1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-06-09 01:17:06 +02:00
Commit Graph

12 Commits

Author SHA1 Message Date
Gastón Fournier
1724219487
feat: encrypt emails at rest for demo login (#5759)
## About the changes
This allows us to encrypt emails at signup for demo users to further
secure our demo instance. Currently, emails are anonymized before
displaying events performed by demo users. But this means that emails
are stored at rest in our DB. By encrypting the emails at login, we're
adding another layer of protection.

This can be enabled with a flag and requires the encryption key and the
initialization vector (IV for short) to be present as environment
variables.
2024-01-05 14:21:20 +01:00
Gastón Fournier
6f8f21fd48
chore: expose type and more fixes (#5268)
Expose new interface while also getting rid of unneeded compiler ignores

None of the changes should add new security risks, despite this report:
> Code scanning results / CodeQL Failing after 4s — 2 new alerts
including 2 high severity security vulnerabilities

Not sure what that means, maybe a removed ignore...
2023-11-03 17:36:50 +01:00
Christopher Kolstad
6673d131fe
feat: biome lint (#4853)
This commit changes our linter/formatter to biome (https://biomejs.dev/)
Causing our prehook to run almost instantly, and our "yarn lint" task to
run in sub 100ms.

Some trade-offs:
* Biome isn't quite as well established as ESLint
* Are we ready to install a different vscode plugin (the biome plugin)
instead of the prettier plugin


The configuration set for biome also has a set of recommended rules,
this is turned on by default, in order to get to something that was
mergeable I have turned off a couple the rules we seemed to violate the
most, that we also explicitly told eslint to ignore.
2023-09-29 14:18:21 +02:00
David Leek
f35d9390c1
chore: deprecate username on api-tokens (#3616)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

This deprecates the `username` properties on api-token schemas, and adds
a `tokenName` property.
DB field `username` has been renamed to `token_name`, migration added
for the rename.
Both `username` and `tokenName` can be used when consuming the service,
but only one of them.

## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->

There's a couple of things I'd like to get opinions on and discuss:
- Frontend still uses the deprecated `username` property
- ApiTokenSchema is used both for input and output of `Create`
controller endpoints and should be split out into separate schemas. I'll
set up a task for this

---------

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-04 09:56:00 +02:00
olav
e8d542af0f
feat: embed proxy endpoints (#1926)
* refactor: remove unused API definition routes

* feat: add support for proxy keys

* feat: support listening for any event

* feat: embed proxy endpoints

* refactor: add an experimental flag for the embedded proxy
2022-08-16 15:33:33 +02:00
olav
ee35c7ad74
refactor: replace ts-ignore with ts-expect-error (#1675)
* refactor: replace ts-ignore with ts-expect-error

* refactor: remove unused ts-expect-errors
2022-06-07 11:49:17 +02:00
renovate[bot]
f52f1cadac
chore(deps): update dependency eslint-config-airbnb-typescript to v16.1.0 (#1147)
* chore(deps): update dependency eslint-config-airbnb-typescript to v16.1.0

* chore: Update a few places with eslint-ignore due to new linter rules for optional parameters

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: sighphyre <liquidwicked64@gmail.com>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-04-25 13:14:43 +02:00
Ivar Conradi Østhus
131eeeaa78
fix: demo-auth should use /auth path 2021-10-26 23:04:44 +02:00
Christopher Kolstad
62b121285c
Create a apiuser for demo auth. (#1045)
- If api token middleware is disabled, still allow calls to /api/client with a
  populated fake api user with client access.
2021-10-20 13:16:07 +02:00
Christopher Kolstad
28d0238732
add try-catch to demo auth middleware (#1044)
- Since we validate email used in auth the route function needs to
  handle the possibility that userService.loginUserWithoutPassword can
  throw.
2021-10-19 14:24:23 +02:00
Ivar Conradi Østhus
c4b697b57d
Feat/api key scoping (#941)
Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
Christopher Kolstad
ff7be7696c
fix: Stores as typescript and with interfaces. (#902)
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00