10 commits

Author	SHA1	Message	Date
OpenClaw Deployer	a45d7704ab	fix: relax CSP for /docs page — allow unsafe-eval for Swagger UI 5.x (ajv) ... Swagger UI 5.x uses new Function() via ajv for JSON schema validation. Helmet default CSP (script-src self) blocks this in Firefox, causing TypeError: NetworkError when attempting to fetch resource on Try It. Override CSP on /docs route to allow unsafe-eval.	2026-02-18 13:33:26 +00:00
OpenClaw Deployer	0902e1e437	feat: add SMTP auth support for K3s migration ... - Support SMTP_USER/SMTP_PASS env vars for authenticated SMTP - Support SMTP_FROM env var for configurable sender address - Auto-detect secure mode for port 465 - Backwards compatible: falls back to unauthenticated local relay	2026-02-18 12:47:33 +00:00
DocFast Bot	1702abdeb8	fix: add /change-email route in index.ts + fix SQL query escaping in keys.ts ... - Register GET /change-email route in src/index.ts (serves change-email.html) - Fix updateKeyEmail() SQL query string (dollar signs were stripped by heredoc) - Fix updateEmailByCustomer() SQL query string - Rebuild TypeScript dist/	2026-02-17 11:34:21 +00:00
DocFast Agent	a0d4ba964c	fix: audit #18 rate limit cleanup (.unref), audit #25 consistent error shapes ... Audit #18 - Rate limit store memory growth: - rateLimitStore already had cleanup via cleanupExpiredEntries() per-request + 60s interval - Added .unref() to the setInterval timer for clean graceful shutdown behaviour Audit #25 - Consistent error response shapes: - billing.ts: Fixed 409 plain-text response -> JSON { error: "..." } - index.ts: Simplified 404 from 4-field object to { error: "Not Found: METHOD path" } - signup.ts: Removed extra retryAfter field from rate-limit message object - pdfRateLimit.ts: Merged limit/tier/retryAfter into single error message string - usage.ts: Merged limit/used/upgrade fields into single error message string - convert.ts: Merged detail field into error message (3 occurrences) All error responses now consistently use {"error": "message"} shape.	2026-02-17 08:10:14 +00:00
OpenClaw	09c6feb06e	Fix audit #14 (body size limits), #17 (duplicate session_id), #22 (unused import)	2026-02-16 19:51:24 +00:00
OpenClaw	6cc30db5c6	Add styled /status page, update footer/terms links from /health to /status	2026-02-16 19:48:25 +00:00
OpenClaw	59cc8f3d0e	Session 45: support email, audit fixes (template validation, content-type, admin auth, waitUntil) ... - Added support@docfast.dev to footer, impressum, terms, landing page, openapi.json - Fixed audit #6: Template render validates required fields (400 on missing) - Fixed audit #7: Content-Type check on markdown/URL routes (415) - Fixed audit #11: /v1/usage and /v1/concurrency now require ADMIN_API_KEY - Fixed audit Critical #3: URL convert uses domcontentloaded instead of networkidle0	2026-02-16 19:30:21 +00:00
OpenClaw	b98e8bc253	fix: BUG-046 usage endpoint data leak, BUG-047 copy button, BUG-048 email change links ... BUG-046 (CRITICAL): getUsageStats() now accepts apiKey param and returns only that key usage instead of all users. Route passes req.apiKeyInfo.key. BUG-047: Added visible Copy button to Pro key success page in billing.ts. BUG-048: Added class="open-email-change" to Change Email links in all HTML pages so the JS modal opener can find them.	2026-02-16 18:06:52 +00:00
DocFast Bot	5b7e343139	build: compile dist for sitemap, favicon, and graceful shutdown changes	2026-02-16 16:10:15 +00:00
openclawd	1ef8f5743c	feat: Add built dist files with EU compliance routes ... - Include compiled TypeScript with new /impressum, /privacy, /terms routes - Temporary commit of dist files for Docker deployment	2026-02-16 13:09:25 +00:00