Move sign out below wiki button, tweak hover color, remove email
field label, rename 'Join Ghost Guild' to 'Pre-Register', and
remove 'Don't have an account?' text from login modal.
Hide 'Coming Soon' text when authenticated, change greeting to
'Welcome, Name' with inline underlined sign-out link, and force
Inter (font-sans) on all text.
Remove redundant checkMemberStatus() from coming-soon page since the
auth-init plugin already handles it. Add in-flight request deduplication
to prevent concurrent calls from any source. Strip debug console.logs.
The .woff2 files are missing from public/fonts/, causing failed requests
that 302 redirect and stall page load (16+ seconds). Swap display font
to Georgia as a fallback until Quietism files are available.
Instead of sending members directly to the wiki (where they hit
Outline's login page and have to click again), land them on the
coming-soon page which shows a welcome message and wiki link.
Adds memberInviteSchema and bulkMemberImportSchema needed by the invite
and CSV import endpoints. Adds inviteEmailSent/inviteEmailSentAt fields
to member model. Adds the bulk import API route.
Native <input type="checkbox"> elements were invisible in production
because @tailwindcss/forms is not installed. UCheckbox renders properly
with the Nuxt UI theme.
Coming-soon page now shows a magic link login form for unauthenticated
visitors and a wiki link + sign out for logged-in members. The
coming-soon middleware allows /admin routes through (still protected by
admin middleware). A /login redirect page ensures invite email links work.
Invite tokens now include a redirect claim so the verify endpoint
can distinguish them from regular login tokens. Only invite links
redirect to wiki.ghostguild.org; normal logins go to /members.
Invite emails now include both plain text and HTML versions. The
{loginLink} placeholder renders as a styled button in HTML email
clients. Other URLs in the template are auto-linked. The auth verify
endpoint redirects to wiki.ghostguild.org instead of /members.
Remove auth bypass from coming-soon middleware so no one can access
the in-development site in production. Remove unused login button
from coming-soon page since wiki has its own OIDC login flow.
Replace generic card layout with editorial-style login gate using
display typography, gradient divider, scoped CSS with design system
tokens, and smooth form-to-confirmation transitions.
The oidc-provider generates form actions using http:// despite proxy
trust settings, causing an insecure form submission warning. Rewrite
the form action URL to https:// before rendering.
The oidc-provider generates form actions with http:// URLs that
conflict with the CSP form-action directive. OIDC routes serve
self-contained HTML outside Nuxt, so CSP is not needed there.
The OIDC provider was falling back to config.public.appUrl for its
issuer, which could resolve to an http:// URL. This caused the logout
form action to use http://, violating the CSP form-action directive.
Hardcode the issuer fallback to https://ghostguild.org.
- Simplified the magic link email format to plain text for better compatibility.
- Updated the welcome email to use plain text and changed the sender address to match the domain.
- Enhanced event registration email format to plain text, removing HTML styling for a cleaner approach.
Add guild-styled HTML templates for OIDC logout confirmation, post-logout
success, and error pages. Update wiki login heading to brand convention
(candlelight + warm-text). Restyle magic link email from blue to guild
colour tokens.
Add JWT-verified session check to coming-soon middleware so logged-in
members can access the full site. Add member login link and modal to
the coming-soon page so members can sign in before launch.
The /oidc/[...] server catch-all was intercepting /oidc/login before
the Nuxt page router could render it. Moving the page outside /oidc/
avoids the conflict entirely.
The server catch-all route was intercepting /oidc/login and passing
it to oidc-provider, which returned 404. Now it falls through to
the Vue page router instead.
Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.
Configure oidc-provider routes with explicit /oidc prefix so the
discovery document and token endpoints resolve correctly. Previously
the catch-all stripped the prefix, causing the provider to generate
URLs without it.
Add oidc-provider with MongoDB adapter so ghostguild.org can act as
the identity provider for the self-hosted Outline wiki. Members
authenticate via the existing magic-link flow, with automatic SSO
when an active session exists. Includes interaction routes, well-known
discovery endpoint, and login page.
- Add centralized Zod schemas (server/utils/schemas.js) and validateBody
utility for all API endpoints
- Fix critical mass assignment in member creation: raw body no longer
passed to new Member(), only validated fields (email, name, circle,
contributionTier) are accepted
- Apply Zod validation to login, profile patch, event registration,
updates, verify-payment, and admin event creation endpoints
- Fix logout cookie flags to match login (httpOnly: true, secure
conditional on NODE_ENV)
- Delete unauthenticated test/debug endpoints (test-connection,
test-subscription, test-bot)
- Remove sensitive console.log statements from Helcim and member
endpoints
- Remove unused bcryptjs dependency
- Add 10MB file size limit on image uploads
- Use runtime config for JWT secret across all endpoints
- Add 38 validation tests (117 total, all passing)
Auth: Add requireAuth/requireAdmin guards with JWT cookie verification,
member status checks (suspended/cancelled = 403), and admin role
enforcement. Apply to all admin, upload, and payment endpoints. Add
role field to Member model.
CSRF: Double-submit cookie middleware with client plugin. Exempt
webhook and magic-link verify routes.
Headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection,
Referrer-Policy, Permissions-Policy on all responses. HSTS and CSP
(Helcim/Cloudinary/Plausible sources) in production only.
Rate limiting: Auth 5/5min, payment 10/min, upload 10/min, general
100/min via rate-limiter-flexible, keyed by client IP.
XSS: DOMPurify sanitization on marked() output with tag/attr
allowlists. escapeHtml() utility for email template interpolation.
Anti-enumeration: Login returns identical response for existing and
non-existing emails. Remove 404 handling from login UI components.
Mass assignment: Remove helcimCustomerId from profile allowedFields.
Session: 7-day token expiry, refresh endpoint, httpOnly+secure cookies.
Environment: Validate required secrets on startup via server plugin.
Remove JWT_SECRET hardcoded fallback.
Set up Vitest with server (node) and client (jsdom) test projects.
79 tests across 8 files verify all Phase 0-1 security controls:
escapeHtml sanitization, DOMPurify markdown XSS prevention, CSRF
enforcement, security headers, rate limiting, auth guards, profile
field allowlist, and login anti-enumeration. Updated SECURITY_EVALUATION.md
with remediation status, implementation summary, and automated test
coverage details.
Upgrade nuxt 4.0.3→4.3.1, @nuxt/ui 4.0.0→4.5.0, vue 3.5.20→3.5.29,
jsonwebtoken 9.0.2→9.0.3, mongoose 8.18.0→8.23.0, and 12 other packages.
Bump @nuxtjs/plausible to v3 and marked to v17. Remove vue-router from
explicit dependencies (Nuxt manages it internally). Reduces audit
vulnerabilities from 42 to 17.
Replace ghost/whisper/sparkle color palettes with guild/candlelight/parchment/ember/earth tokens.
Switch typography from NB Television Pro to Quietism serif. Update all 25 Vue components,
layouts, and pages to new design system. Add circle color tokens, typography scale, prose-guild
class, and warm texture effects. Clean up stale documentation files.
Standardizes color values and styling using the new tokens:
- Replaces hardcoded colors with semantic variables
- Updates background/text/border classes for light/dark mode
- Migrates inputs to UInput/USelect/UTextarea components
- Removes redundant style declarations
