Commit Graph

16 Commits

Author SHA1 Message Date
Konsti Wohlwend
1618f89c46
Onboarding app & restricted users (#1069)
- restricted users
- onboarding app
- waitlist app
- fixed an exception when setting primary email
- automatically update the JWT token on the client when the user object
changes
2026-01-11 17:22:14 -08:00
Konstantin Wohlwend
bbba9f1a65 Fix JWKS endpoint headers
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Docker Emulator Test / docker (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Test / docker (push) Has been cancelled
Runs E2E API Tests / build (22.x) (push) Has been cancelled
Runs E2E API Tests with external source of truth / build (22.x) (push) Has been cancelled
Lint & build / lint_and_build (latest) (push) Has been cancelled
Dev Environment Test / restart-dev-and-test (push) Has been cancelled
Run setup tests / setup-tests (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
Mirror main branch to main-mirror-for-wdb / lint_and_build (push) Has been cancelled
Sync Main to Dev / sync-commits (push) Has been cancelled
2025-09-12 18:13:57 -07:00
Konstantin Wohlwend
677bba3486 Add cache headers to JWKS URL 2025-09-12 18:13:57 -07:00
Konsti Wohlwend
284d85247a
Improved anonymous users (#857) 2025-08-24 11:36:01 -07:00
Zai Shi
7226c40d0a
Remove legacy tenancy config (#802)
<!--

Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md

-->

<!-- ELLIPSIS_HIDDEN -->


----

> [!IMPORTANT]
> Refactor tenancy configuration structure, affecting authentication,
email, domain, OAuth, and permissions settings, with updates to feature
flag checks, property access, and test assertions.
> 
>   - **Refactor**:
> - Updated configuration structure for authentication, email, domain,
OAuth, and permissions settings, affecting feature flag checks and
property access in `handlers.tsx`, `route.tsx`, and `crud.tsx`.
> - Improved handling of domain and OAuth provider configurations for
integrations and CRUD operations.
> - Adjusted redirect URL validation and origin checks to use updated
tenancy configuration.
> - Transformed project and tenancy configuration data returned by API
handlers for consistency.
> - Centralized email theme and template retrieval from updated
configuration paths.
>   - **Bug Fixes**:
> - Corrected error messages related to OTP sign-in feature
availability.
>   - **Tests**:
> - Updated test assertions to match new error messages for OTP sign-in.
>   - **Chores**:
> - Reorganized import statements and updated internal logic to align
with new configuration structure.
> 
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for ae04ae28be. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>

----


<!-- ELLIPSIS_HIDDEN -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Updated configuration structure for authentication, email, domain,
OAuth, and permissions settings, resulting in changes to feature flag
checks and property access throughout the backend.
* Improved handling of domain and OAuth provider configurations for
integrations and CRUD operations.
* Adjusted redirect URL validation and origin checks to use updated
tenancy configuration.
* Transformed project and tenancy configuration data returned by API
handlers for consistency.
* Centralized email theme and template retrieval from updated
configuration paths.
* Simplified redirect URL validation calls by passing tenancy objects
directly.
* Updated passkey, password, OTP, and OAuth feature flag checks to new
nested configuration properties.

* **Bug Fixes**
* Corrected error messages related to OTP sign-in feature availability.

* **Tests**
  * Updated test assertions to match new error messages for OTP sign-in.

* **Chores**
* Reorganized import statements and updated internal logic to align with
new configuration structure.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2025-07-31 20:06:33 +02:00
Konsti Wohlwend
f3f2adcee7
Remove SmartRequest.auth.project.config (#658)
Co-authored-by: Zai Shi <zaishi00@outlook.com>
Co-authored-by: moritz <moritsch@student.ethz.ch>
2025-04-30 15:31:15 -07:00
Zai Shi
61bc0de8f4
Config DB (#568)
- Added new config json schema and helper functions
- Separated the internal project and client project so we can later
change the internal project APIs without breaking backward compatibility
- Added database to config json and config json to project type so we
can test and compare the result in production

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
2025-04-10 19:38:25 +02:00
Moritz Schneider
592d259dde
Api Keys (#590)
<!--

Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md

-->

<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/99619123-6be5-4788-aebe-5fc2a9a36245"
/>

<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/660677bf-f19a-4673-94c8-59ac50eb6ae5"
/>

<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/11ae63c4-5813-4fd8-aa01-fa580d2103be"
/>


<!-- ELLIPSIS_HIDDEN -->


----

> [!IMPORTANT]
> Introduces API key management for users and teams, integrating with
existing project configurations and permissions, and adds comprehensive
tests and examples.
> 
>   - **API Key Management**:
> - Introduces `ProjectApiKey` model in `schema.prisma` for managing API
keys.
> - Adds `createApiKeyHandlers` in `handlers.tsx` to handle API key CRUD
operations.
>     - Implements API key creation, revocation, and validation logic.
>   - **Permissions and Configurations**:
> - Adds `allowUserApiKeys` and `allowTeamApiKeys` to `ProjectConfig` in
`schema.prisma`.
> - Updates `TeamSystemPermission` enum to include `MANAGE_API_KEYS`.
> - Ensures API key operations respect project configurations and
user/team permissions.
>   - **Testing and Examples**:
> - Adds extensive tests in `api-keys.test.ts` to cover various API key
scenarios.
>     - Updates example projects to demonstrate API key usage.
>   - **Miscellaneous**:
>     - Refactors existing code to integrate API key functionalities.
> - Updates documentation and type definitions to reflect new API key
features.
> 
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 96f60c57f0. It will automatically
update as commits are pushed.</sup>


<!-- ELLIPSIS_HIDDEN -->

---------

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
2025-04-04 13:03:10 -07:00
CactusBlue
793272c8c5
Rename USER to PROJECT in permissions (#576)
<!-- ELLIPSIS_HIDDEN -->


> [!IMPORTANT]
> Renamed user-related permissions to project-related permissions across
the codebase, affecting enums, schemas, APIs, models, and tests.
> 
>   - **Behavior**:
> - Renamed `USER` to `PROJECT` in `PermissionScope` enum in
`schema.prisma` and `migration.sql`.
> - Updated `isDefaultUserPermission` to `isDefaultProjectPermission` in
`schema.prisma` and `migration.sql`.
>     - Removed `jwks.json/route.ts` file.
>   - **API Changes**:
> - Renamed `user-permission-definitions` and `user-permissions`
endpoints to `project-permission-definitions` and `project-permissions`
in `route.tsx` files.
>     - Updated CRUD handlers in `crud.tsx` files to reflect new naming.
>   - **Models**:
> - Updated models in `permissions.tsx` to use `ProjectPermission` and
`AdminProjectPermission`.
>     - Updated `KnownErrors` to use `ProjectPermissionRequired`.
>   - **Tests**:
> - Renamed test files and updated test cases in
`e2e/tests/backend/endpoints/api/v1` to reflect new naming.
>   - **Misc**:
> - Updated `admin-app-impl.ts`, `client-app-impl.ts`, and
`server-app-impl.ts` to use new project permission naming.
>     - Updated `schema-fields.ts` to reflect new permission ID schema.
> 
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 08924f5241. It will automatically
update as commits are pushed.</sup>


<!-- ELLIPSIS_HIDDEN -->

---------

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
2025-03-27 09:39:48 -07:00
CactusBlue
1ffd1e3e5b
User permissions (#573)
<!-- ELLIPSIS_HIDDEN -->


> [!IMPORTANT]
> Adds user permissions management, including models, API endpoints, and
tests, alongside existing team permissions.
> 
>   - **Behavior**:
> - Adds user permissions alongside team permissions, allowing for
user-specific permission management.
> - Introduces `ProjectUserDirectPermission` model in `schema.prisma`
for direct user permissions.
>     - Updates `PermissionScope` enum from `GLOBAL` to `USER`.
>   - **API**:
> - Adds CRUD endpoints for user permissions in `user-permissions` and
`user-permission-definitions`.
> - Updates existing team permission endpoints to support user
permissions.
>   - **Tests**:
> - Adds e2e tests for user permissions in `user-permissions.test.ts`
and `user-permission-definitions.test.ts`.
> - Updates existing tests to include user permissions where applicable.
>   - **Misc**:
> - Updates `adminInterface.ts` and `server-app-impl.ts` to handle user
permissions.
> - Modifies `known-errors.tsx` to include `UserPermissionRequired`
error.
> - Adjusts `project-configs` and `projects` to include user default
permissions.
> 
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 8b73e668e2. It will automatically
update as commits are pushed.</sup>


<!-- ELLIPSIS_HIDDEN -->
2025-03-25 02:20:53 +01:00
CactusBlue
ef6248dd87
Option for merging/blocking account creations with same email but different oauth provider (#502)
* Add SettingSelect component and sign-up mode configuration

* update schema

* update schema

* add merge oauth schema fields

* update test snapshots

* reformat the file

* add mergeOauthMethods in the UI

* Improve documentation with minor enhancements and fixes (#466)

* Improve PATCH /users/me performance

* Neon domain (#488)

* React setup docs (#491)

* chore: update package versions

* Update branding from Stack to Stack Auth in documentation (#504)

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: zai@stack-auth.com <zai@stack-auth.com>

* Improve inner OAuth cookie error description

* Fix tests

* Add several spans

* Fix Next.js navigation

* chore: update package versions

* add handler config

* Fix conditional hooks in account settings page

* Add `pnpm run claude-code`

* Fixed docs image ratio (#507)

* Documentation Updates (#508)

* add links

* moar

* fix broken links

* fixed images

* updated readme

* Add Python SDK tab to docs

* Fix broken links

* Prefix `pnpm pre` before `pnpm dev`

* Automatically update pull request branches (#509)

* Give PR updater more permissions

* Ignore PR merge conflicts in GH Actions

* [DEVIN: Konsti] Add userCount property to Project table with automatic update trigger (#506)

Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>

* chore: update package versions

* rewrite as toMatchobject

* fix test

* test again

* fix

* update claude

* fix migrations

* fix migration

* fix types

* Update CLAUDE.md

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>

* more instructions

* fix

* what was i on

* wew

* factor things

* correct the flow

* Update apps/backend/src/app/api/latest/auth/oauth/callback/[provider_id]/route.tsx

Very good catch

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>

* rename everything

* fix more

* fix typeerror

* update all the tests

* modify migration for legacy projects

* add loading state

* enable email verification for tests

* update test

* get a failing test

* the test works now

* remove debug console log

* change error

* no lowercase

* use typedToUpper/Lowercase

* capture err

* fix types

* modify error throw

* fixed

* add working tests

* documentation update

* Update apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/merge-strategy.test.ts

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>

* remove eslint rule

* fix json args

* documentation update

---------

Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
Co-authored-by: Zai Shi <zaishi00@outlook.com>
Co-authored-by: zai@stack-auth.com <zai@stack-auth.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
2025-03-10 21:25:12 +00:00
CactusBlue
6353baa486
Disallow template updates without custom SMTP server (#447)
* add some rudimentary checks

* add some checks on email providers as well

* add warning

* Update apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/emails/page-client.tsx

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>

* added writeFileSyncIfChanged to all the codegen

* JS lib docs (#444)

* fix creator id (#449)

* Added magic link, OTP, and OAuth examples to JS docs (#448)

* fixed syntax error

* Update page-client.tsx (#451)

Co-authored-by: CactusBlue <thecactusblue@gmail.com>

* Add custom pages/contact channel docs (#438)

* add some description about contact channels

* add some examples of password reset

* update the doc

* rename things

* split examples

* remove custom for now

* fix error message

---------

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: Zai Shi <zaishi00@outlook.com>

* add warning

* move the check

* add warning popup

* a

* fix more

* remove dead function

* start adding some tests

* add a test case

* moar tests

* fix tests

---------

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
Co-authored-by: Zai Shi <zaishi00@outlook.com>
Co-authored-by: Zayd Krunz <70227235+ShrootBuck@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
2025-02-27 19:05:27 -08:00
devin-ai-integration[bot]
46f388342e
Make Project description field non-nullable (#483)
Co-Authored-By: Konstantin Wohlwend <n2d4xc@gmail.com>
2025-02-27 11:32:29 -08:00
CactusBlue
180b455d4f
Remove global legacy JWT (#450)
* remove all legacy jwt references

* fix creator id (#449)

* update snapshots

* Added magic link, OTP, and OAuth examples to JS docs (#448)

* fixed syntax error

* re-add legacy jwt on prisma schema

---------

Co-authored-by: Zai Shi <zaishi00@outlook.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
2025-02-21 10:10:56 -08:00
Konsti Wohlwend
f2f1b9df82
Tenancies (#418)
Co-authored-by: Zai Shi <zaishi00@outlook.com>
2025-02-07 22:54:04 -08:00
Konstantin Wohlwend
14fb28fadf Move /api/v1 to /api/latest 2025-02-05 17:24:43 -08:00