Jennie Robinson Faber 4d44e7045c refactor(rate-limit): delegate auth limiting to handlers, add dev bypass ... Main's middleware-level auth limiter (5 req / 5 min, IP-only) duplicated the handler-level limiter introduced earlier on this branch (5/hr IP + 3/hr per-email, blocks email enumeration across IPs). Drop the middleware version and let the handlers own it. Added ALLOW_DEV_TEST_ENDPOINTS bypass to the rateLimit utility so parallel E2E runs from 127.0.0.1 don't exhaust per-IP/email budgets, mirroring the existing middleware bypass. Trimmed the obsolete middleware auth test; handler-level coverage lives in tests/server/api/auth-{login,verify}.test.js. Switched IP-isolation test to the payment path so it still exercises the limiter.		2026-04-27 19:18:34 +01:00
..
activityLog.js	feat: board post + channel API routes	2026-04-14 16:25:42 +01:00
adminAlerts.js	feat(admin): add restore dismissed alerts flow	2026-04-08 12:22:35 +01:00
auth.js	feat(launch): security and correctness fixes for 2026-05-01 launch	2026-04-25 18:42:36 +01:00
checkSlackJoins.js	feat(slack): add background job to detect Slack workspace joins	2026-04-09 22:32:48 +01:00
escapeHtml.js	Implement OWASP ASVS L1 security remediation (Phases 0-2)	2026-03-01 12:53:18 +00:00
escapeRegex.js	refactor: extract escapeRegex and validateTagSlugs server utils	2026-04-09 23:51:56 +01:00
helcim.js	refactor(helcim): normalize listHelcimCustomerCards return shape	2026-04-27 19:16:32 +01:00
loadEvent.js	fix(events): enforce series-pass, hidden, and deadline gates	2026-04-20 19:03:34 +01:00
loadSeries.js	refactor(series): extract loadPublicSeries helper	2026-04-27 19:16:32 +01:00
magicLink.js	refactor(env): unify required-env validation through useRuntimeConfig	2026-04-26 14:47:02 +01:00
memberNumber.js	Huge bunch of UI/UX improvements and tweaks!	2026-04-06 16:17:12 +01:00
mongoose.js	refactor(env): unify required-env validation through useRuntimeConfig	2026-04-26 14:47:02 +01:00
oidc-mongodb-adapter.ts	Add OIDC provider for Outline wiki SSO	2026-03-01 15:46:01 +00:00
oidc-provider.ts	fix(auth): auto-submit OIDC logout form to eliminate xsrf desync	2026-04-15 18:26:51 +01:00
outline.js	Member/Ecology revamp.	2026-04-14 09:25:09 +01:00
payments.js	refactor(env): unify required-env validation through useRuntimeConfig	2026-04-26 14:47:02 +01:00
paymentTypes.js	refactor(payments): extract PAYMENT_METADATA_TYPE constants	2026-04-27 19:16:32 +01:00
rateLimit.js	refactor(rate-limit): delegate auth limiting to handlers, add dev bypass	2026-04-27 19:18:34 +01:00
resend.js	refactor(env): unify required-env validation through useRuntimeConfig	2026-04-26 14:47:02 +01:00
schemas.js	refactor(payments): extract PAYMENT_METADATA_TYPE constants	2026-04-27 19:16:32 +01:00
slack.ts	feat(server): rename contributionTier → contributionAmount in routes + utils	2026-04-19 18:44:29 +01:00
syncWikiArticles.js	Member/Ecology revamp.	2026-04-14 09:25:09 +01:00
tickets.js	fix(events): gate members-only events in calculateTicketPrice	2026-04-20 20:12:24 +01:00
validateBody.js	Add Zod validation, fix mass assignment, remove test endpoints and dead code	2026-03-01 14:02:46 +00:00
validateTagSlugs.js	refactor: extract escapeRegex and validateTagSlugs server utils	2026-04-09 23:51:56 +01:00