openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docfast/public
History
OpenClaw a177020186 Security: never send API keys via email, add browser-based recovery UI, adjust rate limits 
Investor Directive 1: Key recovery now shows key in browser after email verification code.
- Removed sendRecoveryEmail function entirely
- Recovery endpoint returns apiKey in JSON response (shown once in browser)
- Added full recovery modal UI (email → code → key displayed)
- Added "Lost your API key?" links throughout signup flow

Investor Directive 3: Rate limits adjusted to match server capacity.
- Global rate limit: 100/min → 30/min (server handles ~28 PDFs/min)
- CORS: recover routes now restricted to docfast.dev origin
2026-02-14 19:42:53 +00:00
..
app.js Security: never send API keys via email, add browser-based recovery UI, adjust rate limits 2026-02-14 19:42:53 +00:00
docs.html fix: update key recovery messaging across all pages 2026-02-14 19:27:21 +00:00
index.html Security: never send API keys via email, add browser-based recovery UI, adjust rate limits 2026-02-14 19:42:53 +00:00
index.html.backup-20260214-175429 feat: key recovery via email verification (BUG-014) 2026-02-14 19:26:47 +00:00