mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-24 21:04:03 +08:00
7a35751f8e
<!-- CURSOR_SUMMARY --> > [!NOTE] > **High Risk** > Touches core sign-up/auth flows and user restriction semantics (including new DB constraints) and introduces dynamic rule evaluation/logging; misconfiguration or CEL/parser bugs could block sign-ups or incorrectly restrict users. > > **Overview** > Introduces **CEL-based sign-up rules** (config-driven) that are evaluated during password/OTP/OAuth sign-ups and anonymous upgrades; matching rules can reject sign-ups or mark users as admin-restricted, and triggers are logged for analytics. > > Extends `ProjectUser` with `restrictedByAdmin` plus public/private restriction details, updates restriction computation/filtering, and exposes these fields via user CRUD (including validation + DB constraint enforcing consistency when unrestricted). > > Adds a new dashboard **Sign-up Rules** page with a visual condition builder (CEL <-> visual tree), drag-reorder by priority, per-rule 48h sparkline analytics via a new hidden internal endpoint, and adds user-page UI to view/edit manual restrictions. Also refactors ClickHouse client initialization to require env vars (removing `isClickhouseConfigured` checks) and adjusts CI container startup wait time. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2141e689e8c1b72303b805e9234f996010d0880. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Sign-up Rules: visual rule builder, in-project CRUD with drag-reorder, per-rule analytics, backend evaluation, and admin UI. * Admin user restrictions: dashboard controls, banners/status, public/private admin details surfaced in user views. * **APIs & Schema** * Config and user schemas extended; new SignUpRejected error and sign-up rule types added. * **Tests** * Extensive unit and E2E coverage for rules, parser, evaluator, analytics, and restricted-user flows. * **Docs** * Editorial guidance added to AGENTS.md. * **Chores** * DB statement timeout, updated clean script, minor dependency additions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| __snapshots__ | ||
| auth | ||
| contact-channels | ||
| emails | ||
| integrations | ||
| internal | ||
| payments | ||
| analytics-events.test.ts | ||
| analytics-query.test.ts | ||
| api-keys.test.ts | ||
| auth-flows.test.ts | ||
| check-feature-support.test.ts | ||
| connected-accounts.test.ts | ||
| data-vault.test.ts | ||
| email-themes.test.ts | ||
| index.test.ts | ||
| internal-metrics.test.ts | ||
| notification-preferences.test.ts | ||
| oauth-providers.test.ts | ||
| project-permission-definitions.test.ts | ||
| project-permissions.test.ts | ||
| projects.test.ts | ||
| render-email.test.ts | ||
| restricted-users.test.ts | ||
| send-email.test.ts | ||
| stripe-webhooks.test.ts | ||
| team-invitations.test.ts | ||
| team-member-profiles.test.ts | ||
| team-memberships.test.ts | ||
| team-permission-definitions.test.ts | ||
| team-permissions.test.ts | ||
| teams.test.ts | ||
| token-refresh-events.test.ts | ||
| unsubscribe-link.test.ts | ||
| users-primary-email.test.ts | ||
| users.test.ts | ||