ghostguild-org

History

Jennie Robinson Faber 4d44e7045c Some checks failed Test / playwright (push) Blocked by required conditions Details Test / Notify on failure (push) Blocked by required conditions Details Test / visual (push) Blocked by required conditions Details Test / vitest (push) Has been cancelled Details refactor(rate-limit): delegate auth limiting to handlers, add dev bypass Main's middleware-level auth limiter (5 req / 5 min, IP-only) duplicated the handler-level limiter introduced earlier on this branch (5/hr IP + 3/hr per-email, blocks email enumeration across IPs). Drop the middleware version and let the handlers own it. Added ALLOW_DEV_TEST_ENDPOINTS bypass to the rateLimit utility so parallel E2E runs from 127.0.0.1 don't exhaust per-IP/email budgets, mirroring the existing middleware bypass. Trimmed the obsolete middleware auth test; handler-level coverage lives in tests/server/api/auth-{login,verify}.test.js. Switched IP-isolation test to the payment path so it still exercises the limiter.		2026-04-27 19:18:34 +01:00
..
api	refactor(helcim): collapse redundant Member queries in subscription.post.js	2026-04-27 19:16:32 +01:00
config	feat(contributions): rewrite server config as preset-based helpers	2026-04-19 18:12:44 +01:00
emails	feat(payments): add upsertPaymentFromHelcim helper with idempotent insert	2026-04-20 13:15:38 +01:00
middleware	refactor(rate-limit): delegate auth limiting to handlers, add dev bypass	2026-04-27 19:18:34 +01:00
migrations	refactor(community): rename Community Connections → Community Ecology	2026-04-09 09:07:15 +01:00
models	feat(payments): persist helcimCustomerCode + skip getOrCreateCustomer on card-on-file	2026-04-27 19:16:32 +01:00
plugins	refactor(env): unify required-env validation through useRuntimeConfig	2026-04-26 14:47:02 +01:00
routes	refactor(env): unify required-env validation through useRuntimeConfig	2026-04-26 14:47:02 +01:00
utils	refactor(rate-limit): delegate auth limiting to handlers, add dev bypass	2026-04-27 19:18:34 +01:00