f2949c1836
notifications: send email when manual app update is required
2026-03-21 15:59:41 +01:00
cd6acfb91d
notifications: send email when manual platform update is required
2026-03-21 15:38:12 +01:00
ba0bb62fa3
hardcode CLI name for cid-cli in device auth flow
2026-03-18 14:37:15 +01:00
1ca62dd38e
Restyle oidc device login views
2026-03-18 14:28:28 +01:00
e3d76ea9f4
uninstall: must continue to teardown other addons
2026-03-18 15:26:06 +05:30
d7212e69b5
unprovision: clear the default backup site
2026-03-18 15:14:11 +05:30
ead58bd6f6
test: use profile to check for passkey
2026-03-18 15:00:45 +05:30
fbe13b75df
passkey: fix tests
2026-03-18 14:53:00 +05:30
6085a8231f
uninstall: ignore services error as services may never have started
2026-03-18 14:38:47 +05:30
3d55423deb
Fix usage of safe()
2026-03-18 14:26:42 +05:30
f62df52c1d
passkey: disallow in demo mode
2026-03-18 12:28:57 +05:30
1f05a8d92a
network: fix crash
2026-03-18 07:04:45 +05:30
ea7647f43c
oidcserver: fix jwks_rsaonly response
2026-03-17 17:49:52 +05:30
bc5737b9b0
passkey: implement passwordless login
2026-03-16 20:10:59 +05:30
d0745d1914
2fa: provider passkey or totp
2026-03-16 18:49:12 +05:30
2b4c926a70
only clear passkeys on location change
...
calling this on initialize makes it lose all passkeys
2026-03-16 18:49:01 +05:30
67500a7689
profile: hasPasskey
2026-03-16 17:20:22 +05:30
189e3d5599
allow totp and passkey to co-exist
2026-03-16 16:38:48 +05:30
009d0b39f9
rename twoFactor* to totp
2026-03-16 16:38:42 +05:30
f334c696cb
update: add policy to update apps separately from platform
2026-03-16 10:19:18 +05:30
db974d72d5
oidcserver: permit origin "*" from localhost testing
2026-03-16 07:21:55 +05:30
c15e342bb8
webadmin: remove the implicit flow
...
we now use pkce . main advantage is that we don't see the access token
in the url anymore.
in pkce, the auth code by itself is useless. need the verifier.
fixes #844
2026-03-15 17:38:27 +05:30
dc1449c7b6
oidcserver: convert to trace
2026-03-15 17:32:03 +05:30
0b305caf58
sites: add conflict detection
...
Fixes #863
2026-03-15 14:59:35 +05:30
8f1f3645b2
app update: if backup fails, provide a notification
...
fixes #851
2026-03-15 14:48:07 +05:30
7afec06d4c
apps: operators can now view backup logs and manage the backup task
...
we spun off the app backup as a separate task and this is not tracked
by app.taskId .
fixes #856
2026-03-15 10:18:31 +05:30
29f85a8fd2
test: fix debug
2026-03-15 09:54:55 +05:30
6e0dc24eca
rsync: escape U+2028/U+2029
...
JSON strings can contain unescaped U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR
characters while ECMAScript strings cannot. ES2019 now allows those unescaped.
The integrity code assumes that each JSON is a single line but that assumption does
not hold true when these characters are there in the string. Fix is to escape them.
2026-03-15 09:20:40 +05:30
6db2b55e63
oidcserver: custom templates for device login
...
the default one uses google fonts :/
2026-03-13 13:25:57 +05:30
a3c038781f
oidc: implement Device Authorization Grant
2026-03-13 12:44:39 +05:30
59c9e5397e
ldapserver, directoryserver: all traces
2026-03-12 23:30:12 +05:30
a4c253b9a9
users: modify verify log calls to trace
...
this is only useful when we are debugging and not useful to end user
without further context
2026-03-12 23:27:13 +05:30
f12b4faf34
lint
2026-03-12 23:23:23 +05:30
ff49759f42
promise-retry: rename api to log
2026-03-12 23:11:16 +05:30
01d0c738bc
replace debug() with our custom logger
...
mostly we want trace() and log(). trace() can be enabled whenever
we want by flipping a flag and restarting box
2026-03-12 23:08:35 +05:30
d57554a48c
backup logs: make them much terse and concise
...
these are making the rsync logs massive. instead resort to reporting
progress based on file count. there is also a heartbeat timer for
"stuck" or "long downloading" files, every minute.
2026-03-12 19:40:46 +05:30
b16b57f38b
rsync: throttle log messages during download
2026-03-12 13:47:26 +05:30
12177446a2
backupcleaner: remove cleanupSnapshotSuperfluous
...
this removes the workaround for the rsync bug to make integrity
checks work. see ec15f29e402c12bee79b
2026-03-12 08:07:25 +05:30
79cdecdff6
graphite: fix aggregation of block/network read/write
2026-03-10 22:56:00 +05:30
336dee53cd
metrics: pick last item in series
...
picking the first item for "max" is not correct
2026-03-10 22:25:15 +05:30
77022bbd7f
restore: apply blocklist
2026-03-10 21:34:26 +05:30
8ef56c6d91
reverseproxy: fix restore of trusted ips
2026-03-10 17:28:06 +05:30
d377d1e1cf
remove deprecated url
2026-03-10 15:15:17 +05:30
866b72d029
services: distinguish error state and idle state for stopped containers
2026-03-08 18:36:24 +05:30
4bc0f44789
services: lazy start services / on demand services
...
services are now stopped when no app is using them.
on start up, services are always created and run. they are later
stopped when unused. it's this way to facilitate the upgrade code
path. the database meta files have to be upgraded even if no app is using them.
the other hook to stop unused services is at the end of an app task.
maybe mail container is a candidate for the future where all sending is no-op.
But give this is rare, it's not implemented.
2026-03-08 18:35:50 +05:30
99c55cb22f
services: enforce min memory limit
2026-03-05 21:25:31 +05:30
74c73c695f
mongodb: set min memory to 2GB
2026-03-05 21:25:31 +05:30
38efa6a2ba
integrity: show failure messages
2026-03-05 16:24:46 +05:30
5f8ea2aecc
integrity: skip check of backups with no integrity info
2026-03-04 21:18:20 +05:30
94bc52a0c3
rsync: typo
2026-03-04 20:48:00 +05:30
Girish Ramakrishnan