17 commits

Author	SHA1	Message	Date
Hoid	6b1b3d584e	fix: OpenAPI spec accuracy — hide internal endpoints, mark signup/verify deprecated ... - Remove @openapi annotations from /v1/billing/webhook (Stripe-internal) - Remove @openapi annotations from /v1/billing/success (browser redirect) - Mark /v1/signup/verify as deprecated (returns 410) - Add 3 TDD tests in openapi-spec.test.ts - Update 2 existing tests in app-routes.test.ts - 530 tests passing (was 527)	2026-03-07 14:06:12 +01:00
OpenClaw	8b31d11e74	docs: add missing OpenAPI annotations for signup/verify, billing/success, billing/webhook	2026-02-27 16:04:55 +00:00
DocFast Bot	45b5be248c	docs: remove free tier, update rate limits and auth for demo+pro model ... - Remove free tier from rate limits, add Demo (5/hour, watermarked) - Update auth section: remove free-tier key mention, link to docfast.dev - Update getting started: demo → upgrade to Pro → use API key - Add deprecated: true to /v1/signup/free swagger annotation - Regenerate openapi.json	2026-02-20 19:10:25 +00:00
DocFast Bot	087e429344	Add /examples route to server	2026-02-20 10:05:56 +00:00
OpenClaw	825c6562ba	feat: wire up swagger-jsdoc dynamic spec, delete static openapi.json ... - Create src/swagger.ts config module for swagger-jsdoc - Add GET /openapi.json dynamic route (generated from @openapi annotations) - Delete static public/openapi.json (was drifting from code) - Add @openapi annotation for deprecated /v1/signup/free in index.ts - Import swaggerSpec into index.ts - All 12 endpoints now code-driven: demo/html, demo/markdown, convert/html, convert/markdown, convert/url, templates, templates/{id}/render, recover, recover/verify, billing/checkout, signup/free, health	2026-02-20 07:56:56 +00:00
OpenClaw Deployer	170ed444de	Fix version number to 0.2.9 and add Brotli compression support (BUG-054)	2026-02-18 18:05:17 +00:00
OpenClaw Deployer	97744897f0	fix: move /docs route before express.static to fix CSP headers ... express.static was serving docs.html before the /docs route handler, causing Helmet default CSP to be used instead of the custom Swagger UI CSP. This blocked unsafe-eval and blob: workers needed by Swagger UI.	2026-02-18 13:51:35 +00:00
OpenClaw Deployer	a45d7704ab	fix: relax CSP for /docs page — allow unsafe-eval for Swagger UI 5.x (ajv) ... Swagger UI 5.x uses new Function() via ajv for JSON schema validation. Helmet default CSP (script-src self) blocks this in Firefox, causing TypeError: NetworkError when attempting to fetch resource on Try It. Override CSP on /docs route to allow unsafe-eval.	2026-02-18 13:33:26 +00:00
OpenClaw Deployer	0902e1e437	feat: add SMTP auth support for K3s migration ... - Support SMTP_USER/SMTP_PASS env vars for authenticated SMTP - Support SMTP_FROM env var for configurable sender address - Auto-detect secure mode for port 465 - Backwards compatible: falls back to unauthenticated local relay	2026-02-18 12:47:33 +00:00
DocFast Bot	1702abdeb8	fix: add /change-email route in index.ts + fix SQL query escaping in keys.ts ... - Register GET /change-email route in src/index.ts (serves change-email.html) - Fix updateKeyEmail() SQL query string (dollar signs were stripped by heredoc) - Fix updateEmailByCustomer() SQL query string - Rebuild TypeScript dist/	2026-02-17 11:34:21 +00:00
DocFast Agent	a0d4ba964c	fix: audit #18 rate limit cleanup (.unref), audit #25 consistent error shapes ... Audit #18 - Rate limit store memory growth: - rateLimitStore already had cleanup via cleanupExpiredEntries() per-request + 60s interval - Added .unref() to the setInterval timer for clean graceful shutdown behaviour Audit #25 - Consistent error response shapes: - billing.ts: Fixed 409 plain-text response -> JSON { error: "..." } - index.ts: Simplified 404 from 4-field object to { error: "Not Found: METHOD path" } - signup.ts: Removed extra retryAfter field from rate-limit message object - pdfRateLimit.ts: Merged limit/tier/retryAfter into single error message string - usage.ts: Merged limit/used/upgrade fields into single error message string - convert.ts: Merged detail field into error message (3 occurrences) All error responses now consistently use {"error": "message"} shape.	2026-02-17 08:10:14 +00:00
OpenClaw	09c6feb06e	Fix audit #14 (body size limits), #17 (duplicate session_id), #22 (unused import)	2026-02-16 19:51:24 +00:00
OpenClaw	6cc30db5c6	Add styled /status page, update footer/terms links from /health to /status	2026-02-16 19:48:25 +00:00
OpenClaw	59cc8f3d0e	Session 45: support email, audit fixes (template validation, content-type, admin auth, waitUntil) ... - Added support@docfast.dev to footer, impressum, terms, landing page, openapi.json - Fixed audit #6: Template render validates required fields (400 on missing) - Fixed audit #7: Content-Type check on markdown/URL routes (415) - Fixed audit #11: /v1/usage and /v1/concurrency now require ADMIN_API_KEY - Fixed audit Critical #3: URL convert uses domcontentloaded instead of networkidle0	2026-02-16 19:30:21 +00:00
OpenClaw	b98e8bc253	fix: BUG-046 usage endpoint data leak, BUG-047 copy button, BUG-048 email change links ... BUG-046 (CRITICAL): getUsageStats() now accepts apiKey param and returns only that key usage instead of all users. Route passes req.apiKeyInfo.key. BUG-047: Added visible Copy button to Pro key success page in billing.ts. BUG-048: Added class="open-email-change" to Change Email links in all HTML pages so the JS modal opener can find them.	2026-02-16 18:06:52 +00:00
DocFast Bot	5b7e343139	build: compile dist for sitemap, favicon, and graceful shutdown changes	2026-02-16 16:10:15 +00:00
openclawd	1ef8f5743c	feat: Add built dist files with EU compliance routes ... - Include compiled TypeScript with new /impressum, /privacy, /terms routes - Temporary commit of dist files for Docker deployment	2026-02-16 13:09:25 +00:00