The update on auth-callback.service now includes the deletion of 'token_hash', 'type', 'next', and 'callback' query parameters from the URL. This ensures a cleaner URL after the authentication callback process.
* Add AuthCallbackService to handle auth callbacks in Supabase
Created a new service, AuthCallbackService, in the Supabase package to centralize the handling of authentication callbacks. This service handles two main tasks: verifying the token hash for user email verification and exchanging the authentication code for a session. Code in the web app routes were updated to utilize this new service, improving code organization and reusability.
* Remove CSRF Token Meta component and add Jaeger exporter
The CSRF Token Meta component was removed from the application. Instead, CSRF tokens are now included in the root metadata of the application. Additionally, the "@opentelemetry/exporter-jaeger" package was added as a dependency to the Sentry monitoring package. This enables the tracing of application requests via Jaeger.
* Refactor README.md and remove redundant content
Removed the excessive content and detailed instruction from the README.md file. The documentation has been moved to a more suitable and detailed location elsewhere.
* Update package dependencies in sentry/package.json
An ordering change has been made in the dependencies within the sentry/package.json file. The "@opentelemetry/exporter-jaeger" dependency was moved to its correct alphabetical order. No version changes were made.
This commit includes renaming and refactoring of some billing services for clarification and coherence. It also improves account APIs in team-accounts and accounts packages by having added `getAccount` and `getTeamAccount` methods, allowing retrieval of account details via slug and id. Changes also include type modifications in `getSupabaseServerActionClient` function for better flexibility and precision.
This commit dates the transition from a global user session to individual account handling based on user ID. The transition was made across several components, notably the account settings, icons, and selector. This change improves performance by reducing unnecessary requests and ensures more accurate data handling. The commit also includes some cleanups and minor fixes spread across different components.
This commit refactor the role management, removing the dependencies on account ids throughout our system. Changes include removing account id related attributes in the roles table schema and functions, modifying seed data and simplifying the role data provider code. This makes role structure more generic and simplifies the role handling process.
Several updates are made to the notification model, mainly removing the 'entity_id', 'entity_type', and 'language_code' fields from the properties. We've also updated the 'accounts_memberships' table, by preventing its updates except for 'account_role'.
This update includes creating new files for the notifications feature along with adding two feature flags for enabling notifications and realtime notifications. All the code and package dependencies required for the notifications functionality have been added. The 'pnpm-lock.yaml' has also been updated due to the inclusion of new package dependencies.
The authentication handling logic in the middleware.ts file was refactored to improve clarity and control flow. In addition, the loading component, previously located in the main app directory, has been deleted and recreated specifically for admin use. The list of private path prefixes has been updated in the use-auth-change-listener.ts file to reflect these changes.
The sign out command is moved ahead of the account deletion service to ensure users are logged out before their account gets deleted. The "/join" prefix is removed from the list of private path prefixes. Additionally, a global loader component is added to the join loading page.
The changes add user session handling directly in the middleware. This ensures the user data is fetched at the start of a request and then passed on to route handlers, reducing repeated data fetching. Also, these improvements include adjustments for how sign-out and auth-change events are managed, particularly when the user session state changes. Additionally, it corrects the error response from useUser hook to return `undefined` instead of `null`.
Paths such as SIGN_IN_PATH and SIGN_UP_PATH have been hardcoded into the application instead of being environment variables. These changes simplify the configuration of the application, making maintenance and understanding of the codebase easier.
In this update, a captcha token is introduced in the password sign-in process to improve security. A `useCaptchaToken` hook has been added to the `PasswordSignInContainer` and corresponding adjustments have been made in the `useSignInWithEmailPassword` hook. The SignInWithPasswordCredentials type is now used for credentials instead of a locally defined interface.
The lucide-react library has been added to the project in the `accounts` and `team-accounts` package.json files, and in the pnpm-lock.yaml. Changes were made to the next.config.mjs file to reflect this. Also, the name of the `AuthRedirectListener` function in use-auth-change-listener.ts file has been changed to `useAuthChangeListener`.
The previous authentication listener component was transformed into a `useAuthChangeListener` hook. All relevant functionality was preserved in this transition. The purpose of this change was to improve flexibility and code reusability by enabling the auth listener to be integrated in various parts of the application as needed. The old component was also removed from the exported packages in the `package.json`.
The monitoring package has been significantly refactored to improve the granularity of error capture. Code from the 'capture-exception.ts' files in different locations have been deleted and replaced by a more unified approach in the 'use-baselime.ts' and 'use-sentry.ts' hooks. The README documentation has also been updated to reflect these changes and provide additional information about error monitoring setup and usage.
The CSRF protection in middleware has been re-implemented with `@edge-csrf/nextjs`, to catch and handle CSRF errors more effectively. Additionally, some parameters are renamed and functions are added in `database.types.ts` for better role management. The dependency in `package.json` has also been updated to reflect the changes.
The Suspense wrapper was removed from root-providers.tsx to simplify code. For the Privacy Path Checking, a property was added to 'AuthRedirectListener' to allow customization of 'privatePathPrefixes', and the prefixes list was moved to the top. Also, explicit constant assertions were added in 'create-i18n-settings.ts' to ensure the types correctness.
This commit implements proper syntax standards throughout the file. Every necessary line now ends with a semicolon, providing better readability and avoiding potential errors in future code interpretation.
The commit removes semicolons at the ends of lines and makes updates to the Database object in the `database.types.ts` file. This better aligns the syntax with TypeScript norms. It also affects many database relationships, including but not limited to `Accounts`, `Roles`, and `Subscriptions`.
Changes are introduced primarily to the site header buttons and styles, as well as some content corrections. Also, the SUPABASE_SERVICE_ROLE_KEY environment variable is now sanitized before use to prevent potential security vulnerabilities. The function 'taintUniqueValue' from React is used to ensure this process. These changes align with good practices for both UI/UX and security.
The code now supplies a detailed error message when an invalid Supabase Service Role Key is provided. The error message prompts the user to check the SUPABASE_SERVICE_ROLE_KEY environment variable ensuring clearer debugging.
The refactoring includes the moving of the `getSupabaseClientKeys()` and `getServiceRoleKey()` function calls to the module scope and the addition of a `warnServiceRoleKeyUsage()` function, used to display a warning when the Supabase Service Role is accessed. The change aims to improve code readability and maintainability.
This commit refines the warning text in the 'deleteAccountDescription' in locales and associated Supabase service role warning. Additionally, the E2E test for account deletion has been updated to include a response check for a redirection status, improving the reliability of the test outcome.
The update simplifies accessing environment keys and role warnings in Supabase clients by moving them to new functions 'getSupabaseClientKeys' and 'getServiceRoleKey'. The redundancy in the code is reduced promoting clearer and more maintainable code. The '@epic-web/invariant' import has been removed from files as it is no longer needed.
The Next.js version has been updated across multiple dependencies in the pnpm-lock file. This ensures consistency, removes instances of the canary version, and aligns all packages to use the stable 14.2.0 release.
The commit introduces Playwright configuration for End-to-End testing and modifies several files to optimize the project's structure. It also modifies the middleware to interact with Next.js and fix URL creation. Changes in database types were made to refine their structure.
Refactored several Supabase client functions and updated them to use generics. Also, the '@kit/supabase-config' package was removed from the project and all references were replaced accordingly. The project's dependencies were updated as well, including the Supabase package which was upgraded to the latest version.
This commit updates diverse packages such as "@makerkit/data-loader-supabase-core" and "@makerkit/data-loader-supabase-nextjs" to the new versions in the package.json files. Also, several refactorings were done in logging within services and loaders by progressing 'server-only' imports and improving context handling. Additionally, type annotations have been added to several exported functions for better code readability and maintainability.
The update includes the implementation of captcha support during the sign-in and sign-up process for user accounts. The process ensures a better level of security against bot-based attacks. Also, the code has been refactored to separate error and success alerts and unnecessary useEffect hooks have been removed. Moreover, some logic concerning the authentication rendering has been simplified.
This commit introduces the updateSubscription method to the BillingStrategyProviderService, ensuring that subscriptions can be updated within the billing core. Additionally, a refactor has been applied to the BillingGatewayFactoryService and stripe-billing-strategy.service to improve error handling and the robustness of subscription updates. Logging in the webhook route has been adjusted for clarity and the data model has been enhanced.
Various fields in the Supabase database types definitions have been modified. Primarily, the changes involve consistently ending each line with a semicolon. This enforces consistent formatting and improves code readability.
This commit includes reorganizing dependencies in 'package.json' for better readability. It also refactors code associated with user and personal account data along with animations for AvatarFallback and profile name display. Additionally, the 'next' package version has been updated to '14.2.0-canary.56'. Some changes have been made for minor corrections and enhancements in the scripts.
This commit introduces Sentry and Baselime packages into the monitoring section, complete with associated dependencies and scripts. These changes also reflect necessary updates to the 'pnpm-lock.yaml' file to account for these new dependencies.
Updated Supabase dependency across multiple packages from "^2.41.1" to "^2.42.0". Removed files handling sidebar state and theme cookies. Created a new Logger interface for managing log messages in the shared package. Enhanced the middleware to track accounts membership webhook payload. Minor adjustments were also made in multiple package.json files.
Refactored Supabase server component client to improve type safety. Improved team account management by adjusting role data providers to consider account IDs, and adjusted invite member functionality to use account IDs and slugs. Enhanced invitation update dialog by adding account parameter. Fixed database webhook URLs in seed.sql. Overall, these changes enhance the robustness and usability of the team management functionalities.
The commit mainly revamps the code to support internationalization in various pages like pricing, docs, blog, etc. It modifies the code to generate metadata asynchronously, accommodating internationalized page titles and subtitles. Also, the commit restructures CMS Client scripts, particularly for ContentLayer and Wordpress. For Wordpress, it updates API fetch routes and handles embedded children data. Furthermore, unnecessary logging statements are cleaned up, and minor updates are done for better UI and code efficiency.
This update modifies the billing system to properly handle both single and recurring payment plans. Logic is introduced to determine whether the selected plan is recurring or a one-time payment and adjust the interface accordingly. The naming of some components and variables has been changed to more accurately reflect their purpose. Additionally, a
Refactored the 'plan-picker' component in the billing gateway to remove unwanted line items and improve checkout session and subscription handling. Enhanced the localization support by adding translations in the plan picker and introduced a new function to check trial eligibility so that existing customers can't start a new trial period. These changes enhance the usability of the application across different regions and provide accurate trial period conditions.
The code in the webhook API has been refactored to move the DatabaseWebhookHandlerService instance out of the POST function scope. Furthermore, the display of renewal plan details on the billing page has been simplified and certain parts deemed superfluous have been removed. Numerous types and interfaces in the database.types.ts file have also been corrected and formatted for consistency and improved readability.
The billing schema has been revamped to allow more flexible billing setups, supporting multiple line items per plan. Changes extend to related app and UI components for a seamless experience. As a result, the previously used 'line-items-mapper.ts' is no longer needed and has been removed.
Updated several components within the team accounts feature to use more specific schema definitions and provide clearer form validation. Several schema files were renamed to better reflect their usage and additional properties were included. The commit also introduces handling for a new accountId property, which provides more accurate user account tracking. Autocomplete was turned off on deletion actions for better security. Changes related to account ownership transfer were also made, including transaction logging and error handling improvements.
Replaced the requireAuth method with requireUser to improve clarity and modified all instances where it was used. Renamed the import throughout multiple files and services and made changes accordingly, thus making it more specific and understandable that a logged-in user is needed. The return type of the method was also updated from Session to User to more accurately reflect the information it provides.
