github/dawarich
1
1
Fork 0
mirror of https://github.com/Freika/dawarich.git synced 2026-04-22 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,937 Commits 35 Branches 313 Tags
master
Commit Graph

8 Commits

Author SHA1 Message Date
Eugene Burmakin
2ce6e4d6c8 Increase devise security and fix OIDC callback 2026-03-28 23:06:45 +01:00
Eugene Burmakin
f8ca4ed325 Fix number of issues 2026-03-23 22:51:58 +01:00
Eugene Burmakin
82d74b29f5 Upgrade upgrade url 2026-03-08 20:01:23 +01:00
Eugene Burmakin
de5d0d542d Fix data retention gating for Lite users 2026-03-02 23:10:02 +01:00
Eugene Burmakin
ea16ab541f Fix minor issues 2026-03-02 22:34:40 +01:00
Eugene Burmakin
3f898610e0 Minor fixes 2026-03-02 22:34:17 +01:00
Eugene Burmakin
1ba869ccb0 Remove self_hoster plan 2026-03-02 22:34:17 +01:00
Eugene Burmakin
5ba15530e5 feat: add API gating for Lite plan — write 403, read scoping, rate limiting 
- Add `require_write_api!` guard to PointsController for create, update,
  destroy, and bulk_destroy actions. Lite users receive 403 with clear
  JSON error and upgrade URL.
- Add `scoped_points` helper to ApiController that filters Lite users to
  a 12-month timestamp window. Pro and self-hoster users see all data.
- Add rack-attack gem with Redis backend for per-plan rate limiting:
  Lite 200 req/hr, Pro 1,000 req/hr, self-hosters exempt.
- Add X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
  headers on all API responses for rate-limited plans.
- Custom 429 response with Retry-After header and upgrade URL.
- Full test coverage: 14 new specs (points write gating, read scoping,
  rate limit headers, throttle behavior).
 2026-03-02 22:33:32 +01:00