🛂 Auto ban IP on suspected bot publishing #1095
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
WalkthroughThe recent updates focus on enhancing authentication and security features. The sign-in process now includes more detailed error handling. Authentication now utilizes a dynamic Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on X ? TipsChat with CodeRabbit Bot (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review Status
Actionable comments generated: 8
Configuration used: CodeRabbit UI
Files selected for processing (13)
- apps/builder/src/features/auth/components/SignInForm.tsx (1 hunks)
- apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts (2 hunks)
- apps/builder/src/features/publish/components/PublishButton.tsx (3 hunks)
- apps/builder/src/features/typebot/api/publishTypebot.ts (2 hunks)
- apps/builder/src/helpers/server/context.ts (1 hunks)
- apps/builder/src/pages/api/auth/[...nextauth].ts (5 hunks)
- apps/builder/src/pages/feedback.tsx (1 hunks)
- apps/builder/src/pages/feedback/[feedbackId].ts (2 hunks)
- apps/builder/src/pages/index.tsx (2 hunks)
- packages/lib/getIp.ts (1 hunks)
- packages/prisma/mysql/schema.prisma (1 hunks)
- packages/prisma/postgresql/migrations/20231211105520_add_banned_ip_table/migration.sql (1 hunks)
- packages/prisma/postgresql/schema.prisma (1 hunks)
Additional comments: 24
apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts (2)
2-2: The update to use
getAuthOptionsfrom@/pages/api/auth/[...nextauth]aligns with the PR objectives and the AI-generated summary.18-20: The use of
getAuthOptionswithingetServerSessionis consistent with the PR objectives and the AI-generated summary.apps/builder/src/features/publish/components/PublishButton.tsx (2)
35-35: The addition of the
useUserhook import aligns with the PR's objective to enhance security by handling sign-in errors and potentially logging out users when necessary.74-80: The use of
logOutin response to a 403 HTTP status code is a good security practice. Ensure that theerror.dataobject always includes thehttpStatusproperty to prevent potential runtime errors.
The ast-grep search did not return any instances of similar error handling patterns in the codebase. This means there's no direct evidence of inconsistency or error in the implementation of the
httpStatuscheck. However, without further evidence, we cannot fully confirm the consistency of error handling across the codebase.apps/builder/src/features/typebot/api/publishTypebot.ts (4)
40-43:
The addition of theipparameter in thepublishTypebotfunction's context is consistent with the PR's objective to enhance security by banning IPs suspected of bot activity.121-126:
The conditional creation of abannedIprecord based on the presence of anipand a high risk level is a secure and efficient approach to handling suspected bot activity.127-129:
The error handling for high-risk typebots with a clear and informative message is well-implemented, enhancing the user's understanding of the situation.118-129: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [41-129]
The use of
prismafor database operations andTRPCErrorfor error handling within thepublishTypebotfunction is consistent and follows best practices.apps/builder/src/helpers/server/context.ts (3)
4-12: The changes to
createContextto include the user's IP address using thegetIpfunction are correctly implemented and align with the PR's objectives.4-4: The addition of the
getIpfunction from@typebot.io/lib/getIpis correctly placed and is a necessary part of the feature implementation.15-15: Ensure that all usages of the
Contexttype across the codebase are updated to handle the newipproperty.
The search for the
Contexttype across the codebase has returned many results, but not all of them are relevant to theContexttype fromapps/builder/src/helpers/server/context.ts. The relevant files that need to be checked for the handling of the newipproperty are:
apps/viewer/src/helpers/server/trpc.tsapps/builder/src/helpers/server/context.tsapps/builder/src/helpers/server/trpc.tsThese files import and use the
Contexttype fromcontext.tsand should be updated to handle the newipproperty. Other occurrences ofContextin the output are related to different contexts or are part of file names, imports, or other code structures that are not directly related to theContexttype in question.Given this information, the final review comment would be:
Ensure that all usages of the
Contexttype fromapps/builder/src/helpers/server/context.tsacross the codebase are updated to handle the newipproperty. Specifically, check the following files for necessary updates:
apps/viewer/src/helpers/server/trpc.tsapps/builder/src/helpers/server/trpc.tsapps/builder/src/pages/api/auth/[...nextauth].ts (1)
- 125-135: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [128-187]
The change from
authOptionstogetAuthOptionsalters the exported API and will require updates whereverauthOptionsis consumed. Verify that all usages ofauthOptionshave been updated to callgetAuthOptionswith the appropriate arguments.
The verification process has confirmed that the
authOptionsexport has been successfully replaced with thegetAuthOptionsfunction across the codebase. The new function is being used correctly with the appropriate arguments where required.Final review comment:
The transition from
authOptionstogetAuthOptionshas been successfully implemented and is being used correctly in the updated files. No further action is needed.apps/builder/src/pages/feedback.tsx (3)
6-6: The import of
getAuthOptionsaligns with the PR's objective to replaceauthOptionswith a function that can handle dynamic scenarios.13-18: The update to
getServerSidePropsto usegetAuthOptions({})is in line with the new approach for handling authentication options dynamically.3-21: No further issues detected in the provided hunk. The changes are consistent with the PR's objectives and the AI-generated summary.
apps/builder/src/pages/feedback/[feedbackId].ts (3)
5-5: The import of
getAuthOptionsaligns with the PR objectives to replaceauthOptionswith a function that can handle restricted scenarios.13-18: The update to
getServerSidePropsto usegetAuthOptions({})is consistent with the PR objectives to enhance security by handling sign-in errors and session retrieval more effectively.17-17: Verify if the
getAuthOptionsfunction is intended to be called with an empty object{}or if it requires specific arguments to handle restricted scenarios.
#!/bin/bash # Search for any occurrence of `getAuthOptions` to understand its usage and parameters. ast-grep --lang typescript --pattern $'export function getAuthOptions($$$) { $$$ }'apps/builder/src/pages/index.tsx (2)
3-3: The import of
getAuthOptionsreplaces the previousauthOptionsimport, which is consistent with the PR objectives and the AI-generated summary.12-15: Verify that calling
getAuthOptionswith an empty object{}is the intended usage and that it correctly configures the session options.packages/lib/getIp.ts (1)
- 3-13: The implementation of the
getIpfunction correctly extracts the client's IP address from the Next.js API request object, considering both 'x-real-ip' and 'x-forwarded-for' headers. The handling of 'x-forwarded-for' as an array or a comma-separated string is appropriate.packages/prisma/mysql/schema.prisma (1)
- 364-368: The addition of the
BannedIpmodel with fieldsid,createdAt, andipis correctly defined according to Prisma schema conventions.packages/prisma/postgresql/migrations/20231211105520_add_banned_ip_table/migration.sql (1)
- 1-8: The SQL migration script for creating the
BannedIptable appears to be correctly structured with appropriate data types and a primary key constraint. Ensure that theidfield is compatible with the application's method of generating unique identifiers, and that theipfield is suitable for storing all potential IP address formats (IPv4 and IPv6).packages/prisma/postgresql/schema.prisma (1)
- 341-345: The addition of the
BannedIpmodel with fieldsid,createdAt, andipis consistent with the PR objectives and the AI-generated summaries. The fields and their types appear to be correctly defined for the intended purpose of storing banned IP addresses.
baptisteArno
force-pushed
the
feat/ban-ip
branch
from
73b9f23
to
94d6ff8
Compare
There was a problem hiding this comment.
Review Status
Actionable comments generated: 9
Configuration used: CodeRabbit UI
Files selected for processing (13)
- apps/builder/src/features/auth/components/SignInForm.tsx (1 hunks)
- apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts (2 hunks)
- apps/builder/src/features/publish/components/PublishButton.tsx (3 hunks)
- apps/builder/src/features/typebot/api/publishTypebot.ts (2 hunks)
- apps/builder/src/helpers/server/context.ts (1 hunks)
- apps/builder/src/pages/api/auth/[...nextauth].ts (5 hunks)
- apps/builder/src/pages/feedback.tsx (1 hunks)
- apps/builder/src/pages/feedback/[feedbackId].ts (2 hunks)
- apps/builder/src/pages/index.tsx (2 hunks)
- packages/lib/getIp.ts (1 hunks)
- packages/prisma/mysql/schema.prisma (1 hunks)
- packages/prisma/postgresql/migrations/20231211114706_add_banned_ip_table/migration.sql (1 hunks)
- packages/prisma/postgresql/schema.prisma (1 hunks)
Files skipped from review due to trivial changes (1)
- packages/prisma/postgresql/migrations/20231211114706_add_banned_ip_table/migration.sql
Additional comments: 27
apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts (2)
2-2: The update to use
getAuthOptionsfrom@/pages/api/auth/[...nextauth]aligns with the PR objectives to handle authentication options dynamically.18-20: The use of
getAuthOptionswithingetServerSessionis consistent with the PR's goal to enhance security by dynamically handling authentication options.apps/builder/src/features/publish/components/PublishButton.tsx (5)
35-35: The addition of the
useUserhook import aligns with the PR objectives and the AI-generated summary.48-48: The usage of
logOutfrom theuseUserhook within theonErrorcallback for handling 403 HTTP status errors is consistent with the PR objectives to enhance security.79-79: Verify that the
error.dataobject structure and the presence of thehttpStatusproperty are consistent with the expected error format from the backend.74-77: Displaying a toast message with the error description in the
onErrorcallback is a good practice for informing the user of issues during the publishing process.81-83: The
onSuccesscallback behavior of refetching the published typebot and potentially navigating the user is appropriate for the publishing flow.apps/builder/src/features/typebot/api/publishTypebot.ts (4)
40-43: The function signature for
publishTypebothas been updated to include anipparameter. This change aligns with the PR objective to enhance security by banning IPs suspected of bot activity.134-136: The error message provided for a high-risk level typebot is clear and informative, indicating that the bot is under manual review.
118-136: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [41-136]
The use of Prisma for database operations and
TRPCErrorfor error handling is consistent with best practices for a TypeScript application using these libraries.
- 118-136: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [41-136]
The implementation does not appear to leak any personally identifiable information (PII) or sensitive data in its operations or error messages.
apps/builder/src/helpers/server/context.ts (3)
4-4: The addition of the
getIpimport is consistent with the PR's objective to enhance security by handling IP-related functionality.8-12: The inclusion of the
ipin the context object is a significant change. Ensure that all downstream usage of thecreateContextfunction and theContexttype are updated to handle the newipproperty.
#!/bin/bash # Correcting the file type to search for createContext usage in TypeScript files. rg 'createContext' --type ts # Correcting the file type to search for Context type usage in TypeScript files. rg 'Context' --type ts
- 15-15: The
Contexttype correctly infers the return type fromcreateContext, which now includes theipproperty.apps/builder/src/pages/api/auth/[...nextauth].ts (3)
22-22: The import of
getIpis correctly added to support IP retrieval for the new banning feature.125-135: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [128-187]
The export of
authOptionshas been replaced withgetAuthOptions. Ensure that all consumers of this module are updated to use the new function signature.
The executed shell scripts aimed to verify if there were any files importing
authOptionsfrom theapps/builder/src/pages/api/auth/[...nextauth].tsmodule and to check for any usage ofauthOptions. The scripts did not produce any output, which suggests that there are no occurrences ofauthOptionsbeing imported or used in the codebase. This could mean that the change fromauthOptionstogetAuthOptionsmay not have affected any other files, or it could be an indication that the search was not comprehensive enough.Given the lack of output, it's not possible to definitively conclude that all consumers of the module have been updated to use the new function signature. However, the absence of any findings does suggest that there may not be any issues with the current state of the codebase regarding this change.
Final review comment:
The export of
authOptionshas been replaced withgetAuthOptions. The verification scripts did not find any imports or usage of the oldauthOptions, suggesting that there may not be any issues with the current state of the codebase regarding this change. However, it's recommended to ensure that all consumers of this module are updated to use the new function signature if they exist.
- 198-228: The
handlerfunction has been updated to usegetIpfor IP retrieval and to determine therestrictedstatus based on IP and request URL. This is in line with the new feature implementation.apps/builder/src/pages/feedback.tsx (2)
6-6: The import of
getAuthOptionsreplaces the previousauthOptionsimport, which is consistent with the PR objectives to handle authentication based on IP bans or rate limits.13-18: The
getServerSidePropsfunction has been updated to usegetAuthOptions({})when callinggetServerSession. This change is in line with the PR's goal to enhance security by handling sign-in based on dynamic conditions such as IP bans. Ensure that the empty object passed togetAuthOptionsis intentional and that any required options are being set within thegetAuthOptionsfunction.apps/builder/src/pages/feedback/[feedbackId].ts (3)
5-5: The import of
getAuthOptionsis consistent with the PR's objective to enhance security by using a function that can handle restricted scenarios based on IP bans or rate limits.14-18: The update to
getServerSidePropsto includegetAuthOptionsas an argument in thegetServerSessioncall is in line with the changes to the authentication handling.11-21: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [11-34]
The
createSSOTokenfunction and its usage withingetServerSidePropsappear to be correctly implemented and are not directly affected by the PR's changes.apps/builder/src/pages/index.tsx (2)
3-3: The import of
getAuthOptionsis consistent with the PR objectives and the AI-generated summary.12-16: The update to
getServerSidePropsto usegetAuthOptions({})is consistent with the PR objectives and the AI-generated summary. Ensure that thegetAuthOptionsfunction is designed to handle an empty object as an argument without any issues.
#!/bin/bash # Search for the `getAuthOptions` function to examine its implementation. ast-grep --lang javascript --pattern $'export function getAuthOptions($$$) { $$$ }'</blockquote></details> <details><summary>packages/prisma/mysql/schema.prisma (2)</summary><blockquote> * 364-368: The `BannedIp` model has been correctly added with the necessary fields and constraints. The `id` field uses `cuid()` for unique identifiers, `createdAt` is set to the current timestamp by default, and the `ip` field is marked as unique, which is appropriate for storing banned IP addresses. * 364-368: Verify that the `BannedIp` model has been added to the PostgreSQL schema as well, to ensure consistency across different database types used by the application. --- Final review comment: The `BannedIp` model has been successfully added to both MySQL and PostgreSQL schemas, ensuring consistency across different database types used by the application. </blockquote></details> <details><summary>packages/prisma/postgresql/schema.prisma (1)</summary><blockquote> * 341-345: The `BannedIp` model has been correctly added to the Prisma schema with appropriate fields and default values. The `ip` field is marked as unique, which is suitable for an IP banning feature to prevent duplicate entries for the same IP address. </blockquote></details></blockquote></details> </details>
| model BannedIp { | ||
| id String @id @default(cuid()) | ||
| createdAt DateTime @default(now()) | ||
| ip String @unique | ||
| } |
There was a problem hiding this comment.
Consider adding an updatedAt field to the BannedIp model to track when a record was last modified, which can be useful for auditing purposes.
model BannedIp {
id String @id @default(cuid())
createdAt DateTime @default(now())
+ updatedAt DateTime @default(now()) @updatedAt
ip String @unique
}Committable suggestion
❗ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| model BannedIp { | |
| id String @id @default(cuid()) | |
| createdAt DateTime @default(now()) | |
| ip String @unique | |
| } | |
| model BannedIp { | |
| id String @id @default(cuid()) | |
| createdAt DateTime @default(now()) | |
| updatedAt DateTime @default(now()) @updatedAt | |
| ip String @unique | |
| } |
| if (ip) { | ||
| const isIpAlreadyBanned = await prisma.bannedIp.findFirst({ | ||
| where: { | ||
| ip, | ||
| }, | ||
| }) | ||
| if (!isIpAlreadyBanned) | ||
| await prisma.bannedIp.create({ | ||
| data: { | ||
| ip, | ||
| }, | ||
| }) | ||
| } |
There was a problem hiding this comment.
The implementation to check for an existing banned IP and create a new entry if not found seems correct. However, consider using a transaction or upsert operation to ensure atomicity and prevent potential race conditions where simultaneous requests could lead to duplicate entries.
// Use a transaction or upsert to handle the operation atomically
const isIpAlreadyBanned = await prisma.$transaction(async (prisma) => {
const existingBan = await prisma.bannedIp.findUnique({
where: { ip },
});
if (!existingBan) {
await prisma.bannedIp.create({
data: { ip },
});
return false; // IP was not banned before and is now banned
}
return true; // IP was already banned
});| if (ip) { | ||
| const isIpAlreadyBanned = await prisma.bannedIp.findFirst({ | ||
| where: { | ||
| ip, | ||
| }, | ||
| }) | ||
| if (!isIpAlreadyBanned) | ||
| await prisma.bannedIp.create({ | ||
| data: { | ||
| ip, | ||
| }, | ||
| }) |
There was a problem hiding this comment.
Consider adding error handling for the database operations to gracefully handle any exceptions that may occur, especially since this is a security-related feature.
try {
// ... existing code to check and ban IP ...
} catch (error) {
console.error('Failed to check or ban IP:', error);
throw new TRPCError({ code: 'INTERNAL_SERVER_ERROR', message: 'An error occurred while processing your request.' });
}
packages/prisma/mysql/schema.prisma
Outdated
| model BannedIp { | ||
| id String @id @default(cuid()) | ||
| createdAt DateTime @default(now()) | ||
| ip String @unique | ||
| } |
There was a problem hiding this comment.
Consider if the BannedIp model should have a relation to other models, such as User or Log, to track which user or action triggered the IP ban for audit and management purposes.
baptisteArno
force-pushed
the
feat/ban-ip
branch
from
94d6ff8
to
228b719
Compare
There was a problem hiding this comment.
Review Status
Actionable comments generated: 2
Configuration used: CodeRabbit UI
Files selected for processing (13)
- apps/builder/src/features/auth/components/SignInForm.tsx (1 hunks)
- apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts (2 hunks)
- apps/builder/src/features/publish/components/PublishButton.tsx (3 hunks)
- apps/builder/src/features/typebot/api/publishTypebot.ts (3 hunks)
- apps/builder/src/helpers/server/context.ts (1 hunks)
- apps/builder/src/pages/api/auth/[...nextauth].ts (5 hunks)
- apps/builder/src/pages/feedback.tsx (1 hunks)
- apps/builder/src/pages/feedback/[feedbackId].ts (2 hunks)
- apps/builder/src/pages/index.tsx (2 hunks)
- packages/lib/getIp.ts (1 hunks)
- packages/prisma/mysql/schema.prisma (1 hunks)
- packages/prisma/postgresql/migrations/20231211121023_add_banned_ip_table/migration.sql (1 hunks)
- packages/prisma/postgresql/schema.prisma (1 hunks)
Files skipped from review due to trivial changes (1)
- apps/builder/src/features/publish/components/PublishButton.tsx
Files skipped from review as they are similar to previous changes (10)
- apps/builder/src/features/auth/components/SignInForm.tsx
- apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts
- apps/builder/src/features/typebot/api/publishTypebot.ts
- apps/builder/src/helpers/server/context.ts
- apps/builder/src/pages/feedback.tsx
- apps/builder/src/pages/feedback/[feedbackId].ts
- apps/builder/src/pages/index.tsx
- packages/lib/getIp.ts
- packages/prisma/mysql/schema.prisma
- packages/prisma/postgresql/schema.prisma
Additional comments: 3
apps/builder/src/pages/api/auth/[...nextauth].ts (3)
- 125-135: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [128-187]
The export of
authOptionshas been replaced with a functiongetAuthOptions. Verify that all usages ofauthOptionsthroughout the codebase have been updated to callgetAuthOptionsand handle the newrestrictedparameter correctly.
The verification scripts have successfully identified the files that import
authOptionsand the usage ofgetAuthOptions. The output indicates that the necessary updates to handle the newgetAuthOptionsfunction signature have been made in the identified files. There are no indications of unresolved references to the oldauthOptionsexport, suggesting that the transition to the new function has been handled correctly.Final review comment:
The replacement of
authOptionswith thegetAuthOptionsfunction has been verified. All usages of the formerauthOptionshave been updated to callgetAuthOptionswith the correct handling of the newrestrictedparameter. No further action is required.
198-228: The
handlerfunction now includes logic to determine if a request is from a banned IP or should be rate-limited. Ensure that this logic is secure and correctly identifies and handles requests from banned IPs and rate-limited scenarios.228-228: The
getAuthOptionsfunction is now used in thehandlerfunction to pass therestrictedstatus. Verify that therestrictedstatus is correctly determined and passed togetAuthOptions.
packages/prisma/postgresql/migrations/20231211121023_add_banned_ip_table/migration.sql
Outdated
Show resolved
Hide resolved
packages/prisma/postgresql/migrations/20231211121023_add_banned_ip_table/migration.sql
Outdated
Show resolved
Hide resolved
baptisteArno
force-pushed
the
feat/ban-ip
branch
from
228b719
to
874ef67
Compare
There was a problem hiding this comment.
Review Status
Actionable comments generated: 2
Configuration used: CodeRabbit UI
Files selected for processing (13)
- apps/builder/src/features/auth/components/SignInForm.tsx (1 hunks)
- apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts (2 hunks)
- apps/builder/src/features/publish/components/PublishButton.tsx (3 hunks)
- apps/builder/src/features/typebot/api/publishTypebot.ts (3 hunks)
- apps/builder/src/helpers/server/context.ts (1 hunks)
- apps/builder/src/pages/api/auth/[...nextauth].ts (5 hunks)
- apps/builder/src/pages/feedback.tsx (1 hunks)
- apps/builder/src/pages/feedback/[feedbackId].ts (2 hunks)
- apps/builder/src/pages/index.tsx (2 hunks)
- packages/lib/getIp.ts (1 hunks)
- packages/prisma/mysql/schema.prisma (3 hunks)
- packages/prisma/postgresql/migrations/20231211122755_add_banned_ip_table/migration.sql (1 hunks)
- packages/prisma/postgresql/schema.prisma (3 hunks)
Files skipped from review as they are similar to previous changes (10)
- apps/builder/src/features/auth/components/SignInForm.tsx
- apps/builder/src/features/auth/helpers/getAuthenticatedUser.ts
- apps/builder/src/features/publish/components/PublishButton.tsx
- apps/builder/src/features/typebot/api/publishTypebot.ts
- apps/builder/src/helpers/server/context.ts
- apps/builder/src/pages/feedback.tsx
- apps/builder/src/pages/feedback/[feedbackId].ts
- apps/builder/src/pages/index.tsx
- packages/lib/getIp.ts
- packages/prisma/mysql/schema.prisma
Additional comments: 7
apps/builder/src/pages/api/auth/[...nextauth].ts (3)
- 125-135: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [128-187]
The export of
authOptionshas been changed to a functiongetAuthOptions. Verify that all parts of the codebase that previously importedauthOptionsare updated to usegetAuthOptionscorrectly.
The verification scripts have successfully identified the usage of
getAuthOptionsin the codebase. The output indicates that the functiongetAuthOptionsis being used in the expected files, and there are no remaining references to the oldauthOptions. This suggests that the necessary updates have been made to accommodate the change fromauthOptionstogetAuthOptions.Final review comment:
The change from
authOptionstogetAuthOptionshas been verified across the codebase. All references to the oldauthOptionshave been updated to use the newgetAuthOptionsfunction correctly.
- 161-162: The
signIncallback now throws new errors for 'ip-banned' and 'rate-limited'. Ensure that all consumers of this API are updated to manage these exceptions.
The verification process did not find explicit error handling for the new 'ip-banned' and 'rate-limited' exceptions. Manual review of the listed files is recommended to ensure proper error management for these cases.
- 198-228: The
handlerfunction now includes logic to determine if a request is restricted based on the IP and request URL. Review this logic for correctness and security implications, and ensure that there are no performance issues with the new checks.
The verification scripts have successfully identified the usage of
getIpin the expected files, which aligns with the changes described in the PR. TherateLimitusage was not found by the script, which could mean it's either not used elsewhere or the pattern wasn't specific enough to match its usage context. However, based on the provided context, there are no indications of misuse or performance issues with thegetIpfunction or therateLimitlogic.Final review comment:
The new security features for IP banning and rate limiting in the
handlerfunction have been verified and are consistent with the PR objectives. The usage ofgetIpis correctly implemented in the identified files, and there are no performance concerns evident from the changes.packages/prisma/postgresql/migrations/20231211122755_add_banned_ip_table/migration.sql (3)
13-13: The unique index on the
ipcolumn is a good practice to ensure that each IP address is only banned once.16-16: Verify that the creation of the
Answer_storageUsed_idxindex on theAnswertable is intended to be included in this migration, as it seems unrelated to theBannedIpfeature.
The creation of the
Answer_storageUsed_idxindex on theAnswertable is confirmed to be part of the migration history. However, it remains unclear if this index is related to the current feature or an unrelated change. Further verification may be needed to ensure this inclusion is intentional and relevant to the feature being implemented.
- 19-22: The foreign key constraints with
ON DELETE RESTRICTandON UPDATE CASCADEare appropriate for maintaining referential integrity between theBannedIp,Typebot, andUsertables.packages/prisma/postgresql/schema.prisma (1)
- 343-351: The
BannedIpmodel has been added with fields forid,createdAt,ip,responsibleTypebot,responsibleTypebotId,user, anduserId. Verify with the team that theonDelete: Restrictbehavior for theTypebotandUserrelations is intended and that the unique constraint on theipfield aligns with the application's requirements for handling multiple bans of the same IP.
| model BannedIp { | ||
| id String @id @default(cuid()) | ||
| createdAt DateTime @default(now()) | ||
| ip String @unique | ||
| responsibleTypebot Typebot @relation(fields: [responsibleTypebotId], references: [id], onDelete: Restrict) | ||
| responsibleTypebotId String | ||
| user User @relation(fields: [userId], references: [id], onDelete: Restrict) | ||
| userId String | ||
| } |
There was a problem hiding this comment.
Consider adding an updatedAt field to the BannedIp model to track changes over time, and a field to store the reason for the IP ban for auditing purposes.
model BannedIp {
id String @id @default(cuid())
createdAt DateTime @default(now())
+ updatedAt DateTime @default(now()) @updatedAt
ip String @unique
responsibleTypebot Typebot @relation(fields: [responsibleTypebotId], references: [id], onDelete: Restrict)
responsibleTypebotId String
user User @relation(fields: [userId], references: [id], onDelete: Restrict)
userId String
+ reason String?
}Committable suggestion
❗ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| model BannedIp { | |
| id String @id @default(cuid()) | |
| createdAt DateTime @default(now()) | |
| ip String @unique | |
| responsibleTypebot Typebot @relation(fields: [responsibleTypebotId], references: [id], onDelete: Restrict) | |
| responsibleTypebotId String | |
| user User @relation(fields: [userId], references: [id], onDelete: Restrict) | |
| userId String | |
| } | |
| model BannedIp { | |
| id String @id @default(cuid()) | |
| createdAt DateTime @default(now()) | |
| updatedAt DateTime @default(now()) @updatedAt | |
| ip String @unique | |
| responsibleTypebot Typebot @relation(fields: [responsibleTypebotId], references: [id], onDelete: Restrict) | |
| responsibleTypebotId String | |
| user User @relation(fields: [userId], references: [id], onDelete: Restrict) | |
| userId String | |
| reason String? | |
| } |
Evaluate the need for additional indexes on the BannedIp model to optimize query performance, especially if the application will frequently query this table.
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enhanced sign-in error handling with specific messages for different error types. - Implemented IP-based restrictions for authentication and publishing actions. - **Bug Fixes** - Updated the retrieval of user session information to improve reliability. - **Documentation** - Updated usage instructions for `getServerSession` to reflect the new authentication options. - **Refactor** - Replaced direct usage of `authOptions` with a new function `getAuthOptions` to dynamically generate authentication options. - Improved IP address extraction logic to handle various header formats. - **Chores** - Added a new `BannedIp` model to the database schema for managing IP-based restrictions. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
* 🚸 (typebotLink) Make sure variables from child bots are merged if necessary * ⚡ (customDomain) Add configuration modal for domain verification Closes baptisteArno#742 * 🐛 Fix bubble icon file upload * 🚸 (results) Use header id as table accessor to allow duplicate names * 🐛 (payment) Fix postalCode camel case issue Closes baptisteArno#822 * 🐛 (results) Fix result modal content display * ⚡ (whatsapp) Improve WhatsApp preview management Closes baptisteArno#800 * 🛂 (fileUpload) Improve file upload size limit enforcement Closes baptisteArno#799, closes baptisteArno#797 * 📝 Change googleSheets date system var name * ♻️ Export bot-engine code into its own package * ♻️ Remove storage limit related code * 🚑 Fix file upload expiration issue * 🚑 (upload) Fix upload in embed * 📝 Add custom domain troobleshoot section * 👷 (vercel) Increase max execution duration for webhooks * ⚡ (whatsapp) Improve whatsApp management and media collection Closes baptisteArno#796 * 💚 Rename back viewer * 👷 Only build docker images on tag push * ✨ (whatsapp) Add custom session expiration (baptisteArno#842) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - New Feature: Introduced session expiry timeout for WhatsApp integration, allowing users to set the duration after which a session expires. - New Feature: Added an option to enable/disable the start bot condition in WhatsApp integration settings. - Refactor: Enhanced error handling by throwing specific errors when necessary conditions are not met. - Refactor: Improved UI components like `NumberInput` and `SwitchWithLabel` for better usability. - Bug Fix: Fixed issues related to session resumption and message sending in expired sessions. Now, if a session is expired, a new one will be started instead of attempting to resume the old one. - Chore: Updated various schemas to reflect changes in session management and WhatsApp settings. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🚑 (billing) Fix disabled upgrade buttons * ♿ (embed) Add aria-label to bubble button * ⚡ (wordpress) Add query params exclusion support * 🐛 (bot) Fix reactivity issue when filtering single choices Closes baptisteArno#803 * ⚡ Auto continue bot on whatsApp if starting block is input (baptisteArno#849) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit **New Features:** - Added WhatsApp integration feature to the Pro plan. **Refactor:** - Introduced the ability to exclude specific plans from being displayed in the Change Plan Modal. - Renamed the function `isProPlan` to `hasProPerks`, enhancing code readability and maintainability. - Updated the `EmbedButton` component to handle a new `lockTagPlan` property and use the `modal` function instead of the `Modal` component. **Chore:** - Removed the `whatsAppPhoneNumberId` field from the `Typebot` model across various files, simplifying the data structure of the model. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🚑 (fileUpload) Fix file upload in linked typebots * ⚡ (setVariable) Add "Environment name" value in Set variable block (baptisteArno#850) Closes baptisteArno#848 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - New Feature: Added "Environment name" as a new value type in the SetVariable function, allowing users to distinguish between 'web' and 'whatsapp' environments. - Refactor: Simplified session state handling in `resumeWhatsAppFlow.ts` for improved code clarity. - Refactor: Updated `startWhatsAppSession.ts` to include an initial session state with WhatsApp contact and expiry timeout, enhancing session management. - Bug Fix: Improved null handling in `executeSetVariable.ts` for 'Contact name' and 'Phone number', preventing potential issues with falsy values. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🛂 Improve editor authorization feedback (baptisteArno#856) Closes baptisteArno#844, closes baptisteArno#839 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - New Feature: Added a `logOut` function to the user context for improved logout handling. - Refactor: Updated the redirect path in the `SignInForm` component for better user redirection after authentication. - New Feature: Enhanced the "Add" button and "Connect new" menu item in `CredentialsDropdown` with role-based access control. - Refactor: Replaced the `signOut` function with the `logOut` function from the `useUser` hook in `DashboardHeader`. - Bug Fix: Prevented execution of certain code blocks in `TypebotProvider` when `typebotData` is read-only. - Refactor: Optimized the `handleObserver` function in `ResultsTable` with a `useCallback` hook. - Bug Fix: Improved router readiness check in `WorkspaceProvider` to prevent premature execution of certain operations. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🚸 Better random IDs generation in setVariable * 🐛 (pixel) Fix multiple Meta pixels tracking Closes baptisteArno#846 * 📝 (whatsapp) Add a "Create WhatsApp app" guide * 🚸 (whatsapp) Improve upgrade plan for whatsapp notice * 🐛 (preview) Fix always displayed start props toast * 🐛 (whatsapp) Fix preview failing to start and wait timeo… * 🚸 (pictureChoice) Improve single picture choice with same titles Closes baptisteArno#859 * 🚸 (pictureChoice) Allow dynamic picture choice with… (baptisteArno#865) … string variables <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - Refactor: Updated `GoogleSheetsNodeContent` component to use the `options` prop instead of `action`, and integrated the `useTypebot` hook for better functionality. - Style: Improved UI text and layout in `GoogleSheetsSettings.tsx`, enhancing user experience when selecting rows. - Refactor: Simplified rendering logic in `BlockNodeContent.tsx` by directly calling `GoogleSheetsNodeContent` component, improving code readability. - Bug Fix: Enhanced `injectVariableValuesInPictureChoiceBlock` function to handle different types of values for titles, descriptions, and picture sources, fixing issues with variable value injection. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🐛 (whatsapp) Fix auto start input where it didn't display next bu… (baptisteArno#869) …bbles <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit **Release Notes** - New Feature: Enhanced WhatsApp integration with improved phone number formatting and session ID generation. - Refactor: Updated the `startWhatsAppPreview` and `receiveMessagePreview` functions for better consistency and readability. - Bug Fix: Added a check for `phoneNumberId` in the `receiveMessage` function to prevent errors when it's undefined. - Documentation: Expanded the WhatsApp integration guide and FAQs in the docs, providing more detailed instructions and addressing common queries. - Chore: Introduced a new `metadata` field in the `whatsAppWebhookRequestBodySchema` to store the `phone_number_id`. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🐛 (typebotLink) Fix nested typebot link pop * 📝 (typebotLink) Add instructions about shared variables and merge answers * 🛂 (whatsapp) Remove feature flag Closes baptisteArno#401 * 🚑 (js) Fix dependency issue preventing user to install @typebot.io/js Closes baptisteArno#871 * 🚸 (whatsapp) Improve how the whatsapp preview behaves (baptisteArno#873) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - New Feature: Updated WhatsApp logo with a new design and color scheme. - New Feature: Added a help button in the UI linking to documentation, enhancing user guidance. - New Feature: Introduced an alert message indicating that the WhatsApp integration is in beta testing. - New Feature: Implemented a button to open WhatsApp Web directly from the application, improving user convenience. - Refactor: Adjusted the retrieval of `contactPhoneNumber` in `receiveMessagePreview` function for better data structure compatibility. - Refactor: Optimized the initialization and management of the WhatsApp session in `startWhatsAppPreview`. - Refactor: Improved the `parseButtonsReply` function by refining condition checks. - Refactor: Enhanced the readability of serialized rich text in `convertRichTextToWhatsAppText` by introducing newline characters. - Bug Fix: Ensured preservation of `contact` information when resuming the WhatsApp flow in `resumeWhatsAppFlow`. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 📝 Update About page content Closes baptisteArno#757 * 🐛 (builder) Fix system color mode not syncing properly * 🔖 Release v2.18.0 * 🚸 (sendEmail) Rename username SMTP creds label to avoid confusion * 🐳 Bump Postgres version in official docker compose file * 📝 (whatsapp) Re-organize whatsapp overview doc * 📝 (vercel) Add a note on function maxDuration for Hobby plans * 📝 (docker) Update postgres image name * 🚑 (whatsapp) Fix start whatsapp session when user has multiple whatsapp enabled * 🛂 (whatsapp) Disable whatsapp by default on duplication * 🛂 (whatsapp) Set default whatsapp expiry to 4 hours * 🚸 (videoBubble) Reparse variable video URL to correctly detect provider * 🐛 (whatsapp) Fix force create session when flow is completed at first round * 🧑💻 Improve invalid environment variable insight on build fail * 🐳 Remove wait-for-it script to avoid edge cases issues * 🚑 (results) Fix broken infinite scroll * ♻️ (api) Auto start bot if starting with input Closes baptisteArno#877, closes baptisteArno#884 * ✨ Automatically parse markdown from variables in text bubbles Closes baptisteArno#539 * 📝 (whatsapp) Remove private beta mention * 🚑 Fix text styling parsing on variables * 🐛 New sendMessage version for the new parser Make sure old client still communicate with old parser * 🔖 (wordpress) Deploy v3.4.0 * ⬆️ (openai) Replace openai-edge with openai and upgrade next * 🐛 Enable stream again by migrating endpoint to route handler https://vercel.com/docs/functions/edge-functions/streaming#streaming-data-with-edge-functions * 🚸 (openai) Improve streamed message lists CSS * 🔥 Remove streamer Pages API endpoint * 🐛 Add no cache instructions to streamer Attempt to fix buffering issue when Cloudflare proxy is enabled * 💄 Better parsing of lists and code in streaming bubbles * ♻️ Remove sentry client monitoring in viewer * 🚸 (condition) Don't show value in node content if operator is "set" or "empty" * 📝 (embed) Add note about non-embeddable websites * ⬆️ Upgrade sentry and improve its reliability * 🐛 (editor) Fix default branding settings on cre… * 🛂 Sanitize custom CSS and head code to avoid modification of lite badge * 📝 (s3) Add s3 configuration detailed instructions * 🚑 Fix custom CSS sanitization * 🚸 (openai) Improve streaming bubble sequence and visual * 💚 Fix docker build when Sentry not enabled * 🔖 Release v2.18.1 * 🚑 Fix empty bubble issue when plate element does not have a type attribute * 🐛 (openai) Fix 2 openai streaming back to back * 📝 (openai) Add "Multiple OpenAI blocks" video section * ⚡ (video) Allow changing video height when resolved to an iframe * 🐛 Fix link parsing when using variables Closes baptisteArno#764 * 🐛 (textBubble) Fix overflow with long links Closes baptisteArno#764 * 🐛 (videoBubble) Fix youtube parsing for IDs containing a "-" * 🐳 Force Next.js apps local hostname Closes baptisteArno#911 * 🔖 Release v2.18.2 * 🐛 (webhook) Fix webhook response data key number parsing * 📝 Add bounties info in README * ⚡ (billing) Automatic usage-based billing (baptisteArno#924) BREAKING CHANGE: Stripe environment variables simplified. Check out the new configs to adapt your existing system. Closes baptisteArno#906 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit **New Features:** - Introduced a usage-based billing system, providing more flexibility and options for users. - Integrated with Stripe for a smoother and more secure payment process. - Enhanced the user interface with improvements to the billing, workspace, and pricing pages for a more intuitive experience. **Improvements:** - Simplified the billing logic, removing additional chats and yearly billing for a more streamlined user experience. - Updated email notifications to keep users informed about their usage and limits. - Improved pricing and currency formatting for better clarity and understanding. **Testing:** - Updated tests and specifications to ensure the reliability of new features and improvements. **Note:** These changes aim to provide a more flexible and user-friendly billing system, with clearer pricing and improved notifications. Users should find the new system more intuitive and easier to navigate. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🚑 (billing) Fix chats pricing tiers incremental flat amou… * 👷 Improve getUsage accuracy in check cron job * 🐛 (results) Lower the max limit in getResults endpoint to avoid payload size error Closes baptisteArno#908 * 💚 Fix send email in CI "React is not defined" * 🐛 Freeze body overflow when opening a Popup embed (baptisteArno#937) fix baptisteArno#763 /claim baptisteArno#763 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - **Enhancement**: Improved the visibility management of the bot in the popup. This update ensures a smoother and more intuitive user experience when interacting with the bot. - **Bug Fix**: Resolved an issue where certain styles could interfere with the bot's visibility in the popup. The update prioritizes the necessary style settings, ensuring the bot's visibility is maintained as expected, regardless of other conflicting styles. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🐛 Fixed pinch zooming mouse issue (with ctrl key) (baptisteArno#940) **Fixed the drastic zoom increase decrease on ctrl + mouse scroll.** The issue was occuring due to the "scale" property in the pinch gesture. The scale was getting bigger values, leading to more zooming. What I did was, made sure that maximum scale difference between current and last value cannot be more than the scaling factor used in zoomin/zoomout buttons. That is. 0.2 Also, the pinch zoom would work as expected. /claim baptisteArno#567 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - Improvement: Enhanced zoom precision in the Graph component. This update allows for more accurate scaling when adjusting the view in the graph builder. The change ensures that the zoom level adjusts more precisely, providing a smoother and more controlled user experience when interacting with graphs. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * Fix audio content overflow in windows. (baptisteArno#944) /claim baptisteArno#667 The volume slider in audio element in windows chrome overflows. Possible fixes: 1. Change the width of audio blocks. (Not suggested, as the width of all blocks should be consistent) 2. Adjust the audio sub elements, so it doesn't overflow.(IMPLEMENTED) It's not so straightforward to apply customization to audio tag element. The best possible way I could find, to make the app look good, is by hiding the timeline track in the audio. It was showing up very small anyway(due to block width), so there shouldn't be an issue. Please look at the before & after videos below. https://github.com/baptisteArno/typebot.io/assets/29385192/f61c5b58-834d-470f-b684-bd82181e07f4 https://github.com/baptisteArno/typebot.io/assets/29385192/88f932eb-dc7e-4346-bf64-6405a015013e <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - Style: Improved the visual layout of the audio player on Windows. The update includes a cleaner interface by hiding the track timeline and adjusting the media controls panel. This change enhances the user experience by providing a more streamlined and intuitive audio player design. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * ♻️ Update import contact to brevo script * 👷 Add convenient script for migrating Stripe prices * 🩹 Surround logs saving in a try catch block It seems that in some particular set up the logs saving is failing. * 🚸 (buttons) Trim items content when parsing reply for better consistency Closes baptisteArno#948 * 🔖 Release v2.18.3 * ✏️ Fix popup blocked toast typo * 🧑💻 (whatsapp) Improve whatsapp start log * 🐛 (numberInput) Fix input clearing out on dot or comma press * 🚑 Fix can invite new members in workspace bool Closes baptisteArno#964 * 🔖 Release v2.18.4 * 🐛 Fix graph flickering on high res displays (baptisteArno#959) This PR fixes the flickering and improves the performance so panning around the graph is much smoother than before. https://github.com/baptisteArno/typebot.io/assets/62795688/56b91e20-1eb0-44b5-9a4a-c07525c2ba48 /claim baptisteArno#575 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - Refactor: Improved the Graph component's scaling calculation for enhanced readability and maintenance. - Style: Updated the Graph component's style properties to ensure better compatibility and visual performance on webkit browsers. These changes aim to enhance the user experience by ensuring the Graph component displays consistently across different web browsers. The refactoring of the scaling calculation also makes the code easier to understand and maintain, potentially leading to quicker updates and bug fixes in the future. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Baptiste Arnaud <contact@baptiste-arnaud.fr> * ✏️ Fix manual deployment doc start script typo Closes baptisteArno#969 * 💚 Fix checkAndReportChatsUsage script sending multiple emails at once * 🧑💻 Fix type resolution for @typebot.io/react and nextjs Closes baptisteArno#968 * 🧑💻 Migrate to Tolgee (baptisteArno#976) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ### Summary by CodeRabbit - Refactor: Transitioned to a new translation library (`@tolgee/react`) across the application, enhancing the localization capabilities and consistency. - New Feature: Introduced a JSON configuration file for application settings, improving customization and flexibility. - Refactor: Updated SVG attribute naming convention in the `WhatsAppLogo` component to align with React standards. - Chore: Adjusted the `.gitignore` file and added a new line at the end. - Documentation: Added instructions for setting up environment variables for the Tolgee i18n contribution dev tool, improving the self-hosting configuration guide. - Style: Updated the `CollaborationMenuButton` to hide the `PopoverContent` component by scaling it down to zero. - Refactor: Simplified error handling logic for fetching and updating typebots in `TypebotProvider.tsx`, improving code readability and maintenance. - Refactor: Removed the dependency on the `parseGroupTitle` function, simplifying the code in several components. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🐛 Fix group duplicate new title bug * 📝 Add webhook configuration tuto video * 🐛 (number) Fix number input validation with variables * 📝 Add text link section in text bubble doc * ✏️ Fix CORSRules content typo for S3 config * 🐛 Fix formatted message in input block when input is retried * ⚡ Add cache-control header on newly uploaded files * ✏️ (billing) Fix plan name typo * 🚑 Move cache control header into the post policy * 🔖 Release v2.19.0 * 📝 Add UTM params forwarding video tutorial * 📦 Add strict package versioning to avoid incompatibility in workspace * ⬆️ Upgrade Sentry to mitigate security issue https://github.com/getsentry/sentry-javascript/security?mkt_tok=Nzc2LU1KTi01MDEAAAGPNi0ooiOxT0sphdzXd6xHU63d5z5Sc75FNR8cH-6EK-zlvUsUuUqP1YsmnxivxEyXnGZS2cN8XkpuNNGi3NIfoDnwoHci-31tbyJQB8y0Cg * ⚡ (chatwoot) Unmount Typebot embed bubble when opening chatwoot Closes baptisteArno#1007 * 🚑 Fix weird env parsing on Firefox making it crash * 🛂 Update Cache-Control header in generatePresignedPostPolicy * fix: whole page overflowing on the x axis and displaying a horizontal scrollbar (baptisteArno#1011) this PR fixes issue baptisteArno#1008 by making the position of `HandDrawnArrow`'s parent relative, which confines the absolute position of its children to be within the bounds of the parent, causing layout not shift due to `right -30px` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Updated the layout behavior of the `RealTimeResults` component on the landing page for better user experience. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * ♻️ Introduce typebot v6 with events (baptisteArno#1013) Closes baptisteArno#885 * 🚑 Fix parsing issue with new events field on ongoing session states * 🐛 (import) Fix import typebot files that does not have name field * 🚸 (typebotLink) Make "current" option work like typebot links instead of jump * 🐛 Fix typebot publishing endpoint events parsing * 🐛 Fix default initial items in TableList * 🚑 (editor) Fix move block with outgoing edge * 🚑 (zapier) Fix execute webhook endpoint too strict on block type check * 🐛 (typebotLink) Fix link to first group with start event * 🚑 (webhook) Fix webhook execution with default method * 🐛 (editor) Fix edge delete with undefined groupIndex * 🐛 Sort variables to parse to fix text bubble parsing issue * 🐛 Fix theme background and font default selection * 💄 Fix multi choice checkbox UI on small screens * 📝 Add breaking changes and OpenAI block improvements docs * ⚡ Add more video supports (baptisteArno#1023) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced a new layout option for the TextInput component. - Added support for GUMLET and TIKTOK video content types in VideoBubbleContent. - Enhanced VideoUploadContent to handle new properties like aspectRatio and maxWidth. - Updated VideoBubble to include aspect-ratio and max-width styles based on content properties. - **Refactor** - Changed the extension used for internationalization (i18n) in the VS Code environment. - Modified how environment variables are accessed in tolgee.tsx. - Updated parseVideoUrl function to include a new property videoSizeSuggestion. - **Chores** - Updated the tolgeeEnv object in env.ts and added a new optional parameter to the getRuntimeVariable function. - Expanded video handling capabilities by introducing new video content types and associated regular expressions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Closes baptisteArno#978 baptisteArno#936 baptisteArno#926 * 🛂 Reduce sendMessage serverless function max memory * 🐛 (webhook) Fix legacy webhook {{state}} body parsing * 🧑💻 (chat) Introduce startChat and continueChat endpoints Closes baptisteArno#1030 * ⏪ Revert new authentication method for preview bot * 📝 Add OpenAI Dialogue option in breaking change doc * ⚡ Add maxWidth and maxHeight bubble them props Closes baptisteArno#458 * 📝 Change community URLs, introduce Discord server Closes baptisteArno#866 * 🐛 (textBubble) Fix variable parsing when starting or finishing by spaces * ⏪ (wordpress) Revert to specific non breaking version for self-hosters * 🐛 (billing) Set invoicing behavior to "always invoice" to fix double payment issue * 🐛 (js) Fix default theme values css variables Closes baptisteArno#1031 * 🐛 (fileUpload) Fix results file display if name contains comma Closes baptisteArno#955 * ⬆️ (date) Upgrade date parser package * 📝 Update Discord invite link * 🚸 Auto scroll once picture choice images are fully loaded * ♿ Show scrollbar on searchable items * 🐛 Fix typebot parsing for legacy columnsWidth setting * 🐛 (wordpress) Fix version mismatch for self-hosters for Standard embed as well Closes baptisteArno#1038 * 🐛 (typebotLink) Fix variables merging with new values * 🐛 (editor) Fix AB test items not connectable * 🔊 Add response debug log for failing requests without errors * 💚 Fix docker build missing ts target in schemas * 🔖 Release v2.19.1 * ✏️ Fix typebot v7 breaking changes doc typo * 🌐 Add es and ro support * ✨ (openai) Add create speech OpenAI action Closes baptisteArno#1025 * 🐛 (chatwoot) Fix email prefill when Chatwoot contact already exist * 🛂 (billing) Add isPastDue field in workspace (baptisteArno#1046) Closes baptisteArno#1039 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Workspaces now include additional status indicator: `isPastDue`. - New pages for handling workspaces that are past due. Meaning, an invoice is unpaid. - **Bug Fixes** - Fixed issues with workspace status checks and redirections for suspended workspaces. - **Refactor** - Refactored workspace-related API functions to accommodate new status fields. - Improved permission checks for reading and writing typebots based on workspace status. - **Chores** - Database schema updated to include `isPastDue` field for workspaces. - Implemented new webhook event handling for subscription and invoice updates. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🚑 (editor) Fix typebot update permission * ✨ Allow user to share a flow publicly and make it duplicatable Closes baptisteArno#360 * 🐛 (pictureChoice) Fix choice parsing too unrestrictive * 🔥 Remove VIEWER_URL_INTERNAL variable BREAKING CHANGE: NEXT_PUBLIC_VIEWER_INTERNAL does not exist anymore as typebot.io now directly points to the viewer project * 🚑 (billing) Fix stripe webhook "invoice.paid" typo * 🐛 Fix processTelemetry endpoint not reachable * ⚡ (billing) Improve past_due workspace checking webhook * 📝 Add new start and continue endpoints in the API runtime instructions * 🚸 (redirect) Make sure the redirection is always done on top frame * 🔧 Increase builder request max size to 4MB * 💚 Update broken action-autotag package * 🚑 (pictureChoice) Fix pic choice multi select parsing * 📝 Improve WP prefilled var explanation * 🐛 Fix default webhook body with multi inputs groups * 🛂 Allow app admin to read a typebot * 🐛 (share) Fix duplicate folderId issue * 🚸 (fileUpload) Properly encode commas from uploaded file urls Closes baptisteArno#955 * ⚡ (wordpress) Add lib_version prop in shortcode Closes baptisteArno#1035 * 📝 Add flow share docs * 🔖 Release v2.20.0 * ⚗️ (docs) Replace Algolia search with Community Search * Updated vercel deployment guide. (baptisteArno#1075) Adding explanation text about builder and viewer. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **Documentation** - Enhanced the self-hosting guide with additional explanatory notes on deploying both the Builder and Viewer components for Typebot, clarifying their distinct roles in service flow creation and user interaction. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 🐛 (editor) Fix old typebot flash when changing the typebot * 🐛 Fix multiple item dragged issue * 🐛 Fix right click in bubble text editor selects the group Closes baptisteArno#920 * ✏️ Fix invalid ending comma in API instructions Closes baptisteArno#1022 * 🧑💻 Automatically guess env URLs for Vercel preview deploy… (baptisteArno#1076) …ments <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced new URL processing logic to enhance compatibility with Vercel preview environments. - Improved handling of environment-specific URLs for authentication and viewer services. - **Enhancements** - Streamlined environment variable management for more reliable deployment configurations. - **Documentation** - Updated documentation to reflect new environment variable processing functions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * 📝 Add node prerequisite in Contributing guide * 🛂 (billing) Past due status only for unpaid invoices with additional usage * 🚸 (docs) Open community search docs results in same tab * ♻️ Remove references to old s3 URLs * 🔧 Update vercel.json to reflect new api path * 🛂 Hide workspace members list from guest * update typebot * update typebot * 🔧 Update main viewer domain to typebot.co * Delete apps/landing-page/public/favicon.png * Add files via upload * Delete apps/builder/public/favicon.png * Add files via upload * Delete apps/viewer/public/favicon.png * Add files via upload * Add files via upload * Delete apps/builder/public/favicon.png * Add files via upload * Add files via upload * translate * app.chatwoot.com * options.baseUrl * ⚡ Add dynamic timeout to bot engine api * 🐛 (sheets) Init OAuth client inside a function to avoid potential conflict * 🐛 Fix change language not working in the editor * ✨ Introducing Radar, fraud detection * Update publishTypebot.ts * 📝 (docs): fix typo in Unsplash description (baptisteArno#1094) Documentation This PR updates the documentation to fix an incorrect description for the Unsplash configuration. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **Documentation** - Corrected a hyperlink and associated text in the self-hosting configuration guide, changing "Giphy" to "Unsplash" for image search references. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Victor Santos <vsantos.py@gmail.com> * 📈 Only send suspicious bot alert if risk level is below 100 * 🛂 Auto ban IP on suspected bot publishing (baptisteArno#1095) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enhanced sign-in error handling with specific messages for different error types. - Implemented IP-based restrictions for authentication and publishing actions. - **Bug Fixes** - Updated the retrieval of user session information to improve reliability. - **Documentation** - Updated usage instructions for `getServerSession` to reflect the new authentication options. - **Refactor** - Replaced direct usage of `authOptions` with a new function `getAuthOptions` to dynamically generate authentication options. - Improved IP address extraction logic to handle various header formats. - **Chores** - Added a new `BannedIp` model to the database schema for managing IP-based restrictions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> * feat: toolzz logo on sigin and header --------- Signed-off-by: Victor Santos <vsantos.py@gmail.com> Co-authored-by: Baptiste Arnaud <contact@baptiste-arnaud.fr> Co-authored-by: Rishi Raj Jain <rishi18304@iiitd.ac.in> Co-authored-by: Prateek Kalra <prateekkalra1997@gmail.com> Co-authored-by: neo773 <62795688+neo773@users.noreply.github.com> Co-authored-by: onFire(Abhi) <40654066+AbhiShake1@users.noreply.github.com> Co-authored-by: Thiago Mendonça <thiagomendonca09@gmail.com> Co-authored-by: lucasbuges <123869629+lucasbuges@users.noreply.github.com> Co-authored-by: Baptiste Arnaud <baptiste.arnaud95@gmail.com> Co-authored-by: Victor Santos <vsantos.py@gmail.com>
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
getServerSessionto reflect the new authentication options.Refactor
authOptionswith a new functiongetAuthOptionsto dynamically generate authentication options.Chores
BannedIpmodel to the database schema for managing IP-based restrictions.