Main Issues Fixed:
1. Tools Disabled on Initial Login (Required Page Refresh)
Problem: After successful login, all PDF tools appeared grayed
out/disabled until the user refreshed the page.
Root Cause: Race condition where tools checked endpoint availability
before JWT was stored in localStorage.
Fix:
- Implemented optimistic defaults in useEndpointConfig - assumes
endpoints are enabled when no JWT exists
- Added JWT availability event system (jwt-available event) to notify
components when authentication is ready
- Tools now remain enabled during auth initialization instead of
defaulting to disabled
2. Session Lost on Page Refresh (Immediate Logout)
Problem: Users were immediately logged out when refreshing the page,
losing their authenticated session.
Root Causes:
- Spring Security form login was redirecting API calls to /login with
302 responses instead of returning JSON
- /api/v1/auth/me endpoint was incorrectly in the permitAll list
- JWT filter wasn't allowing /api/v1/config endpoints without
authentication
Fixes:
- Backend: Disabled form login in v2/JWT mode by adding && !v2Enabled
condition to form login configuration
- Backend: Removed /api/v1/auth/me from permitAll list - it now requires
authentication
- Backend: Added /api/v1/config to public endpoints in JWT filter
- Backend: Configured proper exception handling for API endpoints to
return JSON (401) instead of HTML redirects (302)
3. Multiple Duplicate API Calls
Problem: After login, /app-config was called 5+ times,
/endpoints-enabled and /me called multiple times, causing unnecessary
network traffic.
Root Cause: Multiple React components each had their own instance of
useAppConfig and useEndpointConfig hooks, each fetching data
independently.
Fix:
- Frontend: Created singleton AppConfigContext provider to ensure only
one global config fetch
- Frontend: Added global caching to useEndpointConfig with module-level
cache variables
- Frontend: Implemented fetch deduplication with fetchCount tracking and
globalFetchedSets
- Result: Reduced API calls from 5+ to 1-2 per endpoint (2 in dev due to
React StrictMode)
Additional Improvements:
CORS Configuration
- Added flexible CORS configuration matching SaaS pattern
- Explicitly allows localhost development ports (3000, 5173, 5174, etc.)
- No hardcoded URLs in application.properties
Security Handlers Integration
- Added IP-based account locking without dependency on form login
- Preserved audit logging with @Audited annotations
Key Code Changes:
Backend Files:
- SecurityConfiguration.java - Disabled form login for v2, added CORS
config
- JwtAuthenticationFilter.java - Added /api/v1/config to public
endpoints
- JwtAuthenticationEntryPoint.java - Returns JSON for API requests
Frontend Files:
- AppConfigContext.tsx - New singleton context for app configuration
- useEndpointConfig.ts - Added global caching and deduplication
- UseSession.tsx - Removed redundant config checking
- Various hooks - Updated to use context providers instead of direct
fetching
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludy <Ludy87@users.noreply.github.com>
Co-authored-by: EthanHealy01 <80844253+EthanHealy01@users.noreply.github.com>
Co-authored-by: Ethan <ethan@MacBook-Pro.local>
Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
Co-authored-by: ConnorYoh <40631091+ConnorYoh@users.noreply.github.com>
Co-authored-by: Connor Yoh <connor@stirlingpdf.com>
# Description of Changes
Please provide a summary of the changes, including:
## Add PDF File Association Support for Tauri App
### 🎯 **Features Added**
- PDF file association configuration in Tauri
- Command line argument detection for opened files
- Automatic file loading when app is launched via "Open with"
- Cross-platform support (Windows/macOS)
### 🔧 **Technical Changes**
- Added `fileAssociations` in `tauri.conf.json` for PDF files
- New `get_opened_file` Tauri command to detect file arguments
- `fileOpenService` with Tauri fs plugin integration
- `useOpenedFile` hook for React integration
- Improved backend health logging during startup (reduced noise)
### 🧪 **Testing**
See
* https://v2.tauri.app/start/prerequisites/
*
[DesktopApplicationDevelopmentGuide.md](DesktopApplicationDevelopmentGuide.md)
```bash
# Test file association during development:
cd frontend
npm install
cargo tauri dev --no-watch -- -- "path/to/file.pdf"
```
For production testing:
1. Build: npm run tauri build
2. Install the built app
3. Right-click PDF → "Open with" → Stirling-PDF
🚀 User Experience
- Users can now double-click PDF files to open them directly in
Stirling-PDF
- Files automatically load in the viewer when opened via file
association
- Seamless integration with OS file handling
---
## Checklist
### General
- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.
---------
Co-authored-by: Connor Yoh <connor@stirlingpdf.com>
Co-authored-by: James Brunton <james@stirlingpdf.com>
Co-authored-by: James Brunton <jbrunton96@gmail.com>
Adds granular privacy controls for analytics - splits single
enableAnalytics toggle into separate PostHog and Scarf controls with
improved admin
UX.
Backend Changes
Configuration (ApplicationProperties.java)
- Added enablePosthog and enableScarf boolean fields
- New methods: isPosthogEnabled(), isScarfEnabled() (null = enabled when
analytics is on)
Services
- PostHogService: Now checks isPosthogEnabled() instead of
isAnalyticsEnabled()
- ConfigController: Exposes new flags via API
- SettingsController: Changed endpoint from @RequestBody to
@RequestParam
Frontend Changes
Architecture
- Converted useAppConfig hook → AppConfigContext provider for global
access
- Added refetch() method for config updates without reload
New Features
1. AdminAnalyticsChoiceModal: First-launch modal when enableAnalytics
=== null
- Enable/disable without editing YAML
- Includes documentation link
2. Scarf Tracking System: Modular utility with React hook wrapper
- Respects config + per-service cookie consent
- Works from any code location (React or vanilla JS)
3. Enhanced Cookie Consent: Per-service toggles (PostHog and Scarf
separate)
Integration
- App.tsx: Added AppConfigProvider + scarf initializer
- HomePage.tsx: Shows admin modal when needed
- index.tsx: PostHog opt-out by default, service-level consent
Key Benefits
✅ Backward compatible (null defaults to enabled)
✅ Granular control per analytics service
✅ First-launch admin modal (no YAML editing)
✅ Privacy-focused with opt-out defaults
✅ API-based config updates
---------
Co-authored-by: Connor Yoh <connor@stirlingpdf.com>
This PR migrates the login features from V1 into V2.
---
- Login via username/password
- SSO login (Google & GitHub)
-- Fixed issue where users authenticating via SSO (OAuth2/SAML2) were
identified by configurable username attributes (email,
preferred_username, etc.), causing:
- Duplicate accounts when username attributes changed
- Authentication failures when claim/NameID configuration changed
- Data redundancy from same user having multiple accounts
- Added `sso_provider_id` column to store provider's unique identifier
(OIDC sub claim / SAML2 NameID)
- Added `sso_provider` column to store provider name (e.g., "google",
"github", "saml2")
- User.java:65-69
Backend Changes:
- Updated UserRepository with findBySsoProviderAndSsoProviderId() method
(UserRepository.java:25)
- Modified UserService.processSSOPostLogin() to implement lookup
priority:
a. Find by (`ssoProvider`, `ssoProviderId`) first
b. Fallback to username for backward compatibility
c. Automatically migrate existing users by adding provider IDs
(UserService.java:64-107)
- Updated saveUserCore() to accept and store SSO provider details
(UserService.java:506-566)
OAuth2 Integration:
- CustomOAuth2UserService: Extracts OIDC sub claim and registration ID
(CustomOAuth2UserService.java:49-59)
- CustomOAuth2AuthenticationSuccessHandler: Passes provider info to
processSSOPostLogin()
(CustomOAuth2AuthenticationSuccessHandler.java:95-108)
SAML2 Integration:
- CustomSaml2AuthenticationSuccessHandler: Extracts NameID from SAML2
assertion (CustomSaml2AuthenticationSuccessHandler.java:120-133)
---
- Configurable Rate Limiting
Changes:
- Added RateLimit configuration class to ApplicationProperties.Security
(ApplicationProperties.java:314-317)
- Made reset schedule configurable: security.rate-limit.reset-schedule
(default: "0 0 0 * * MON")
- Made max requests configurable: security.rate-limit.max-requests
(default: 1000)
- Updated RateLimitResetScheduler to use @Scheduled(cron =
"${security.rate-limit.reset-schedule:0 0 0 * * MON}")
(RateLimitResetScheduler.java:16)
- Updated SecurityConfiguration.rateLimitingFilter() to use configured
value (SecurityConfiguration.java:377)
---
- Enable access without security features
Backend:
- Added /api/v1/config to permitAll endpoints
(SecurityConfiguration.java:261)
- Config endpoint already returns enableLogin status
(ConfigController.java:60)
Frontend:
- AuthProvider now checks enableLogin before attempting JWT validation
(UseSession.tsx:98-112)
- If enableLogin=false, skips authentication entirely and sets
session=null
- Landing component bypasses auth check when enableLogin=false
(Landing.tsx:42-46)
- Added createAnonymousUser() and createAnonymousSession() utilities
(springAuthClient.ts:440-464)
Closes#3046
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [x] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludy <Ludy87@users.noreply.github.com>
Co-authored-by: EthanHealy01 <80844253+EthanHealy01@users.noreply.github.com>
Co-authored-by: Ethan <ethan@MacBook-Pro.local>
Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com>
# Description of Changes
Fixed getTargetSize to never make an early null return, instead throw an
appropriate customException when the submitted doc has 0 pages.
### Why this change was made:
- If getTargetSize returned null, the call targetSize.getWidth() would
throw a NullPointerException immediately.
- PDDocument.getNumberOfPages() can be 0 e.g., new PDDocument() or a
loader/factory that produced an empty document for a malformed or
partial upload, or a custom pdfDocumentFactory that creates an empty
document in some error paths.
- Replacing the null return with throw
ExceptionUtils.createInvalidPageSizeException("KEEP"): it fails fast
with a clear error instead of producing an NPE.
<!--
Please provide a summary of the changes, including:
- What was changed
- Why the change was made
- Any challenges encountered
Closes #(issue_number)
-->
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Signed-off-by: Balázs Szücs <bszucs1209@gmail.com>
# Description of Changes
This pull request introduces full support for generating true CBR (Comic
Book RAR) archives from PDF files using the local RAR CLI
### CBR Conversion Implementation:
- Refactored `PdfToCbrUtils.java` to generate image files for each PDF
page, invoke the RAR CLI to create a `.cbr` archive, and clean up
temporary files after conversion..
### Dependency & Endpoint Management:
- Added RAR as a required external dependency in
`ExternalAppDepConfig.java` and checks for its availability, disabling
related endpoints if missing.
- Registered new endpoints under the "RAR" group in
`EndpointConfiguration.java` and updated group validation logic.
### Controller and API Updates:
- Updated the API controller to clarify that the output is a true CBR
archive created with RAR, not ZIP-based.
- Modified the web controller to check for endpoint availability and
return a 404 error if the CBR conversion feature is disabled.
### Sample logs/verification:
Conversion command
> 23:12:41.552 [qtp1634254747-43] INFO s.s.common.util.ProcessExecutor -
Running command: rar a -m5 -ep1 output.cbr page_001.png
> 23:12:41.571 [Thread-25] INFO s.s.common.util.ProcessExecutor -
> 23:12:41.571 [Thread-25] INFO s.s.common.util.ProcessExecutor - RAR
7.12 Copyright (c) 1993-2025 Alexander Roshal 23 Jun 2025
> 23:12:41.571 [Thread-25] INFO s.s.common.util.ProcessExecutor - Trial
version Type 'rar -?' for help
> 23:12:41.571 [Thread-25] INFO s.s.common.util.ProcessExecutor -
> 23:12:41.571 [Thread-25] INFO s.s.common.util.ProcessExecutor -
Evaluation copy. Please register.
> 23:12:41.571 [Thread-25] INFO s.s.common.util.ProcessExecutor -
> 23:12:41.572 [Thread-25] INFO s.s.common.util.ProcessExecutor -
Creating archive output.cbr
> 23:12:41.578 [Thread-25] INFO s.s.common.util.ProcessExecutor -
> 23:12:41.587 [Thread-25] INFO s.s.common.util.ProcessExecutor - Adding
page_001.png OK
> 23:12:41.587 [Thread-25] INFO s.s.common.util.ProcessExecutor - Done
Verification whether its RAR (not included in the code; was to verify
whether the code works)
> ~/Downloads
> ❯ unrar l lorem-ipsum_converted.cbr
>
> UNRAR 7.12 freeware Copyright (c) 1993-2025 Alexander Roshal
>
> Archive: lorem-ipsum_converted.cbr
> Details: RAR 5
>
> Attributes Size Date Time Name
> ----------- --------- ---------- ----- ----
> -rw-r--r-- 105955 2025-10-07 23:12 page_001.png
> ----------- --------- ---------- ----- ----
> 105955 1
Logs on startup with no RAR CLI
> INFO:unoserver:Started.
> 12:09:16.592 [main] INFO s.s.p.s.configuration.DatabaseConfig - Using
default H2 database
> INFO:unoserver:Server PID: 46
> 12:09:21.281 [main] INFO s.s.c.config.TempFileConfiguration - Created
temporary directory: /tmp/stirling-pdf/stirling-pdf
> 12:09:21.329 [main] WARN s.s.SPDF.config.ExternalAppDepConfig -
Missing dependency: rar - Disabling group: RAR (Affected features:
Pdf/cbr, PDF To Cbr)
> 12:09:22.066 [main] INFO s.s.S.config.EndpointConfiguration - Disabled
tool groups: RAR (endpoints may have alternative implementations)
> 12:09:22.066 [main] INFO s.s.S.config.EndpointConfiguration - Disabled
functional groups: enterprise
> 12:09:22.066 [main] INFO s.s.S.config.EndpointConfiguration - Total
disabled endpoints: 3. Disabled endpoints: pdf-to-cbr, pdf/cbr,
url-to-pdf
> 12:09:22.407 [main] INFO s.s.p.s.service.DatabaseService - Source
directory does not exist: configs/db/backup
> 12:09:23.092 [main] INFO s.software.common.util.FileMonitor -
Monitoring directory: ./pipeline/watchedFolders
> 12:09:23.721 [main] INFO s.s.c.service.TempFileCleanupService -
Created LibreOffice temp directory:
/tmp/stirling-pdf/stirling-pdf/libreoffice
<!--
Please provide a summary of the changes, including:
- What was changed
- Why the change was made
- Any challenges encountered
Closes #(issue_number)
-->
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Signed-off-by: Balázs Szücs <bszucs1209@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Google drive oss. Shouldn't have any effect on pr deployment.
Mainly the removal of the old integration via backend.
I have added the picker service and lazy loading of the required google
dependency scripts when the necessary environment variables have been
implemented.
---------
Co-authored-by: Connor Yoh <connor@stirlingpdf.com>
Co-authored-by: James Brunton <jbrunton96@gmail.com>
