Session 45: support email, audit fixes (template validation, content-type, admin auth, waitUntil)
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 2m20s
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 2m20s
- Added support@docfast.dev to footer, impressum, terms, landing page, openapi.json - Fixed audit #6: Template render validates required fields (400 on missing) - Fixed audit #7: Content-Type check on markdown/URL routes (415) - Fixed audit #11: /v1/usage and /v1/concurrency now require ADMIN_API_KEY - Fixed audit Critical #3: URL convert uses domcontentloaded instead of networkidle0
This commit is contained in:
OpenClaw
parent
8a86e34f91
commit
59cc8f3d0e
22 changed files with 166 additions and 61 deletions
17
dist/routes/billing.js
vendored
17
dist/routes/billing.js
vendored
|
|
@ -65,7 +65,7 @@ a { color: #4f9; }
|
|||
<div class="card">
|
||||
<h1>🎉 Welcome to Pro!</h1>
|
||||
<p>Your API key:</p>
|
||||
<div class="key" style="position:relative">${escapeHtml(keyInfo.key)}<button onclick="navigator.clipboard.writeText('${escapeHtml(keyInfo.key)}');this.textContent='Copied!';setTimeout(()=>this.textContent='Copy',1500)" style="position:absolute;top:8px;right:8px;background:#4f9;color:#0a0a0a;border:none;border-radius:4px;padding:4px 12px;cursor:pointer;font-size:0.8rem;font-family:system-ui">Copy</button></div>
|
||||
<div class="key" style="position:relative" data-key="${escapeHtml(keyInfo.key)}">${escapeHtml(keyInfo.key)}<button onclick="navigator.clipboard.writeText(this.parentElement.dataset.key);this.textContent='Copied!';setTimeout(()=>this.textContent='Copy',1500)" style="position:absolute;top:8px;right:8px;background:#4f9;color:#0a0a0a;border:none;border-radius:4px;padding:4px 12px;cursor:pointer;font-size:0.8rem;font-family:system-ui">Copy</button></div>
|
||||
<p><strong>Save this key!</strong> It won't be shown again.</p>
|
||||
<p>5,000 PDFs/month • All endpoints • Priority support</p>
|
||||
<p><a href="/docs">View API docs →</a></p>
|
||||
|
|
@ -82,16 +82,9 @@ router.post("/webhook", async (req, res) => {
|
|||
const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
|
||||
let event;
|
||||
if (!webhookSecret) {
|
||||
console.warn("⚠️ STRIPE_WEBHOOK_SECRET is not configured — webhook signature verification skipped. Set this in production!");
|
||||
// Parse the body as a raw event without verification
|
||||
try {
|
||||
event = JSON.parse(typeof req.body === "string" ? req.body : req.body.toString());
|
||||
}
|
||||
catch (err) {
|
||||
logger.error({ err }, "Failed to parse webhook body");
|
||||
res.status(400).json({ error: "Invalid payload" });
|
||||
return;
|
||||
}
|
||||
logger.error("STRIPE_WEBHOOK_SECRET is not configured — refusing to process unverified webhooks");
|
||||
res.status(500).json({ error: "Webhook signature verification is not configured" });
|
||||
return;
|
||||
}
|
||||
else if (!sig) {
|
||||
res.status(400).json({ error: "Missing stripe-signature header" });
|
||||
|
|
@ -134,7 +127,7 @@ router.post("/webhook", async (req, res) => {
|
|||
break;
|
||||
}
|
||||
if (!customerId || !email) {
|
||||
console.warn("checkout.session.completed: missing customerId or email, skipping key provisioning");
|
||||
logger.warn("checkout.session.completed: missing customerId or email, skipping key provisioning");
|
||||
break;
|
||||
}
|
||||
const keyInfo = await createProKey(email, customerId);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue