Open
Conversation
* feat: add private app access extension event contract Define app.private-access.check in extension API typings with mutable allow/redirect decision fields for entitlement handlers. * refactor: camelCase private access event contract Rename private access extension event and payload fields to camelCase for consistency with repo conventions.
Add private app access gating in PuterSiteMiddleware with entitlement event checks, bootstrap/private cookie token flow, and camelCase helper/test updates.
When a rate-limit scope is not configured, use a default configuration instead of throwing an error. Display a warning about the unconfigured rate-limit scope when the default is used.
Adds a config flag to disable private app gate enforcement, structured middleware audit logs for private access decisions, and regression coverage for the disabled-gate path.
For convenience, switch flow if the user's action doesn't match the system state when signing up or logging in with Google: - If the user chooses "signup" but they already have an account, log them into that account. - If the user chooses "login" but they do not have an account yet, create an account where their authenticated email address.
…2567) * fix: user deletion for OIDC accounts * clean(backend): update copied license header * clean(backend): replace previously removed comments * fix: double-encoding
Updates private app hosting defaults and middleware/test expectations from puter.app to puter.dev for current rollout needs.
* feat: add private app direct-login bootstrap page Serves a lightweight puter.js sign-in interstitial when private app identity is missing, then retries with a bootstrap token query param while preserving entitlement redirect behavior for authenticated denies. * fix: allow private app subdomain
add event logging and handling to deal with redis startup
…write access requests have their own text strings. (HeyPuter#2499)
…ead and write access requests have their own text strings. (HeyPuter#2499)" This reverts commit 0f33e49.
…ed as well (HeyPuter#2498) * Fix: When a maximized window gets resized, Puter apps should be resized as well * Fix maximixed selector to match any window with data-is_maximized (not just apps)
* fix(ai): additional auth guard * Revert "fix(ai): additional auth guard" This reverts commit 03d4e66.
…yPuter#2576)" (HeyPuter#2579) This reverts commit f6b9c69.
This reverts commit 676b6c3.
…eyPuter#2576)" (HeyPuter#2579) This reverts commit 8349b0d.
* feat: resolve private app hosts by index_url fallback Adds a private-app lookup fallback for hosted subdomains without associated_app_id by matching owner-scoped index_url candidates built from request host and configured protocol. * fix: redirect path * fix: add new domains too * fix, bootstrap url * fix: bootstrap url * fix: auto sign in puter pirvate app
It turns out there are nuances between `puter.ui.authenticateWithPuter` vs `puter.auth.signIn` - these don't do the same thing. The primary difference is that `puter.ui.authenticateWithPuter` will display an override if it's not triggered by a user action, whereas `puter.auth.signIn` will not. This definitely suggests `puter.ui.authenticateWithPuter` should be a caller of `puter.auth.signIn` instead of implementing its own logic for handling the popup - that makes this part of the code more fagile - but that refactor is out-of-scope for this bug fix.
* feat: private app config to use app urls * fix: launch app * fix: cookie origin
* add gemini image models in .chat * update docs for gemini image .chat * actually snake case * fix multi-turn thoughtsignature
* Remove mostly unused TechnicalError and featureflag. Fold Group into GroupService. * move modutil to util * remove unused public/assets * Remove anomaly service, fold logic into groups * remove unused modules * Remove AnomalyService import from tests * remove shutdownservice * remove unused filetracker service * [will break prod] remove Puter AI Module, inline to coremodue * MariaDB compatibility
* add replicate image * docs replicate * pkg lock * maybe fix ci
* Consistent header with files * custom order with draggable app icons * mobile style tweak * Drag apps to sidebar * uninstall * Add desktop switch button to home tab Drag sidebar apps order * Display app storage use in Usage tab * Add context menu options to apps: open in new tab, open in window * Sidebar apps section with taskbar/dock behavior * add close button to sidebar app item * prevent dashboard files items from being selected when dragging * File contextmenu shows filename Keep dashboard URL when opening items * Fixed issue with mobile selecting * sidebar toggling * sidebar tooltips * done! * Files tab statusbar width fix * Consistent header with files * custom order with draggable app icons * mobile style tweak * Drag apps to sidebar * uninstall * Add desktop switch button to home tab Drag sidebar apps order * Display app storage use in Usage tab * Add context menu options to apps: open in new tab, open in window * Sidebar apps section with taskbar/dock behavior * add close button to sidebar app item * prevent dashboard files items from being selected when dragging * File contextmenu shows filename Keep dashboard URL when opening items * Fixed issue with mobile selecting * sidebar toggling * sidebar tooltips * done! * Files tab statusbar width fix * Remove desktop switch button from Home tab * App uninstall fix * mobile style tweaks for dashboard sidebar * Usage tab header fixes * style tweaks * Disable Uninstall for certain system apps * Use app title in uninstall modal * Remove delete-data option from uninstall modal * Update dashboard.css * Update TabApps.js --------- Co-authored-by: jelveh <nj@puter.com>
When the Start button is clicked while the popover is already open, close it instead of doing nothing. This fixes the toggle behavior on Android Chrome where the menu stays open on repeated taps. The `.popover-launcher` removal triggers the UIPopover remove event handler which automatically cleans up the `has-open-popover` class. Fixes HeyPuter#1681
* adjust, refactor together costs * aliases follow rule
Make the DB update in AppES awaitable so the write completes before proceeding (avoids race conditions). Also add invalidation of the Redis object key for the app UID in AppInformationService to ensure cached entries keyed by uid are cleared after updates.
* add gpt image 2 * index cost key * docs + default low
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merging this PR will invoke release actions