rebreak-monorepo

chahine/rebreak-monorepo

Fork 0

Commit Graph

Author	SHA1	Message	Date
chahinebrini	0e4c3787c2	feat(backend): DoH handshake endpoint for protected-device auto-activation POST /api/devices/protected/handshake — server-to-server endpoint called by the AdGuard log-watcher whenever a Mac with our DNS-profile makes a DoH query with its dnsToken embedded in the path (/dns-query/<token>). - Idempotent: pending → active on first hit, lastDnsQueryAt always updated - Auth: shared secret via x-handshake-secret (Infisical: HANDSHAKE_SECRET, must be set before enabling the watcher) - Revoked tokens are silently ignored (no info leak to potential attackers) - Realtime publication added so the native app auto-advances the AddMacSheet flow when status flips (no "I've installed it" button needed anymore)	2026-05-15 22:41:17 +02:00
chahinebrini	335945fe2c	feat(tier): plan limits Rev.2 + downgrade reconciliation + change-preview (Phase 2 backend) - plan-features.ts: globalBlocklist 'curated'\|'full' (curated = 30-domain stub, TODO real ~1-2k HaGeZi subset); maxAppDevices vs maxProtectedDevices split (legend maxProtectedDevices: 2); mail 1/3/Infinity - limit-enforcement structured errors on mail/connect, custom-domains/add, devices/enroll ({ error:'plan_limit', resource, current, limit }); approved-own-submissions already excluded from custom-domain count (slot frees on approval) - server/utils/downgrade-reconciliation.ts: founding-member exemption; re-upgrade reactivates paused mail + degraded devices; downgrade pauses newest-N mail accounts (isActive=false, pausedAt, pausedReason; pre-pause sets nextScanAt=now for a final sweep — real direct IMAP scan is TODO/stub); degrades excess device profiles (status='degraded', degradedAt); free → globalBlocklistGraceUntil = now+14d; custom domains grandfathered - set-plan.post.ts + stripe/webhook.post.ts: run reconciliation on plan change; set-plan accepts { foundingMember } for testing - GET /api/plan/change-preview?to=<plan>: gains/keeps/changes per resource (8 axes), founding-member → direction 'same' - me.get.ts: + foundingMember, globalBlocklistGraceUntil, planLimits block - blocklist + mail-scan honour globalBlocklistGraceUntil (grace → treat as 'full') - db: countMailConnections/getMailConnections exclude paused; getAllMailConnections; getDeviceBlocklistMode (active\|grace\|passthrough\|revoked) - migration 20260511_tier_system_phase2 (profiles.founding_member + global_blocklist_grace_until; mail_connections.paused_at/paused_reason; protected_devices.degraded_at). prisma generate + build:backend clean. TODOs (separate tickets): founding-member auto-counter on signup; real direct IMAP final-scan (not just nextScanAt nudge); real curated blocklist data + wiring the stub into the blocklist response for free users. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-11 16:23:02 +02:00
chahinebrini	677b67902b	feat(devices): protected device enrollment + mobileconfig generator Backend: - ProtectedDevice prisma model + migration add_protected_devices - DB helpers: list/count/get/create/confirm/revoke - mobileconfig.ts utility — XML-escape, unique UUIDs per request - 5 endpoints under /api/devices/* (avoid /api/devices conflict with existing Capacitor UserDevice route by using /api/devices/protected for list) Phase 1: backend ready. DoH-server token-routing comes in phase 2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-11 04:06:49 +02:00

Author

SHA1

Message

Date

chahinebrini

0e4c3787c2

feat(backend): DoH handshake endpoint for protected-device auto-activation

POST /api/devices/protected/handshake — server-to-server endpoint called by
the AdGuard log-watcher whenever a Mac with our DNS-profile makes a DoH query
with its dnsToken embedded in the path (/dns-query/<token>).

- Idempotent: pending → active on first hit, lastDnsQueryAt always updated
- Auth: shared secret via x-handshake-secret (Infisical: HANDSHAKE_SECRET,
  must be set before enabling the watcher)
- Revoked tokens are silently ignored (no info leak to potential attackers)
- Realtime publication added so the native app auto-advances the AddMacSheet
  flow when status flips (no "I've installed it" button needed anymore)

2026-05-15 22:41:17 +02:00

chahinebrini

335945fe2c

feat(tier): plan limits Rev.2 + downgrade reconciliation + change-preview (Phase 2 backend)

- plan-features.ts: globalBlocklist 'curated'|'full' (curated = 30-domain stub,
  TODO real ~1-2k HaGeZi subset); maxAppDevices vs maxProtectedDevices split
  (legend maxProtectedDevices: 2); mail 1/3/Infinity
- limit-enforcement structured errors on mail/connect, custom-domains/add, devices/enroll
  ({ error:'plan_limit', resource, current, limit }); approved-own-submissions already
  excluded from custom-domain count (slot frees on approval)
- server/utils/downgrade-reconciliation.ts: founding-member exemption; re-upgrade
  reactivates paused mail + degraded devices; downgrade pauses newest-N mail accounts
  (isActive=false, pausedAt, pausedReason; pre-pause sets nextScanAt=now for a final
  sweep — real direct IMAP scan is TODO/stub); degrades excess device profiles
  (status='degraded', degradedAt); free → globalBlocklistGraceUntil = now+14d;
  custom domains grandfathered
- set-plan.post.ts + stripe/webhook.post.ts: run reconciliation on plan change;
  set-plan accepts { foundingMember } for testing
- GET /api/plan/change-preview?to=<plan>: gains/keeps/changes per resource (8 axes),
  founding-member → direction 'same'
- me.get.ts: + foundingMember, globalBlocklistGraceUntil, planLimits block
- blocklist + mail-scan honour globalBlocklistGraceUntil (grace → treat as 'full')
- db: countMailConnections/getMailConnections exclude paused; getAllMailConnections;
  getDeviceBlocklistMode (active|grace|passthrough|revoked)
- migration 20260511_tier_system_phase2 (profiles.founding_member +
  global_blocklist_grace_until; mail_connections.paused_at/paused_reason;
  protected_devices.degraded_at). prisma generate + build:backend clean.

TODOs (separate tickets): founding-member auto-counter on signup; real direct IMAP
final-scan (not just nextScanAt nudge); real curated blocklist data + wiring the
stub into the blocklist response for free users.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-11 16:23:02 +02:00

chahinebrini

677b67902b

feat(devices): protected device enrollment + mobileconfig generator

Backend:
- ProtectedDevice prisma model + migration add_protected_devices
- DB helpers: list/count/get/create/confirm/revoke
- mobileconfig.ts utility — XML-escape, unique UUIDs per request
- 5 endpoints under /api/devices/* (avoid /api/devices conflict with existing
  Capacitor UserDevice route by using /api/devices/protected for list)

Phase 1: backend ready. DoH-server token-routing comes in phase 2.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-11 04:06:49 +02:00

3 Commits