Keep backward compatibility for external integrations that still use
the old ?ref= parameter while recommending ?doc= to avoid privacy
extensions blocking.
ClearURLs and similar privacy extensions block the 'ref' parameter
as it's commonly used for referrer tracking. Renamed to 'doc' which
is not targeted by these extensions.
Closes#19
- Fix HomePage.vue to update signatureCount after user signs
- Fix EmbedPage.vue to use signatureCount from API instead of signatures.length
- Adapt E2E tests to reflect signature visibility security model
- Create missing API documentation (docs/en/api.md, docs/fr/api.md)
- Document Docker healthcheck in deployment guides
- Document signature endpoint access control rules
- Fix MagicLink auto-detection description in READMEs
- Add 'health' subcommand to ackify binary for Docker HEALTHCHECK
- Add HEALTHCHECK directive to Dockerfile
- Add healthcheck configuration to all compose files
- Supports custom port via ACKIFY_LISTEN_ADDR
Closes#21
- Signatures endpoint now returns only user's own signature for non-owner/admin
- Owner/admin can see all signatures, others see only their own (if signed)
- Added signatureCount to FindOrCreateDocument response for public count display
- Frontend shows signature count header even when detailed list is restricted
Closes#20
Allow non-admin document owners to add and remove expected signers for their documents via new endpoints:
- POST /users/me/documents/{docId}/signers
- DELETE /users/me/documents/{docId}/signers/{email}
Closes#17
fix: escape database names in SQL and add owner-based document management
- Quote PostgreSQL identifiers with double-quotes in migrations to support database names containing special characters like hyphens (fixes#16)
- Add CanManageDocument to Authorizer interface for ownership checks
- Add owner-based document management
- Non-admin users can now manage documents they created when ACKIFY_ONLY_ADMIN_CAN_CREATE=false (fixes#17)
- Return 403 for owner routes when ACKIFY_ONLY_ADMIN_CAN_CREATE=true
Closes#16
refactor: move TenantProvider interface to pkg/providers
- Centralize all provider interfaces in pkg/providers package for consistency with Authorizer and other capability provider interfaces.
Go's http.DetectContentType fails to recognize minimal/malformed image
files and returns application/octet-stream. Added common image extensions
(.png, .jpg, .jpeg, .gif, .webp) to the extension-based fallback map
so content type is correctly determined from filename when magic byte
detection fails.
Reader options (readMode, allowDownload, requireFullRead, verifyChecksum)
were not being saved during document upload.
SimpleAuthorizer now reads the setting dynamically from ConfigService
instead of using a static value set at startup. This allows admins to
toggle document creation permissions via the settings UI without
requiring a server restart.
Fixes#14Fixes#15
Move all service creation (I18n, Email, MagicLink, Session, Config)
from main.go into ServerBuilder.Build(), making main.go minimal and
self-contained.
- ServerBuilder now only requires WithDB() and WithTenantProvider()
- AuthProvider and Authorizer have sensible CE defaults
- Rename DynamicAuthProvider → auth.Provider for simplicity
- Remove unused With* methods for internal services
- Add new config handler to serve public app configuration
- Create Pinia config store to load and cache configuration
- Remove window variable injection from static.go and index.html
- Update all components to use config store instead of window vars
- Remove deprecated /api/v1/auth/config endpoint (merged into /config)
- Update Cypress tests with proper type annotations
- Add extractErrorDetails() to get both error code and message
- Use error codes to show appropriate translated messages in DocumentCreateForm
- Add translation keys for auth and permission errors
Replace static window variables (ACKIFY_OAUTH_ENABLED, ACKIFY_MAGICLINK_ENABLED)
with dynamic API call to /api/v1/auth/config. This allows auth methods to be
changed without rebuilding the frontend and supports dynamic tenant configuration.
Instead of failing when bucket doesn't exist, attempt to create it.
This improves the initial setup experience with MinIO and other S3
compatible storage providers.
MagicLinkRepository was bypassing RLS by using r.db directly instead of
dbctx.GetQuerier(ctx, r.db). This meant queries ran outside the
transaction with app.tenant_id set, causing RLS policies to not apply.
All methods now use dbctx.GetQuerier to properly participate in the
RLS transaction context.
- Move service initialization (MagicLink, Email, i18n) to main.go
- Change signature lookup from user_sub to email for cross-auth consistency
- Remove OauthService wrapper, simplify auth layer
- Pass parent context to workers for graceful shutdown
- Fix IP extraction from RemoteAddr with port
- Add compact mode to SignatureList component
- Update Cypress tests with new data-testid attributes
- Create unified AuthProvider interface in pkg/providers/interfaces.go
supporting OIDC, MagicLink, and session management
- Implement DynamicAuthProvider that reads config from ConfigService
on each request, enabling hot-reload of auth settings
- Simplify ServerBuilder by removing separate oauthProvider and flags
- Consolidate auth handlers into single handler.go using unified interface
- Remove obsolete providers (oauth_provider.go, magiclink_provider.go)
- Remove separate magic_link_handler.go and reminder_auth_handler.go
- Update tests with new mockAuthProvider implementing full interface
- Fix config_service_test.go SMTP validation (requires Host + From)
- Add extension-based MIME type refinement for text formats (.md, .docx, .xlsx, .odt, .ods)
- Add charset=utf-8 for text-based MIME types in Content-Type header
- Support ODF formats (OpenDocument Text/Spreadsheet)
- Unify compose templates into single compose.yml.template with region markers
- Add update mode to install script to preserve existing configuration
- Extend file upload accept list in DocumentCreateForm
- Remove binary file from repository
- New design system (IBM Plex fonts, slate palette, dark mode)
- Complete refactor of components and pages
- Add favicon, PWA icons and new logo
- Minor fixes (null handling, translations, navigation)
