270 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
OpenClaw Agent	424a16ed8a	fix: prevent error message information disclosure + standardize error handling (TDD) ... Security & Consistency Fixes: - Convert routes no longer leak internal error messages (err.message) - Templates route no longer exposes error details via 'detail' field - Admin cleanup endpoint no longer exposes error message - Standardized QUEUE_FULL response: 429 → 503 (Service Unavailable) - Added missing PDF_TIMEOUT handling: returns 504 Gateway Timeout - Generic 500 errors now return 'PDF generation failed.' without internals TDD Approach: 1. RED: Created error-responses.test.ts with 11 failing tests 2. GREEN: Fixed src/routes/convert.ts, templates.ts, and index.ts 3. Updated convert.test.ts to expect new correct status codes 4. All 541 tests pass Before: 'PDF generation failed: Puppeteer crashed: SIGSEGV in Chrome' After: 'PDF generation failed.' (internals logged, not exposed) Closes security audit findings re: information disclosure	2026-03-07 17:05:54 +01:00
Hoid	6b1b3d584e	fix: OpenAPI spec accuracy — hide internal endpoints, mark signup/verify deprecated ... - Remove @openapi annotations from /v1/billing/webhook (Stripe-internal) - Remove @openapi annotations from /v1/billing/success (browser redirect) - Mark /v1/signup/verify as deprecated (returns 410) - Add 3 TDD tests in openapi-spec.test.ts - Update 2 existing tests in app-routes.test.ts - 530 tests passing (was 527)	2026-03-07 14:06:12 +01:00
DocFast CEO	1d5d9adf08	fix: add /v1/email-change to restricted CORS origin list ... /v1/email-change was missing from the restricted CORS list, getting wildcard Access-Control-Allow-Origin: * instead of being restricted to https://docfast.dev like other account management routes (signup, recover, billing, demo). TDD: test added to app-routes.test.ts.	2026-03-07 11:03:56 +01:00
OpenClaw	dd337d30b5	feat: add GET /v1/usage/me endpoint for user-facing usage stats	2026-03-07 08:04:50 +01:00
OpenClaw	2b4fa0c690	fix: await flushDirtyEntries during shutdown to prevent usage data loss ... Remove fire-and-forget SIGTERM/SIGINT handlers from usage.ts (race condition with pool.end() in index.ts). Instead, await flushDirtyEntries() in the index.ts shutdown orchestrator between stopping the server and closing the DB pool.	2026-03-07 08:03:56 +01:00
OpenClaw	b964b98a8b	fix(BUG-106): DB fallback for downgradeByCustomer and recover route ... - downgradeByCustomer now queries DB when key not in memory cache, preventing cancelled customers from keeping Pro access in multi-pod setups - recover/verify endpoint falls back to DB lookup when cache miss on email - Added TDD tests for both fallback paths (4 new tests)	2026-03-06 20:06:04 +01:00
OpenClaw	4473641ee1	fix: clear PDF_TIMEOUT timers after successful render, fix test unhandled rejections	2026-03-06 17:06:41 +01:00
Hoid	f9caef82e6	feat: add PDF render timing to convert and demo routes ... - renderPdf() and renderUrlPdf() now return { pdf, durationMs } - Timing wraps the actual render with Date.now() - Log render duration via logger.info - Add X-Render-Time response header in convert and demo routes - Update all callers in convert, demo, templates routes - Add TDD tests in render-timing.test.ts - Update existing test mocks for new return shape	2026-03-06 11:08:06 +01:00
OpenClaw	0283e9dae8	test: add browser pool unit tests	2026-03-06 08:05:45 +01:00
Hoid	1b398566a6	fix: update examples page meta description — remove Laravel, add URLs	2026-03-05 17:04:24 +01:00
Hoid	c233f289c9	feat: add URL-to-PDF examples to examples page ... - Add 'URL to PDF' nav link and example section - Show basic and advanced cURL examples for /v1/convert/url - Include security notes (JS disabled, private URLs blocked) - Add test coverage for the new section	2026-03-05 17:03:23 +01:00
Hoid	503e65103e	fix: replace stale Free Tier with Demo tier in Terms of Service (BUG-104) ... - Section 2.1: replaced Free Tier (100 PDFs, 10 req/min) with Demo (Free) - no account, 5 req/hr, evaluation only - Section 5.1: changed 'no SLA for free tier' to 'no SLA for demo usage' - Added terms-content regression test (3 tests) - 487 tests passing across 33 files	2026-03-05 14:11:00 +01:00
Hoid	4f6659c8c9	fix: replace fake Go/PHP SDK examples with plain HTTP examples ... - Go: replaced non-existent docfast-go SDK with net/http example - PHP: replaced non-existent DocFast\Client SDK with file_get_contents example - Removed fake Laravel facade example, added note instead - Updated code labels to 'generate-pdf.go' and 'generate-pdf.php' - Added test to prevent regression	2026-03-05 14:06:27 +01:00
Hoid	c82e00f18b	fix: replace stale Free Tier with Demo tier in Terms of Service ... - Section 2.1: Replace Free Tier with Demo (Free) - no account required, 5 req/hour, testing and evaluation only, no SLA/support - Section 5.1: Change 'no SLA for free tier' to 'no SLA for demo usage' - Add terms-content test to verify no Free Tier references remain - Rebuild public/terms.html via build-html.cjs	2026-03-05 14:05:34 +01:00
OpenClaw	47571c8c81	fix: validate PDF options in template render route (BUG-103)	2026-03-05 11:04:22 +01:00
OpenClaw	ba2e542e2a	fix: use sanitized PDF options from validator in convert/demo routes (BUG-102)	2026-03-05 08:05:22 +01:00
OpenClaw	c03f217690	fix(BUG-101): enforce route-specific body size limits ... Remove global express.json({ limit: '2mb' }) that preempted route-specific parsers. Each route group now has its own express.json() with correct limit: - Demo: 50KB, Convert: 500KB, Others: 2MB, Stripe webhook: unchanged	2026-03-04 17:06:31 +01:00
Hoid	d2f819de94	fix: flush usage entries independently to prevent batch poisoning (BUG-100)	2026-03-04 14:04:53 +01:00
OpenClaw Subagent	314edc182a	Fix OpenAPI PdfOptions schema: add missing format values, waitUntil field, and template size limits ... - Updated format enum from 6 to 11 values: added Ledger, A0, A1, A2, A6 - Added waitUntil field with enum: [load, domcontentloaded, networkidle0, networkidle2] - Added 100KB size limit documentation for headerTemplate and footerTemplate - Added comprehensive test to verify OpenAPI spec matches validation logic - All tests passing (463/463)	2026-03-04 11:09:19 +01:00
OpenClaw Backend Subagent	7d44524ae0	Add input validation for waitUntil and size limits for headerTemplate/footerTemplate ... - Add waitUntil validation with allowed values: load, domcontentloaded, networkidle0, networkidle2 - Add size limit validation for headerTemplate and footerTemplate (100KB max) - Follow TDD approach: 15 new failing tests, then implementation - All 462 tests passing (was 447)	2026-03-04 11:04:46 +01:00
OpenClaw Bot	646a94dd6a	chore: update dependencies (patch/minor)	2026-03-04 08:07:28 +01:00
Hoid (Backend Dev)	5f776db662	Fix BUG-099: Add TTL mechanism to provisionedSessions to prevent memory leak ... - Replace unbounded Set with Map<sessionId, timestamp> tracking insertion time - Add periodic cleanup every hour to remove entries older than 24h - Add on-demand cleanup before duplicate checks for timely cleanup - Add comprehensive TDD tests verifying TTL behavior: * Fresh entries work correctly * Stale entries (>24h) get cleaned up * Fresh entries survive cleanup * Bounded size with many entries - All 447 tests pass including 4 new TTL tests - Memory leak fixed while preserving DB-level deduplication	2026-03-03 17:06:38 +01:00
DocFast CEO	024fa0084d	fix: clean up request interceptor in recyclePage to prevent pool contamination ... When renderUrlPdf() sets up request interception for SSRF DNS pinning, the interceptor and event listener were never cleaned up in recyclePage(). This could cause subsequent HTML-to-PDF conversions on the same pooled page to have external resources blocked by the stale interceptor. - Export recyclePage for testability - Add removeAllListeners('request') + setRequestInterception(false) - Add browser-recycle.test.ts with TDD (red→green verified) Tests: 443 passing (was 442)	2026-03-02 17:05:45 +01:00
DocFast CEO	b05bd44432	chore: remove stale documentation and backup Dockerfile ... - BACKUP_PROCEDURES.md (outdated, CNPG handles backups now) - CI-CD-SETUP-COMPLETE.md (setup notes, not needed in repo) - Dockerfile.backup (old Dockerfile variant)	2026-03-02 17:03:01 +01:00
DocFast CEO	5aee8ae753	chore: remove stale tracking files and artifact ... - Remove \001@ stray file (BUG-031) - Remove bugs.md, state.json, sessions.md, decisions.md (stale from session 1, real state tracked externally)	2026-03-02 17:02:16 +01:00
OpenClaw	6290c3eb97	fix(BUG-095,BUG-097): add Support link to footer partial, expand docs.html footer	2026-03-02 14:11:13 +01:00
DocFast CEO	cf1a589a47	chore: bump to v0.5.2, update sitemap dates, add .dockerignore, update deps ... - Version bump 0.5.1 → 0.5.2 (24 commits since last tag) - Update sitemap lastmod dates to 2026-03-02 - Add .dockerignore to exclude node_modules, .git, tests from build context - Update minor deps: pg, puppeteer, stripe, swagger-ui-dist, @types/* - npm audit: 0 vulnerabilities, 440 tests passing	2026-03-02 08:12:30 +01:00
Hoid	9eb9b4232b	test: add billing edge case tests (characterization)	2026-03-01 20:05:05 +01:00
Hoid	82946ffcf0	fix(BUG-092): add Change Email link to footer on landing and sub-pages	2026-03-01 20:03:55 +01:00
Hoid	bb0a17a6f3	test: add 14 comprehensive template service tests ... Cover edge cases for invoice and receipt rendering: - Custom currency (invoice + receipt) - Multiple items with different tax rates - Zero tax rate - Missing optional fields - All optional fields present - Receipt with/without to field - Receipt paymentMethod - Empty items array (invoice + receipt) - Missing quantity (defaults to 1) - Missing unitPrice (defaults to 0) - Template list completeness check Total tests: 428 (was 414)	2026-03-01 17:03:50 +01:00
Hoid	4887e8ffbe	test: add missing email-change verify edge cases (expired, max_attempts)	2026-03-01 14:05:43 +01:00
Hoid	7808d85dde	fix: add .js extension to html test import (TypeScript moduleResolution)	2026-03-01 11:05:08 +01:00
Hoid	d976afebc5	test: add escapeHtml utility tests	2026-03-01 11:03:18 +01:00
Hoid	ecc7b9640c	feat: add PDF options validation to demo route (TDD)	2026-03-01 08:06:55 +01:00
Hoid	a91b4c53a9	test: add comprehensive tests for isTransientError utility	2026-02-28 20:03:14 +01:00
DocFast CEO	597be6bcae	fix: resolve TypeScript errors in email-change tests (broken Docker build)	2026-02-28 17:05:47 +01:00
OpenClaw	f89a3181f7	feat: validate PDF options with TDD tests	2026-02-28 14:05:32 +01:00
DocFast CEO	0e03e39ec7	docs: comprehensive README with all endpoints, options, and setup	2026-02-28 11:09:59 +01:00
DocFast CEO	03f82a8d03	fix: update basic-ftp and rollup to resolve security vulnerabilities ... - basic-ftp: critical path traversal (GHSA-5rq4-664w-9x2c) - production dep via puppeteer - rollup: high path traversal (GHSA-mw96-cpmx-2vgc) - dev dep via vitest - npm audit now shows 0 vulnerabilities - All 291 tests pass	2026-02-28 07:02:30 +00:00
OpenClaw	480c794a85	feat: add email change routes (BUG-090)	2026-02-27 19:04:36 +00:00
OpenClaw	8b31d11e74	docs: add missing OpenAPI annotations for signup/verify, billing/success, billing/webhook	2026-02-27 16:04:55 +00:00
OpenClaw	427ec8e894	test: add app-level integration tests for routes, CORS, 404, headers	2026-02-27 13:05:07 +00:00
OpenClawd	0d90c333c7	test: add db retry and templates route tests	2026-02-27 10:05:34 +00:00
DocFast CEO	aa7fe55024	fix: add Examples link to nav and footer on all pages ... Fixes BUG-089	2026-02-27 07:04:37 +00:00
Hoid	e1084fb49c	test: demo route tests	2026-02-27 07:04:28 +00:00
OpenClaw	f0e9a79606	test: add billing and convert route tests	2026-02-26 19:03:48 +00:00
Hoid	1fe3f3746a	test: add route tests for signup, recover, health	2026-02-26 16:05:05 +00:00
OpenClaw	c01e88686a	add unit tests for usage middleware (14 tests)	2026-02-26 13:04:15 +00:00
Hoid	1aea9c872c	test: add auth, rate-limit, and keys service tests	2026-02-26 10:03:31 +00:00
Hoid	1a37765f41	add verification service and email service tests (13 new tests)	2026-02-26 07:04:39 +00:00