* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0
One-Time Password (OTP) package added with comprehensive token management, including OTP verification for team account deletion and ownership transfer.
1. Handle expired links on signup
2.Reject invitations when user is already a member
3. Make sure not to display errors due to Next.js redirection during team creation
4. Fix documentation sidebar
* Enhanced Sidebar to support sub collapsible sections
* Data-Table: support getSortedRowModel
* Add missing renderAction;
* Fix Sidebar on mobile
* Do not initialize Analytics Provider server side
* Do not bind i18Next until it's initialized
* Avoid infinite redirects in the auth path when Supabase emits a SIGNED_OUT event
* Force admin layout to be dynamic
* Update Next.js and React versions in all packages
* Replace onRedirect function with next/link in BillingSessionStatus, since it's no longer cached by default
* Remove unused revalidatePath import in billing return page, since it's no longer cached by default
* Add Turbopack module aliases to improve development server speed
* Converted new Dynamic APIs to be Promise-based
* Adjust mobile layout
* Use ENABLE_REACT_COMPILER to enable the React Compiler in Next.js 15
* Report Errors using the new onRequestError hook
Upgraded multiple dependencies across the project, including @types/node to ^22.5.1 and @supabase/supabase-js to ^2.45.3. This change also includes updates to react-related types and various other packages to their latest versions to maintain compatibility and leverage new features.
Rearranged imports for better organization and readability across multiple files. Updated the `react-i18next` dependency to version 15.0.1 in various `package.json` files. Adjusted formatting in multiple TypeScript files to ensure code style consistency.
Design Updates: Breadcrumbs, Empty State, new Charts and new colors
* Add Breadcrumb component to UI package
* Add AppBreadcrumbs for improved navigation: Replaced static text descriptions with the new AppBreadcrumbs component across multiple pages to enhance navigation. Addressed an issue with Supabase client warnings by temporarily suppressing getSession warnings. Also made minor UI adjustments, including adjustments to heading styles and layout features.
* Enhance UI styling and configuration settings: Updated various UI components and global styles to improve styling consistency and responsiveness.
* Update global styles and adjust padding: Updated several CSS variables for improved color accuracy and appearance. Added padding to admin account page body for better layout consistency.
* Refactor UI components and adjust styling: Replaced Heading tags in Plan Picker with span for consistency. Added active and hover states to buttons in the sidebar. Refined background, layout styling, and color schemes across various components. Removed sidebar case in Page component switch statement.
* Add Chart Components and Integrate into Dashboard: Introduced `recharts` library and created `Chart` components. Updated dashboard to use the new components and enhanced UI/UX with descriptions and restructured cards.
* Enhance dashboard demo UI layout: Refactor the layout by adjusting flex properties and spacing classes to improve component alignment. Update dummy data generation and Figure font size for better visual consistency.
* Update localization keys for navigation labels: Changed localization keys for tab labels to use 'routes' prefix for consistency. Adjusted corresponding component references and added missing keys for routes. This ensures better organization and uniformity in the code.
* Add EmptyState component and enhance account handling: Introduced a new EmptyState component for UI consistency and updated JSON locales with 'account' route. Modified HomeAddAccountButton to accept className prop and refactored HomeAccountsListEmptyState to use the new EmptyState component. Updated navigation config to align labels in locales.
* Add locale support and enhance currency formatting: This commit introduces locale-based currency formatting across billing components by utilizing the `useTranslation` hook to fetch the current language. It also refactors the `formatCurrency` function to accept an object parameter for better readability and reusability.
* Fix typo in devDependencies section of template generator: Corrected a syntax error in `package.json.hbs` template affecting the `@kit/tsconfig` entry. The change ensures that the dependency is properly defined and prevents potential issues during package management.
* Update heading levels and add tracking-tight class in auth shell: Changed Heading components from level 4 to level 5 and added the 'tracking-tight' class in multiple auth-related pages. This improves visual consistency and better aligns the typography across the application.
Deleted CloudflareMailer class and its implementation from the mailers package. Updated dependencies across various packages, converting certain imports to use `type` only, and bumped versions for packages like `react-query`, `lucide-react`, and others.
* Add events handling and enhance analytics tracking
Added a new events system to track user actions throughout the application. Specific significant events such as user signup, sign-in, and checkout have dedicated handlers. Updated the analytics system to handle these event triggers and improved analytics reporting. An analytics provider has been implemented to manage event subscriptions and analytics event mappings.
* Remove unused dependencies from package.json files
Unused packages "@tanstack/react-table" and "next" have been removed from the packages/shared and tooling directories respectively. These changes help ensure that only needed packages are included in the project, reducing potential security risks and unnecessary processing overhead.
* Update dependencies
Multiple package versions were updated including "@tanstack/react-query" and "lucide-react"
* Add status property to content item structure
This commit introduces a new `status` property to the content item structure, allowing content items to maintain a status such as 'draft', 'published', 'review', 'pending'. This status is mapped to the corresponding status in Wordpress and Keystatic clients to ensure consistent usage across platforms. Content retrieval methods now also include a status filter.
* Refactor code for style and readability improvements
This commit includes changes in various files across different packages to improve code readability, including adjusting spacing and breaking down complex lines into simpler parts. In addition, the switch statement in `wp-client.ts` has been refactored and status values are now held in variables, and the CSS classes in `global-loader.tsx` have been reorganized.
Refactored the condition handling for the next path in auth-callback.service.ts to only rely on the callbackUrl instead of an additional 'next' parameter. This not only simplifies the code but also reduces potential errors linked to multiple sources of truth for the next path direction.
This update improves the logic for handling the 'next' path in the auth callback service. Now, it first checks the query parameters for the 'next' path. If it's not found there, it looks into the callback URL
The '@tanstack/react-query' dependency version has been upgraded across several packages. Alongside, syntax and unnecessary semicolons in 'database.types.ts' have been cleaned up to adhere with the formatting standards.
* Filter out metered line items from billing schema
This update refines the process of creating a billing schema by filtering out metered line items. The change is necessary as metered line items can be shared across different plans, potentially causing conflicts or duplicates in the schema.
* Update packages to newer versions
This update upgrades several packages across multiple project files to their latest version. These packages include "supabase-js", "react-query", "react-hook-form", and "pnpm". The commit ensures the project is up-to-date with recent package versions, potentially benefiting from bug fixes, new features, and performance improvements.
* Add subscription retrieval in billing services
Added a function to retrieve subscription info in both Stripe and LemonSqueezy billing services. To accomplish this, new methods were added to related services and types. This allows querying specific subscription data based on its id, and throws an error if it fails. Furthermore, PayloadBuilder classes were created to systematically build the subscription payload.
* Remove account ID retrieval from Lemon Squeezy billing service
The code that was querying the database to fetch the accountId has been removed from lemon-squeezy-billing-strategy.service.ts. It was unnecessary as the Lemon Squeezy API does not provide account ID and therefore it is always left empty. Also, adjustments have been made in billing-strategy-provider.service.ts to reflect that the target account ID can be optional.
* Extract 'next' parameter from callback URL
The update allows for the extraction of the 'next' parameter from the callback URL. If such a parameter is available, it is subsequently added to the search parameters. The enhancement improves URL parameter handling in the authentication callback service.
* Refactor URL redirection in auth-callback service
The update simplifies the redirection logic in the authentication callback service. This is achieved by setting the url pathname directly to the redirect path, instead of first setting it to the callback parameter. Moreover, the code handling the 'next' path has also been streamlined, setting the url pathname to the next path when available.
This commit refines the Multi-Factor Authentication (MFA) handling by removing 'requireUser' method, optimizing 'useFetchMfaFactors' hook to avoid fetching stale data, and improving error logging. The changes enhance the system's user session management and the MFA challenge response, ensuring smoother user experience and potential troubleshooting.
The logic handling localhost in the auth-callback service has been updated. The host is no longer automatically set to the request host; instead, it's only updated if it's currently set to localhost and the request host does not include localhost itself. This change improves handling of different host configurations.
The commit introduces changes to the behavior of the "Update Password" page on a successful password update. Instead of redirecting the user back to the home page upon a successful update, the updated code now redirects the user to a specified URL passed in as a prop. The authentication configuration has also been updated to include a list of acceptable redirect URLs.
Included a conditional to check and update host settings in the 'auth-callback.service.ts' file to avoid incorrect host setting outside of Vercel. Additionally, added a className prop to the Page component in the UI package to enhance customization capabilities.
In the use-sign-out.ts file, the use of query client has been removed and error handling has been improved during sign-out operations. Meanwhile, in the use-auth-change-listener.ts file, an unnecessary usage of query client and router has been removed. Event handling logic has also been simplified by using window.location.reload() instead of router.refresh() on user sign-out.
The commit refactors the previous implementation of using cache functions across several modules. They are now explicitly defined as loaders to improve readability and maintain a consistent style. This prevents the cache function calls from getting too nested and difficult to understand, especially in asynchronous cases. Additionally, the user session related hooks are deleted which were not used anymore.
The `createServerClient` function has been replaced with the `createClient` function in the `server-actions.client.ts`, `route-handler.client.ts`, and `server-component.client.ts` files. This includes adding necessary import statements for `createClient` and adjusting the options passed to it, including `persistSession`, `detectSessionInUrl`, and `autoRefreshToken`.
The multi-factor authentication functions have been modified to accept a user id as a parameter. This provides more flexibility as it allows a more specific targeting of users. The `useFetchAuthFactors` function has been updated to export the function rather than default, and the `useFactorsMutationKey` function has been updated to take a user id.
* Update navigation menu text color and disable caching in Supabase clients
Updated the active and hover text colors for the navigation menu in the UI package. Also, added prevention of any sort of caching in the Supabase clients (server-actions.client.ts, route-handler.client.ts, server-component.client.ts) to be eventually removed in Next v15. Automatic token refresh is also turned off in the server-component client.
* Increase content items limit in docs loader
The content items limit in the documentation loader has been increased to the maximum safe integer. This ensures that all documentation entries are retrieved from the CMS, avoiding any potential omissions due to arbitrary limits.
The update on auth-callback.service now includes the deletion of 'token_hash', 'type', 'next', and 'callback' query parameters from the URL. This ensures a cleaner URL after the authentication callback process.
* Add AuthCallbackService to handle auth callbacks in Supabase
Created a new service, AuthCallbackService, in the Supabase package to centralize the handling of authentication callbacks. This service handles two main tasks: verifying the token hash for user email verification and exchanging the authentication code for a session. Code in the web app routes were updated to utilize this new service, improving code organization and reusability.
* Remove CSRF Token Meta component and add Jaeger exporter
The CSRF Token Meta component was removed from the application. Instead, CSRF tokens are now included in the root metadata of the application. Additionally, the "@opentelemetry/exporter-jaeger" package was added as a dependency to the Sentry monitoring package. This enables the tracing of application requests via Jaeger.
* Refactor README.md and remove redundant content
Removed the excessive content and detailed instruction from the README.md file. The documentation has been moved to a more suitable and detailed location elsewhere.
* Update package dependencies in sentry/package.json
An ordering change has been made in the dependencies within the sentry/package.json file. The "@opentelemetry/exporter-jaeger" dependency was moved to its correct alphabetical order. No version changes were made.
This commit includes renaming and refactoring of some billing services for clarification and coherence. It also improves account APIs in team-accounts and accounts packages by having added `getAccount` and `getTeamAccount` methods, allowing retrieval of account details via slug and id. Changes also include type modifications in `getSupabaseServerActionClient` function for better flexibility and precision.
This commit dates the transition from a global user session to individual account handling based on user ID. The transition was made across several components, notably the account settings, icons, and selector. This change improves performance by reducing unnecessary requests and ensures more accurate data handling. The commit also includes some cleanups and minor fixes spread across different components.
This commit refactor the role management, removing the dependencies on account ids throughout our system. Changes include removing account id related attributes in the roles table schema and functions, modifying seed data and simplifying the role data provider code. This makes role structure more generic and simplifies the role handling process.
Several updates are made to the notification model, mainly removing the 'entity_id', 'entity_type', and 'language_code' fields from the properties. We've also updated the 'accounts_memberships' table, by preventing its updates except for 'account_role'.
This update includes creating new files for the notifications feature along with adding two feature flags for enabling notifications and realtime notifications. All the code and package dependencies required for the notifications functionality have been added. The 'pnpm-lock.yaml' has also been updated due to the inclusion of new package dependencies.
The authentication handling logic in the middleware.ts file was refactored to improve clarity and control flow. In addition, the loading component, previously located in the main app directory, has been deleted and recreated specifically for admin use. The list of private path prefixes has been updated in the use-auth-change-listener.ts file to reflect these changes.
The sign out command is moved ahead of the account deletion service to ensure users are logged out before their account gets deleted. The "/join" prefix is removed from the list of private path prefixes. Additionally, a global loader component is added to the join loading page.
The changes add user session handling directly in the middleware. This ensures the user data is fetched at the start of a request and then passed on to route handlers, reducing repeated data fetching. Also, these improvements include adjustments for how sign-out and auth-change events are managed, particularly when the user session state changes. Additionally, it corrects the error response from useUser hook to return `undefined` instead of `null`.
Paths such as SIGN_IN_PATH and SIGN_UP_PATH have been hardcoded into the application instead of being environment variables. These changes simplify the configuration of the application, making maintenance and understanding of the codebase easier.
In this update, a captcha token is introduced in the password sign-in process to improve security. A `useCaptchaToken` hook has been added to the `PasswordSignInContainer` and corresponding adjustments have been made in the `useSignInWithEmailPassword` hook. The SignInWithPasswordCredentials type is now used for credentials instead of a locally defined interface.
The lucide-react library has been added to the project in the `accounts` and `team-accounts` package.json files, and in the pnpm-lock.yaml. Changes were made to the next.config.mjs file to reflect this. Also, the name of the `AuthRedirectListener` function in use-auth-change-listener.ts file has been changed to `useAuthChangeListener`.
