mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-03-17 18:02:40 -05:00
Code Issues Packages Projects Releases 138 Wiki Activity
5,012 Commits 380 Branches 182 Tags
72d34f36786d8643f8530cebcdfb86784aa95fce
Commit Graph

68 Commits

Author SHA1 Message Date
Santosh
8c6496cdd4 merge: resolve conflicts with main branch 
Merge origin/main into fix/idor-server-actions-and-sentry-v2-logging,
resolving conflicts in 5 server action files by combining:
- .inputSchema() API from main (renamed from .schema())
- IDOR fix: derive organizationId from target resource, not client input
 2026-03-11 13:11:41 +01:00
Anshuman Pandey
cb41e2d344 fix: sets apps/web TS strict check to true (#7451) 2026-03-11 10:14:37 +01:00
Matti Nannt
1e19cca7d9 feat: implement cloud stripe billing sync and pricing revamp (#7309) 
Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-10 16:04:23 +00:00
Matti Nannt
afa192e5b9 chore: upgrade deps and Zod v4 migration (#7425) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-06 14:41:28 +01:00
Bhagya Amarasinghe
fc1c91896a fix: add server-side SSRF validation for webhook URLs (#7414) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-06 07:36:49 +00:00
Santosh
77f7e099b9 fix: derive organizationId from resources in server actions to prevent cross-org IDOR (#7326, #6677) 
resetSurveyAction, deleteInviteAction, and updateInviteAction accepted
organizationId from client input for authorization while operating on
resources identified by separate IDs. An authenticated user belonging
to multiple organizations could authorize against their own org while
mutating resources in another org.

Derive organizationId from the target resource using existing helpers
(getOrganizationIdFromSurveyId, getOrganizationIdFromInviteId),
matching the pattern already used by adjacent safe actions in the same
files.

Also adds request method and path as Sentry tags and structured log
context in the API v2 error handler, bringing v2 error reporting to
parity with v1.
 2026-03-04 12:16:35 +01:00
Anshuman Pandey
4fadc54b4e fix: fixes storage resolution issues (#7310) 2026-02-19 14:03:19 +00:00
Dhruwang Jariwala
f4ac9a8292 fix: always validate only responseData fields in client/management APIs (#7292) (#7296) 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-19 08:56:42 +00:00
Anshuman Pandey
f7e8bc1630 feat: attributes data types (#7246) 
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-02-13 08:55:06 +00:00
Anshuman Pandey
ff10ca7d6a fix: allows local ip images (#7189) 
Co-authored-by: pandeymangg <pandeyman@Anshumans-MacBook-Air.local>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: Matti Nannt <matti@formbricks.com>
 2026-02-10 17:29:27 +01:00
Dhruwang Jariwala
56ce05fb94 fix: validation in client api (#7206) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-02-06 06:55:41 +00:00
Dhruwang Jariwala
1db1271e7f feat: validation rules (#7140) 2026-01-21 15:23:09 +00:00
dependabot[bot]
c1a4cc308b chore(deps): bump the npm_and_yarn group across 2 directories with 1 update (#7081) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matti Nannt <matti@formbricks.com>
 2026-01-15 15:10:33 +01:00
Anshuman Pandey
46be3e7d70 feat: webhook secret (#7084) 2026-01-09 12:31:29 +00:00
Jagadish Madavalkar
f1fc9fea2c fix: api-wrapper returns valid malformed response (#7053) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-01-06 10:24:39 +00:00
Dhruwang Jariwala
5b334f6623 feat: UI to change attribute value for contacts (#7040) 2025-12-29 13:09:29 +00:00
Dhruwang Jariwala
98cb2de02b feat: UI to manage attribute keys (#7038) 2025-12-26 10:02:37 +00:00
Matti Nannt
7354122447 fix: update V2 API OpenAPI paths to include full prefixes (#6983) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2025-12-23 06:29:25 +00:00
Anshuman Pandey
f888aa8a19 feat: MQP (#6901) 
Co-authored-by: Matti Nannt <matti@formbricks.com>
Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: Dhruwang Jariwala <67850763+Dhruwang@users.noreply.github.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2025-11-28 12:36:17 +00:00
Johannes
aab6798b29 chore: Remove old telemetry & usage tracking (#6844) 
Co-authored-by: Matti Nannt <matti@formbricks.com>
 2025-11-25 12:57:43 +00:00
Matti Nannt
9ae66f44ae feat: add filterDateField parameter to enable filtering by updated-at in responses endpoint (#6833) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2025-11-18 10:14:45 +00:00
Johannes
906b4da33c fix: execute pipeline on Create Response of Management API (#6712) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2025-10-27 17:34:00 +00:00
Matti Nannt
8bdfc0686f chore: apply prettier formatting (#6719) 2025-10-20 14:28:14 +00:00
Victor Hugo dos Santos
aaea129d4f fix: api key hashing algorithm (#6639) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2025-10-13 14:36:37 +00:00
Dhruwang Jariwala
1ced76c44d chore: added expirationDays param support in personal link api (#6578) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2025-10-06 07:12:29 +00:00
Victor Hugo dos Santos
6af81e46ee chore: improve Sentry API logs with correlation ID and request context (#6584) 2025-09-24 09:25:51 +00:00
Victor Hugo dos Santos
6bc5f1e168 feat: add cache integration tests and update E2E workflow (#6551) 2025-09-19 08:44:31 +00:00
Matti Nannt
839144d338 chore: remove unused fields and tables from prisma schema (#6531) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2025-09-12 09:01:03 +00:00
Anshuman Pandey
96031822a6 feat: s3 compatible storage (#6536) 
Co-authored-by: Victor Santos <victor@formbricks.com>
 2025-09-12 08:17:33 +00:00
Piyush Gupta
dd394f1d2c chore: remove cron jobs and survey scheduling functionality (#6505) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2025-09-11 06:57:11 +00:00
Piyush Gupta
feee22b5c3 feat: Quota management(part 1 & part 2) (#6521) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: Dhruwang Jariwala <67850763+Dhruwang@users.noreply.github.com>
 2025-09-09 13:25:05 +00:00
Piyush Gupta
59859d0e4f fix: organization access checks (#6441) 2025-08-19 11:23:59 +00:00
Victor Hugo dos Santos
43628caa3b feat: Add rate limiting to API V1 (#6355) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2025-08-11 09:10:45 +00:00
Anshuman Pandey
3803111b19 fix: fixes personalized links when single use id is enabled (#6270) 2025-07-22 12:08:45 +00:00
Piyush Gupta
eee9ee8995 chore: Replaces Unkey and Update rate limiting in the management API v2. (#6273) 2025-07-22 09:33:29 +00:00
Victor Hugo dos Santos
ef973c8995 chore: merge rate limiter epic branch into main (#6236) 
Co-authored-by: Harsh Bhat <90265455+harshsbhat@users.noreply.github.com>
Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: Piyush Gupta <56182734+gupta-piyush19@users.noreply.github.com>
Co-authored-by: Aditya <162564995+Naidu-4444@users.noreply.github.com>
Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
Co-authored-by: Dhruwang Jariwala <67850763+Dhruwang@users.noreply.github.com>
Co-authored-by: Johannes <72809645+jobenjada@users.noreply.github.com>
Co-authored-by: Jakob Schott <154420406+jakobsitory@users.noreply.github.com>
Co-authored-by: Suraj <surajsuthar0067@gmail.com>
Co-authored-by: Kshitij Sharma <63995641+kshitij-codes@users.noreply.github.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
 2025-07-16 12:28:59 +00:00
Victor Hugo dos Santos
4e52556f7e feat: add single contact using the API V2 (#6168) 2025-07-10 10:34:18 +00:00
Piyush Gupta
0b7734f725 fix: optional fields in update response API (#6113) 2025-06-30 06:13:42 +00:00
Piyush Gupta
619f6e408f fix: /api/v2/management/contact-attribute-keys returns 500 instead of 409 on duplicate record (#6100) 2025-06-27 12:50:35 +00:00
victorvhs017
6328be220a fix: updated api docs to use - instead of > (#6107) 2025-06-26 09:54:34 -07:00
Piyush Gupta
12c3899b85 fix: input validation in management v2 webhooks API (#6078) 2025-06-25 09:49:56 +00:00
victorvhs017
a9946737df feat: audit logs (#5866) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>
 2025-06-05 19:31:39 +00:00
Matti Nannt
c0b8edfdf2 chore: Comprehensive Cache Optimization & Performance Enhancement (#5926) 
Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>
 2025-06-04 20:33:17 +02:00
Matti Nannt
12aa959f50 fix: slow responses query slowing down database (#5846) 2025-05-21 04:13:31 +00:00
Piyush Gupta
59ed10398d fix: suid bugs (#5780) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-05-14 12:09:41 +00:00
Johannes
0f0b743a10 test: backfill variety of test files (#5729) 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-05-09 07:26:41 +00:00
Dhruwang Jariwala
61657b9f9a chore: add char limit to other option (#5382) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2025-05-05 14:56:54 +00:00
Dhruwang Jariwala
8bdb818995 fix: server side checks for file upload (#5566) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2025-04-30 16:24:54 +00:00
Matti Nannt
51001d07b6 chore: remove old AI classification feature (#5529) 
Co-authored-by: Victor Santos <victor@formbricks.com>
 2025-04-28 19:18:07 +00:00
Piyush Gupta
630e5489ec feat: Implement v2 management api endpoint for contact attribute keys (#5316) 
Co-authored-by: Victor Santos <victor@formbricks.com>
 2025-04-23 15:48:18 +00:00