Move all service creation (I18n, Email, MagicLink, Session, Config)
from main.go into ServerBuilder.Build(), making main.go minimal and
self-contained.
- ServerBuilder now only requires WithDB() and WithTenantProvider()
- AuthProvider and Authorizer have sensible CE defaults
- Rename DynamicAuthProvider → auth.Provider for simplicity
- Remove unused With* methods for internal services
- Add new config handler to serve public app configuration
- Create Pinia config store to load and cache configuration
- Remove window variable injection from static.go and index.html
- Update all components to use config store instead of window vars
- Remove deprecated /api/v1/auth/config endpoint (merged into /config)
- Update Cypress tests with proper type annotations
- Add extractErrorDetails() to get both error code and message
- Use error codes to show appropriate translated messages in DocumentCreateForm
- Add translation keys for auth and permission errors
Replace static window variables (ACKIFY_OAUTH_ENABLED, ACKIFY_MAGICLINK_ENABLED)
with dynamic API call to /api/v1/auth/config. This allows auth methods to be
changed without rebuilding the frontend and supports dynamic tenant configuration.
Instead of failing when bucket doesn't exist, attempt to create it.
This improves the initial setup experience with MinIO and other S3
compatible storage providers.
MagicLinkRepository was bypassing RLS by using r.db directly instead of
dbctx.GetQuerier(ctx, r.db). This meant queries ran outside the
transaction with app.tenant_id set, causing RLS policies to not apply.
All methods now use dbctx.GetQuerier to properly participate in the
RLS transaction context.
- Move service initialization (MagicLink, Email, i18n) to main.go
- Change signature lookup from user_sub to email for cross-auth consistency
- Remove OauthService wrapper, simplify auth layer
- Pass parent context to workers for graceful shutdown
- Fix IP extraction from RemoteAddr with port
- Add compact mode to SignatureList component
- Update Cypress tests with new data-testid attributes
- Create unified AuthProvider interface in pkg/providers/interfaces.go
supporting OIDC, MagicLink, and session management
- Implement DynamicAuthProvider that reads config from ConfigService
on each request, enabling hot-reload of auth settings
- Simplify ServerBuilder by removing separate oauthProvider and flags
- Consolidate auth handlers into single handler.go using unified interface
- Remove obsolete providers (oauth_provider.go, magiclink_provider.go)
- Remove separate magic_link_handler.go and reminder_auth_handler.go
- Update tests with new mockAuthProvider implementing full interface
- Fix config_service_test.go SMTP validation (requires Host + From)
- Add extension-based MIME type refinement for text formats (.md, .docx, .xlsx, .odt, .ods)
- Add charset=utf-8 for text-based MIME types in Content-Type header
- Support ODF formats (OpenDocument Text/Spreadsheet)
- Unify compose templates into single compose.yml.template with region markers
- Add update mode to install script to preserve existing configuration
- Extend file upload accept list in DocumentCreateForm
- Remove binary file from repository
- New design system (IBM Plex fonts, slate palette, dark mode)
- Complete refactor of components and pages
- Add favicon, PWA icons and new logo
- Minor fixes (null handling, translations, navigation)
BREAKING CHANGE: ACKIFY_APP_PASSWORD environment variable is now required for RLS support. The migrate tool creates the ackify_app role before running migrations, ensuring compatibility with existing deployments.
Changes:
- Add ensureAppRole() in cmd/migrate to create/update ackify_app role
- Remove docker/init-scripts/01-create-app-user.sh (no longer needed)
- Update compose.yml: add ACKIFY_APP_PASSWORD, backend connects as ackify_app
- Update migration 0016: remove conditional role creation
- Add RLS documentation (docs/en/configuration/rls.md, docs/fr/configuration/rls.md)
- Update configuration docs with RLS section and security checklist
Migration path for existing deployments:
1. Set ACKIFY_APP_PASSWORD in .env
2. Run docker compose up (migrate will create the role automatically)
Apply Clean Architecture principles throughout the codebase to eliminate tight coupling between layers. Handlers now depend exclusively on services through private interfaces, never directly on repositories.
Introduce a ServerBuilder pattern with pluggable capability providers.
refactor(auth): introduce injectable AuthorizerService
Replace hardcoded AdminEmails and OnlyAdminCanCreate config fields
with an injectable AuthorizerService. This improves testability and
follows the dependency injection pattern used elsewhere in the codebase.
- Create AuthorizerService in application/services/
- Define minimal Authorizer interfaces in consuming packages
- Update middleware, handlers, and router to use injected authorizer
- Update all affected tests with mock implementations
refactor(build): move go.mod to backend directory
Move Go module files from project root to backend/ directory while keeping the module name as github.com/btouchard/ackify-ce.
This improves project structure by keeping Go-specific files within the Go codebase directory.
# Conflicts:
# backend/internal/application/services/checksum_service_test.go
# backend/internal/application/services/document_service.go
# backend/internal/application/services/document_service_duplicate_test.go
# backend/internal/application/services/document_service_test.go
# backend/internal/presentation/api/documents/handler.go
# backend/internal/presentation/api/documents/handler_test.go
# backend/internal/presentation/api/router.go
# backend/pkg/web/server.go
- Add pkg/coreapp/ with service interfaces and dependency injection
- Add DocumentAuthorizer for document access control
- Add ExpectedSignerService for expected signers management
- Simplify router and handlers by using coreapp dependencies
- Add instance_metadata table with unique UUID per instance
- Add tenant_id column to all business tables (documents, signatures, expected_signers, webhooks, reminder_logs, email_queue, checksum_verifications, webhook_deliveries)
- Backfill existing data with instance tenant UUID
- Create TenantProvider interface and SingleTenantProvider implementation
- Update all repositories to filter by tenant_id
- Add immutability triggers to prevent tenant_id modification after creation
Migration 0015 includes:
- Schema changes with indexes for tenant_id columns
- SQL backfill for existing data
- Trigger functions for data integrity
- Add instance_metadata table with unique UUID per instance
- Add tenant_id column to all business tables (documents, signatures, expected_signers, webhooks, reminder_logs, email_queue, checksum_verifications, webhook_deliveries)
- Backfill existing data with instance tenant UUID
- Create TenantProvider interface and SingleTenantProvider implementation
- Update all repositories to filter by tenant_id
- Add immutability triggers to prevent tenant_id modification after creation
Migration 0015 includes:
- Schema changes with indexes for tenant_id columns
- SQL backfill for existing data
- Trigger functions for data integrity
