- Modified checkRateLimit to return RateLimitResult object with limit, remaining, and resetTime
- Added X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers to ALL responses
- Added Retry-After header to 429 responses
- Headers now provide developers visibility into their quota usage
Added comprehensive tests for previously untested areas:
1. Demo Endpoints (no auth):
- POST /v1/demo/html - converts HTML to watermarked PDF
- POST /v1/demo/markdown - converts markdown to PDF
- Rate limiting (5 requests/hour) validation
2. URL to PDF Conversion:
- Valid URL conversion
- Missing url field validation
- SSRF protection (blocks private IPs like 127.0.0.1, localhost)
- Invalid protocol rejection (ftp://)
- Invalid URL format handling
3. PDF Options:
- A3 format conversion
- Landscape orientation
- Custom margins
4. Error Handling:
- Invalid JSON body
- Wrong Content-Type header (415 expected)
- Empty HTML string handling
5. Health Endpoint Details:
- Verify database field presence
- Verify pool stats (size, active, available)
- Verify version field
Total tests: 27 (3 passed locally, 24 require Docker/Chrome/DB)
Tests that need Docker to pass: All PDF generation and DB-dependent tests
Note: Local failures are expected without PostgreSQL and Chromium.
CI will run these in Docker with all dependencies.
- Remove onclick from API key recovery modal Copy button (templates/pages/index.html)
- Event listener already exists in app.js (line 295)
- Remove onclick from server-rendered API key display (src/index.ts line 207)
- Remove onclick from billing success page Copy button (src/routes/billing.ts line 181)
- Create public/copy-helper.js to handle all [data-copy] elements via external JS
- All copy functionality now CSP-compliant (script-src 'self')
- Add scale, pageRanges, preferCSSPageSize, width, height to PdfOptions
- Add headerTemplate, footerTemplate, displayHeaderFooter to docs
- Pass all options through routes to browser service for HTML, Markdown, and URL endpoints
- Export PdfRenderOptions interface for type reuse
- Bump version to 0.4.5
- Add partial unique index on api_keys(stripe_customer_id) WHERE NOT NULL
- Use INSERT ... ON CONFLICT in createProKey for cross-pod dedup
- Add findKeyByCustomerId() to query DB directly
- Success page checks DB before creating key (survives pod restarts)
- Refresh in-memory cache after UPSERT
- Add swagger-jsdoc dependency for auto-generating OpenAPI spec from JSDoc
- Add JSDoc @openapi annotations to all route handlers
- Create scripts/generate-openapi.mjs build step
- OpenAPI spec now auto-generated from code — no manual JSON editing
- All 13 endpoints documented with full parameters
- New demo endpoints documented, signup marked as deprecated
- Updated info description: demo-first, no free tier references
- Dockerfile updated to run openapi generation during build
- Build script updated: npm run build generates spec before compile
- Remove free account signup flow entirely
- Add POST /v1/demo/html and /v1/demo/markdown (public, no auth)
- Demo: 5 requests/hour per IP, 50KB body limit, watermarked PDFs
- Landing page: interactive playground replaces 'Get Free API Key'
- Pricing: Demo (free) + Pro (€9/mo), no more Free tier
- /v1/signup returns 410 Gone with redirect to demo/pro
- Keep /v1/recover for existing Pro users
- Update JSON-LD, API discovery, verify page text
- Rate limit /checkout to 3 requests per IP per hour via express-rate-limit
- Reject request bodies >1KB (413)
- Log checkout session creation with client IP
- Bump version to 0.3.4
- queryWithRetry now uses explicit client checkout; on transient error,
calls client.release(true) to DESTROY the dead connection instead of
returning it to pool. Fresh connections are created on retry.
- connectWithRetry validates connections with SELECT 1 before returning
- Health check destroys bad connections on failure
- Reduced idleTimeoutMillis from 30s to 10s for faster stale connection eviction
- Fixes BUG-075: pool kept reusing dead TCP sockets after PgBouncer pod restart
- Enable TCP keepalive on pg.Pool to detect dead connections
- Add connectionTimeoutMillis (5s) to prevent hanging on stale connections
- Add queryWithRetry() with exponential backoff for transient DB errors
- Add connectWithRetry() for transaction-based operations
- Detect PgBouncer "no available server" and other transient errors
- Health check has 3s timeout and returns 503 on DB failure
- All DB operations in keys, verification, usage use retry logic
Fixes BUG-075: PgBouncer failover causes permanent pod failures
express.static was serving docs.html before the /docs route handler,
causing Helmet default CSP to be used instead of the custom Swagger UI CSP.
This blocked unsafe-eval and blob: workers needed by Swagger UI.
Swagger UI 5.x uses new Function() via ajv for JSON schema validation.
Helmet default CSP (script-src self) blocks this in Firefox, causing
TypeError: NetworkError when attempting to fetch resource on Try It.
Override CSP on /docs route to allow unsafe-eval.
- Support SMTP_USER/SMTP_PASS env vars for authenticated SMTP
- Support SMTP_FROM env var for configurable sender address
- Auto-detect secure mode for port 465
- Backwards compatible: falls back to unauthenticated local relay
- Add /change-email as a proper standalone page (public/src/change-email.html)
with API key input, new email input, verification code flow, and success state
- Update footer partial: change "/#change-email" link to "/change-email" on all pages
- Remove email change modal HTML and hash-handler JS from index page source
- Add /change-email to sitemap.xml
- Rebuild all HTML files via build-html.cjs
- Add updateEmailByCustomer() to src/services/keys.ts
- Add customer.updated webhook handler in src/routes/billing.ts
to sync email changes made via Stripe dashboard back to DocFast
- Replace revokeByCustomer with downgradeByCustomer in keys.ts
- Sets tier='free' in cache and DB (UPDATE, not DELETE)
- Add isDocFastSubscription() product filter helper in billing.ts
- Filters all subscription events by prod_TygeG8tQPtEAdE
- Handle customer.subscription.updated event
- Downgrades on status=canceled/past_due/unpaid or cancel_at_period_end=true
- Handle customer.subscription.deleted with product filter
- Downgrades to free (was incorrectly deleting the key)
Fixes revenue integrity bug: cancelled Pro subscribers kept Pro access.
BUG-046 (CRITICAL): getUsageStats() now accepts apiKey param and returns
only that key usage instead of all users. Route passes req.apiKeyInfo.key.
BUG-047: Added visible Copy button to Pro key success page in billing.ts.
BUG-048: Added class="open-email-change" to Change Email links in all
HTML pages so the JS modal opener can find them.
- Add footer links for Impressum, Privacy Policy, Terms of Service
- Create legal pages: /impressum, /privacy, /terms (Austrian/EU compliant)
- Add EU hosting badge highlighting GDPR compliance and EU data residency
- Add Express routes for legal pages with caching headers
- All pages use consistent dark theme design matching landing page
- Docker healthcheck: Use Node.js instead of curl (not installed in slim image)
- Pricing: Change from USD ($) to EUR (€) in frontend and backend Stripe integration
- Static assets: Add Cache-Control headers (1 day) for /public and /docs files
- Remove duplicate text/html from nginx gzip_types (fixes nginx -t warning)
- Update hardcoded API version from 0.2.0 to 0.2.1 to match package.json
- Update logrotate config: daily rotation, 7 days retention, improved postrotate
- Add Docker logging configuration with size/file limits
- Add fe80::/10 (IPv6 link-local) detection to isPrivateIP()
- Update error message to match specification: 'URL resolves to a private/internal IP address'
- Existing protections already covered all required IPv4 ranges and IPv6 localhost
- Update sitemap.xml to include /v1/health endpoint
- Add proper 404 handling (JSON for API paths, HTML for browser paths)
- Create optimized nginx config with gzip, cache headers, specific locations
- Add logrotate configuration for DocFast logs
- Add security headers and static asset caching
