admin-app-impl.ts`.
> - **Bug Fixes**:
> - Validation and error handling for OAuth providers, duplicate IDs,
and invalid config fields in `oauth-providers/crud.tsx`.
> - **Tests**:
> - Added end-to-end tests for configuration management and validation
errors in `config.test.ts` and `js/config.test.ts`.
> - **Documentation**:
> - Updated API documentation for new config override endpoints in
`config.ts`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 3d20abc092. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added the ability for admins to view and update project configuration
overrides through new internal API endpoints.
* Extended the admin app to support fetching, updating, and caching
configuration overrides, including React hook support for real-time
config usage.
* Introduced new admin interface methods for retrieving and updating
configuration.
* **Bug Fixes**
* Improved validation and error handling for configuration updates,
including checks for duplicate or invalid OAuth provider entries and
non-existent configuration fields.
* **Tests**
* Added comprehensive end-to-end tests covering configuration retrieval,
updates, access control, OAuth provider management, and domain
management.
* **Documentation**
* Enhanced API documentation for configuration management endpoints and
operations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Refactor tenancy configuration structure, affecting authentication,
email, domain, OAuth, and permissions settings, with updates to feature
flag checks, property access, and test assertions.
>
> - **Refactor**:
> - Updated configuration structure for authentication, email, domain,
OAuth, and permissions settings, affecting feature flag checks and
property access in `handlers.tsx`, `route.tsx`, and `crud.tsx`.
> - Improved handling of domain and OAuth provider configurations for
integrations and CRUD operations.
> - Adjusted redirect URL validation and origin checks to use updated
tenancy configuration.
> - Transformed project and tenancy configuration data returned by API
handlers for consistency.
> - Centralized email theme and template retrieval from updated
configuration paths.
> - **Bug Fixes**:
> - Corrected error messages related to OTP sign-in feature
availability.
> - **Tests**:
> - Updated test assertions to match new error messages for OTP sign-in.
> - **Chores**:
> - Reorganized import statements and updated internal logic to align
with new configuration structure.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for ae04ae28be. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated configuration structure for authentication, email, domain,
OAuth, and permissions settings, resulting in changes to feature flag
checks and property access throughout the backend.
* Improved handling of domain and OAuth provider configurations for
integrations and CRUD operations.
* Adjusted redirect URL validation and origin checks to use updated
tenancy configuration.
* Transformed project and tenancy configuration data returned by API
handlers for consistency.
* Centralized email theme and template retrieval from updated
configuration paths.
* Simplified redirect URL validation calls by passing tenancy objects
directly.
* Updated passkey, password, OTP, and OAuth feature flag checks to new
nested configuration properties.
* **Bug Fixes**
* Corrected error messages related to OTP sign-in feature availability.
* **Tests**
* Updated test assertions to match new error messages for OTP sign-in.
* **Chores**
* Reorganized import statements and updated internal logic to align with
new configuration structure.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduces an automated database migration system, replacing manual
Prisma commands with new scripts and updating workflows, configurations,
and tests accordingly.
>
> - **Auto-Migration System**:
> - Introduces `db-migrations.ts` script for handling database
migrations automatically.
> - Adds utility functions in `utils.tsx` for managing migration files.
> - Implements `applyMigrations` and `runMigrationNeeded` in `index.tsx`
for executing migrations.
> - **Workflow and Scripts**:
> - Updates GitHub workflows (`check-prisma-migrations.yaml`,
`e2e-api-tests.yaml`) to use new migration commands.
> - Replaces `prisma migrate` commands with `db:init`, `db:migrate`,
etc., in `package.json` and `README.md`.
> - **Testing**:
> - Adds `auto-migration.tests.ts` for testing migration logic and
concurrency handling.
> - **Configuration**:
> - Updates `.env.development` and `vitest.config.ts` for new
environment variables and paths.
> - Modifies `turbo.json` and `package.json` to include new migration
tasks and scripts.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 2c24183879. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Fixes OAuth provider migration by updating schema, constraints, and
foreign keys in `ProjectUserOAuthAccount`, `OAuthAccessToken`, and
`OAuthToken`.
>
> - **Schema Changes**:
> - `ProjectUserOAuthAccount`: Add `allowConnectedAccounts` and
`allowSignIn` columns with default `true`. Add `id` column, generate
UUIDs for existing rows, set `id` as NOT NULL and primary key.
> - `OAuthAccessToken` and `OAuthToken`: Add `oauthAccountId` column,
update with `ProjectUserOAuthAccount.id`, drop `configOAuthProviderId`
and `providerAccountId` columns, set `oauthAccountId` as NOT NULL.
> - **Constraints and Indexes**:
> - Add unique index on `OAuthAuthMethod` for `tenancyId`,
`projectUserId`, `configOAuthProviderId`.
> - Add foreign keys linking `OAuthAuthMethod`, `OAuthToken`, and
`OAuthAccessToken` to `ProjectUserOAuthAccount`.
> - Drop `ConnectedAccount` table.
> - **Misc**:
> - `ProjectUserOAuthAccount`: Allow `projectUserId` to be NULL.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for a27230eb54. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Add Twitch as a new OAuth provider, updating backend logic and UI
components to support Twitch authentication.
>
> - **Behavior**:
> - Add `TwitchProvider` class in `providers/twitch.tsx` to handle OAuth
with Twitch, including user info post-processing.
> - Update `_providers` in `index.tsx` to include `TwitchProvider`.
> - Add `TWITCH` to `StandardOAuthProviderType` enum in `schema.prisma`.
> - **UI Components**:
> - Add Twitch icon and color in `brand-icons.tsx` and `BRAND_COLORS`.
> - Update `ProviderIcon`, `ProviderSettingDialog`, and `OAuthButton` to
support Twitch in `providers.tsx` and `oauth-button.tsx`.
> - **Misc**:
> - Add `twitch` to `standardProviders` in `oauth.tsx`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 08c0de5762. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Zai Shi <zaishi00@outlook.com>
> [!IMPORTANT]
> Add CRUD operations for OAuth providers, update schemas and error
handling, and include tests for new functionality.
>
> - **Behavior**:
> - Adds CRUD operations for OAuth providers in `client-interface.ts`
and `server-interface.ts`.
> - Introduces `oauthProviderCrud` in `oauth-providers.ts` for managing
OAuth provider data.
> - Updates `schema-fields.ts` to include new schemas for OAuth provider
attributes.
> - Adds error handling for OAuth provider operations in
`known-errors.tsx`.
> - **Schema**:
> - Defines `oauthProviderCrudClientUpdateSchema`,
`oauthProviderCrudServerUpdateSchema`, and
`oauthProviderCrudServerCreateSchema` in `oauth-providers.ts`.
> - Updates `projects.ts` to include `oauthProviderReadSchema` and
`oauthProviderWriteSchema`.
> - **Tests**:
> - Adds tests for OAuth provider CRUD operations in
`oauth-providers.test.ts`.
> - **Misc**:
> - Renames `oauth.ts` to `connected-accounts.ts` in `crud` directory.
> - Updates `projects.test.ts` to include `provider_config_id` in OAuth
provider configurations.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for bca9bcf12b. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add CRUD operations for OAuth providers, update schemas, handle
errors, and include tests.
>
> - **Behavior**:
> - Adds CRUD operations for OAuth providers in `client-interface.ts`
and `server-interface.ts`.
> - Introduces `oauthProviderCrud` in `oauth-providers.ts` for managing
OAuth provider data.
> - Updates `schema-fields.ts` to include new schemas for OAuth provider
attributes.
> - Adds error handling for OAuth provider operations in
`known-errors.tsx`.
> - **Schema**:
> - Defines `oauthProviderCrudClientUpdateSchema`,
`oauthProviderCrudServerUpdateSchema`, and
`oauthProviderCrudServerCreateSchema` in `oauth-providers.ts`.
> - Updates `projects.ts` to include `oauthProviderReadSchema` and
`oauthProviderWriteSchema`.
> - **Tests**:
> - Adds tests for OAuth provider CRUD operations in
`oauth-providers.test.ts`.
> - **Misc**:
> - Renames `oauth.ts` to `connected-accounts.ts` in `crud` directory.
> - Updates `projects.test.ts` to include `provider_config_id` in OAuth
provider configurations.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for aaa55f7d5c. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
…oken validity handling in CRUD operations
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhances OAuth token handling by adding validity checks, marking
invalid tokens, and attempting token refreshes in `crud.tsx`.
>
> - **Behavior**:
> - Adds `isValid` column to `OAuthAccessToken` and `OAuthToken` in
`migration.sql` and `schema.prisma`.
> - In `crud.tsx`, filters tokens by `isValid` status and marks them
invalid if server-side checks fail.
> - Attempts to refresh tokens if no valid access token is found,
logging errors and marking refresh tokens invalid if refresh fails.
> - **Error Handling**:
> - Uses `captureError` to log token refresh errors in `crud.tsx`.
> - **Misc**:
> - Imports `TokenSet` and `captureError` in `crud.tsx`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for a45b64f98e. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
<img width="890" alt="image"
src="https://github.com/user-attachments/assets/1e317987-0a09-4f7c-850a-ac2bddec9390"
/>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add functionality to send sign-in invitation emails, including backend
API, frontend UI, and email template support.
>
> - **Backend**:
> - Add `SIGN_IN_INVITATION` to `EmailTemplateType` in `schema.prisma`
and `migration.sql`.
> - New API route `send-sign-in-invitation/route.tsx` to handle sending
sign-in invitation emails.
> - Implement `sendSignInInvitationEmail()` in `admin-interface.ts`.
> - **Frontend**:
> - Update `page-client.tsx` to include sign-in invitation template
management.
> - Add `SendSignInInvitationDialog` in `page-client.tsx` for sending
invitations.
> - Modify `user-table.tsx` to include sign-in invitation actions.
> - **Email Templates**:
> - Add `sign-in-invitation.tsx` template.
> - Update `utils.tsx` to include metadata for sign-in invitation
emails.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for c69530229f. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> This pull request adds support for custom integrations alongside Neon,
including environment updates, database schema changes, new API
endpoints, and comprehensive tests.
>
> - **Environment**:
> - Renamed `STACK_NEON_INTEGRATION_CLIENTS_CONFIG` to
`STACK_INTEGRATION_CLIENTS_CONFIG` in `.env.development`.
> - Added `custom-local` client configuration to
`STACK_INTEGRATION_CLIENTS_CONFIG`.
> - **Database**:
> - Renamed `NeonProvisionedProject` table to `ProvisionedProject` and
updated related constraints and columns in `migration.sql`.
> - Updated `schema.prisma` to reflect table and column renames.
> - **API Endpoints**:
> - Added CRUD operations for custom domains in `domains/`.
> - Implemented OAuth authorization and token exchange for custom
integrations in `oauth/`.
> - Added project provisioning and transfer endpoints for custom
integrations in `projects/`.
> - **IDP**:
> - Updated `createOidcProvider` to handle both Neon and custom
integrations in `idp.ts`.
> - **Tests**:
> - Added e2e tests for custom domain, OAuth, project provisioning, and
transfer in `e2e/tests/backend/endpoints/api/v1/integrations/custom/`.
> - Updated snapshot serializer to handle custom integration paths in
`snapshot-serializer.ts`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 7da89c38eb. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
- Added new config json schema and helper functions
- Separated the internal project and client project so we can later
change the internal project APIs without breaking backward compatibility
- Added database to config json and config json to project type so we
can test and compare the result in production
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/99619123-6be5-4788-aebe-5fc2a9a36245"
/>
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/660677bf-f19a-4673-94c8-59ac50eb6ae5"
/>
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/11ae63c4-5813-4fd8-aa01-fa580d2103be"
/>
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduces API key management for users and teams, integrating with
existing project configurations and permissions, and adds comprehensive
tests and examples.
>
> - **API Key Management**:
> - Introduces `ProjectApiKey` model in `schema.prisma` for managing API
keys.
> - Adds `createApiKeyHandlers` in `handlers.tsx` to handle API key CRUD
operations.
> - Implements API key creation, revocation, and validation logic.
> - **Permissions and Configurations**:
> - Adds `allowUserApiKeys` and `allowTeamApiKeys` to `ProjectConfig` in
`schema.prisma`.
> - Updates `TeamSystemPermission` enum to include `MANAGE_API_KEYS`.
> - Ensures API key operations respect project configurations and
user/team permissions.
> - **Testing and Examples**:
> - Adds extensive tests in `api-keys.test.ts` to cover various API key
scenarios.
> - Updates example projects to demonstrate API key usage.
> - **Miscellaneous**:
> - Refactors existing code to integrate API key functionalities.
> - Updates documentation and type definitions to reflect new API key
features.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 96f60c57f0. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Enhance permission management by adding unique constraints, handling
duplicate ID errors, and updating frontend and backend logic with
comprehensive tests.
>
> - **Database**:
> - Add unique constraint on `Permission` table for `[tenancyId,
queryableId]` in `migration.sql`.
> - Update `schema.prisma` to reflect new unique constraints.
> - **Backend**:
> - Update `crud.tsx` files to handle `PERMISSION_ID_ALREADY_EXISTS`
error using `isErrorForNonUniquePermission()`.
> - Add `isPrismaUniqueConstraintViolation()` in `prisma-client.tsx` to
identify unique constraint violations.
> - Add `PermissionIdAlreadyExists` error in `known-errors.tsx`.
> - **Frontend**:
> - Update `page-client.tsx` and `permission-table.tsx` to check for
duplicate permission IDs before creation.
> - **Tests**:
> - Add tests in `project-permission-definitions.test.ts` and
`team-permission-definitions.test.ts` to verify duplicate ID handling.
> - Ensure permissions cannot be created with duplicate IDs across
project and team contexts.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for b3ccd15bca. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: Zai Shi <zaishi00@outlook.com>
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Renamed user-related permissions to project-related permissions across
the codebase, affecting enums, schemas, APIs, models, and tests.
>
> - **Behavior**:
> - Renamed `USER` to `PROJECT` in `PermissionScope` enum in
`schema.prisma` and `migration.sql`.
> - Updated `isDefaultUserPermission` to `isDefaultProjectPermission` in
`schema.prisma` and `migration.sql`.
> - Removed `jwks.json/route.ts` file.
> - **API Changes**:
> - Renamed `user-permission-definitions` and `user-permissions`
endpoints to `project-permission-definitions` and `project-permissions`
in `route.tsx` files.
> - Updated CRUD handlers in `crud.tsx` files to reflect new naming.
> - **Models**:
> - Updated models in `permissions.tsx` to use `ProjectPermission` and
`AdminProjectPermission`.
> - Updated `KnownErrors` to use `ProjectPermissionRequired`.
> - **Tests**:
> - Renamed test files and updated test cases in
`e2e/tests/backend/endpoints/api/v1` to reflect new naming.
> - **Misc**:
> - Updated `admin-app-impl.ts`, `client-app-impl.ts`, and
`server-app-impl.ts` to use new project permission naming.
> - Updated `schema-fields.ts` to reflect new permission ID schema.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 08924f5241. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Adds user permissions management, including models, API endpoints, and
tests, alongside existing team permissions.
>
> - **Behavior**:
> - Adds user permissions alongside team permissions, allowing for
user-specific permission management.
> - Introduces `ProjectUserDirectPermission` model in `schema.prisma`
for direct user permissions.
> - Updates `PermissionScope` enum from `GLOBAL` to `USER`.
> - **API**:
> - Adds CRUD endpoints for user permissions in `user-permissions` and
`user-permission-definitions`.
> - Updates existing team permission endpoints to support user
permissions.
> - **Tests**:
> - Adds e2e tests for user permissions in `user-permissions.test.ts`
and `user-permission-definitions.test.ts`.
> - Updates existing tests to include user permissions where applicable.
> - **Misc**:
> - Updates `adminInterface.ts` and `server-app-impl.ts` to handle user
permissions.
> - Modifies `known-errors.tsx` to include `UserPermissionRequired`
error.
> - Adjusts `project-configs` and `projects` to include user default
permissions.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 8b73e668e2. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<img width="1443" alt="image"
src="https://github.com/user-attachments/assets/611ede72-4d46-41dc-adea-9546c04b199a"
/>
Adds new active sessions page to settings
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds an active sessions page to settings, enabling users to view and
manage their sessions, with backend support for session listing and
deletion.
>
> - **Active Sessions Page**:
> - Adds `ActiveSessionsPage` component in `account-settings.tsx` to
display active sessions.
> - Allows revoking individual sessions or all sessions except the
current one.
> - **Backend Changes**:
> - Adds `sessionsCrudHandlers` in `crud.tsx` for session management
(list, delete).
> - Updates `ProjectUserRefreshToken` model in `schema.prisma` to
include `id` and `isImpersonation` fields.
> - Implements session listing and deletion in `serverInterface.ts` and
`client-app-impl.ts`.
> - **Error Handling**:
> - Introduces `CannotDeleteCurrentSession` error in `known-errors.tsx`.
> - **Testing**:
> - Adds tests for session management in
`endpoints/api/v1/auth/sessions` tests.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for ba78df0928. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: TheCactusBlue <thecactusblue@gmail.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
