- Replace Resend email service with nodemailer via local postfix relay
- Remove code field from POST /v1/signup/free response
- Send 6-digit verification code via email only (noreply@docfast.dev)
- Add extra_hosts for Docker-to-host SMTP relay
- Fire-and-forget email sending to avoid blocking API response
- POST /v1/signup/free now returns verification code (temp in response)
- New POST /v1/signup/verify endpoint to verify code and get API key
- Codes expire after 15 minutes, max 3 attempts
- Frontend updated with 2-step signup modal (email → code → key)
- Legacy token verification kept for existing links
- Signup now requires email verification before API key is revealed
- Verification token sent via email (Resend) with console fallback
- GET /verify?token=xxx shows API key in styled HTML page
- Handles expired (24h), invalid, and already-verified tokens
- Frontend modal shows 'check your email' instead of key
- Keeps existing rate limiting
- Add !important declarations to override any conflicting styles
- Force overflow-x: hidden on html and body globally
- Apply universal max-width: 100% on mobile
- Specifically target code blocks with word-break and overflow fixes
- Reduce container padding to prevent width issues
This should definitively resolve horizontal scrolling on 375px viewports.
- Add overflow-x: hidden on body and container for mobile viewports
- Improve code block responsive behavior with pre-wrap and word-break
- Constrain code-section width to prevent viewport overflow
- Fix trust-grid horizontal overflow on small screens
This fixes the QA-reported issue where pages scroll horizontally
to 488px on 375px mobile viewports.
BUG-007: Unwrap req.body.data for template endpoint (docs show wrapped format)
BUG-008: Default PDF margins set to 0 (user can override via request body)
BUG-006: Copy button shows Copied! for 2s then reverts
- Added CORS middleware allowing docfast.dev origin
- Added app.set('trust proxy', 1) to fix ERR_ERL_UNEXPECTED_X_FORWARDED_FOR
- The rate limiter was crashing on every proxied request through nginx
- Added /v1/signup/free endpoint for instant API key provisioning
- Built unified key store (services/keys.ts) with file-based persistence
- Refactored auth middleware to use key store (no more hardcoded env keys)
- Refactored usage middleware to check key tier from store
- Updated billing to use key store for Pro key provisioning
- Landing page: replaced mailto: link with signup modal
- Landing page: Pro checkout button now properly calls /v1/billing/checkout
- Added Docker volume for persistent key storage
- Success page now renders HTML instead of raw JSON
- Tested: signup → key → PDF generation works end-to-end
