Merge branch 'main' into dev

package.json

@@ -33,7 +33,7 @@
     },
     "dependencies": {
         "@asteasolutions/zod-to-openapi": "8.4.1",
-        "@aws-sdk/client-s3": "3.989.0",
+        "@aws-sdk/client-s3": "3.1004.0",
         "@faker-js/faker": "10.3.0",
         "@headlessui/react": "2.2.9",
         "@hookform/resolvers": "5.2.2",
@@ -80,16 +80,16 @@
         "d3": "7.9.0",
         "drizzle-orm": "0.45.1",
         "express": "5.2.1",
-        "express-rate-limit": "8.2.1",
+        "express-rate-limit": "8.3.0",
         "glob": "13.0.6",
         "helmet": "8.1.0",
         "http-errors": "2.0.1",
         "input-otp": "1.4.2",
-        "ioredis": "5.9.3",
+        "ioredis": "5.10.0",
         "jmespath": "0.16.0",
         "js-yaml": "4.1.1",
         "jsonwebtoken": "9.0.3",
-        "lucide-react": "0.563.0",
+        "lucide-react": "0.577.0",
         "maxmind": "5.0.5",
         "moment": "2.30.1",
         "next": "15.5.12",
@@ -99,20 +99,21 @@
         "node-cache": "5.1.2",
         "nodemailer": "8.0.1",
         "oslo": "1.2.1",
-        "pg": "8.19.0",
-        "posthog-node": "5.26.0",
+        "pg": "8.20.0",
+        "posthog-node": "5.28.0",
         "qrcode.react": "4.2.0",
         "react": "19.2.4",
-        "react-day-picker": "9.13.2",
+        "react-day-picker": "9.14.0",
         "react-dom": "19.2.4",
         "react-easy-sort": "1.8.0",
         "react-hook-form": "7.71.2",
-        "react-icons": "5.5.0",
+        "react-icons": "5.6.0",
         "recharts": "2.15.4",
-        "reodotdev": "1.0.0",
+        "reodotdev": "1.1.0",
+        "resend": "6.9.2",
         "semver": "7.7.4",
         "sshpk": "^1.18.0",
-        "stripe": "20.3.1",
+        "stripe": "20.4.1",
         "swagger-ui-express": "5.0.1",
         "tailwind-merge": "3.5.0",
         "topojson-client": "3.1.0",
@@ -130,10 +131,10 @@
         "zod-validation-error": "5.0.0"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.52.0",
+        "@dotenvx/dotenvx": "1.54.1",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
         "@react-email/preview-server": "5.2.8",
-        "@tailwindcss/postcss": "4.1.18",
+        "@tailwindcss/postcss": "4.2.1",
         "@tanstack/react-query-devtools": "5.91.3",
         "@types/better-sqlite3": "7.6.13",
         "@types/cookie-parser": "1.4.10",
@@ -145,10 +146,10 @@
         "@types/jmespath": "0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.2.3",
+        "@types/node": "25.3.5",
         "@types/nodemailer": "7.0.11",
         "@types/nprogress": "0.2.3",
-        "@types/pg": "8.16.0",
+        "@types/pg": "8.18.0",
         "@types/react": "19.2.14",
         "@types/react-dom": "19.2.3",
         "@types/semver": "7.7.1",
@@ -166,11 +167,11 @@
         "postcss": "8.5.6",
         "prettier": "3.8.1",
         "react-email": "5.2.8",
-        "tailwindcss": "4.1.18",
+        "tailwindcss": "4.2.1",
         "tsc-alias": "1.8.16",
         "tsx": "4.21.0",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.55.0"
+        "typescript-eslint": "8.56.1"
     },
     "overrides": {
         "esbuild": "0.27.3",

server/db/pg/schema/privateSchema.ts

@@ -328,6 +328,14 @@ export const approvals = pgTable("approvals", {
         .notNull()
 });
 
+export const bannedEmails = pgTable("bannedEmails", {
+    email: varchar("email", { length: 255 }).primaryKey(),
+});
+
+export const bannedIps = pgTable("bannedIps", {
+    ip: varchar("ip", { length: 255 }).primaryKey(),
+});
+
 export type Approval = InferSelectModel<typeof approvals>;
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;

server/db/sqlite/schema/privateSchema.ts

@@ -318,6 +318,15 @@ export const approvals = sqliteTable("approvals", {
         .notNull()
 });
 
+
+export const bannedEmails = sqliteTable("bannedEmails", {
+    email: text("email").primaryKey()
+});
+
+export const bannedIps = sqliteTable("bannedIps", {
+    ip: text("ip").primaryKey()
+});
+
 export type Approval = InferSelectModel<typeof approvals>;
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;

server/routers/auth/signup.ts

@@ -1,5 +1,5 @@
 import { NextFunction, Request, Response } from "express";
-import { db, users } from "@server/db";
+import { bannedEmails, bannedIps, db, users } from "@server/db";
 import HttpCode from "@server/types/HttpCode";
 import { email, z } from "zod";
 import { fromError } from "zod-validation-error";
@@ -65,6 +65,30 @@ export async function signup(
         skipVerificationEmail
     } = parsedBody.data;
 
+    const [bannedEmail] = await db
+        .select()
+        .from(bannedEmails)
+        .where(eq(bannedEmails.email, email))
+        .limit(1);
+    if (bannedEmail) {
+        return next(
+            createHttpError(HttpCode.FORBIDDEN, "Signup blocked. Do not attempt to continue to use this service.")
+        );
+    }
+
+    if (req.ip) {
+        const [bannedIp] = await db
+            .select()
+            .from(bannedIps)
+            .where(eq(bannedIps.ip, req.ip))
+            .limit(1);
+        if (bannedIp) {
+            return next(
+                createHttpError(HttpCode.FORBIDDEN, "Signup blocked. Do not attempt to continue to use this service.")
+            );
+        }
+    }
+
     const passwordHash = await hashPassword(password);
     const userId = generateId(15);
 

server/routers/resource/createResource.ts

@@ -223,6 +223,20 @@ async function createHttpResource(
         );
     }
 
+    // Prevent creating resource with same domain as dashboard
+    const dashboardUrl = config.getRawConfig().app.dashboard_url;
+    if (dashboardUrl) {
+        const dashboardHost = new URL(dashboardUrl).hostname;
+        if (fullDomain === dashboardHost) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    "Resource domain cannot be the same as the dashboard domain"
+                )
+            );
+        }
+    }
+
     if (build != "oss") {
         const existingLoginPages = await db
             .select()

server/routers/resource/updateResource.ts

@@ -353,6 +353,20 @@ async function updateHttpResource(
                 );
             }
 
+            // Prevent updating resource with same domain as dashboard
+            const dashboardUrl = config.getRawConfig().app.dashboard_url;
+            if (dashboardUrl) {
+                const dashboardHost = new URL(dashboardUrl).hostname;
+                if (fullDomain === dashboardHost) {
+                    return next(
+                        createHttpError(
+                            HttpCode.CONFLICT,
+                            "Resource domain cannot be the same as the dashboard domain"
+                        )
+                    );
+                }
+            }
+        
             if (build != "oss") {
                 const existingLoginPages = await db
                     .select()

src/app/[orgId]/settings/resources/proxy/create/page.tsx

@@ -559,7 +559,7 @@ export default function Page() {
             toast({
                 variant: "destructive",
                 title: t("resourceErrorCreate"),
-                description: t("resourceErrorCreateMessageDescription")
+                description: formatAxiosError(e, t("resourceErrorCreateMessageDescription"))
             });
         }
 

src/components/Credenza.tsx

@@ -84,7 +84,7 @@ const CredenzaContent = ({ className, children, ...props }: CredenzaProps) => {
     return (
         <CredenzaContent
             className={cn(
-                "overflow-y-auto max-h-[100dvh] md:max-h-screen md:top-[clamp(1.5rem,12vh,200px)] md:translate-y-0",
+                "overflow-y-auto max-h-[100dvh] md:max-h-[calc(100vh-clamp(3rem,24vh,400px))] md:top-[clamp(1.5rem,12vh,200px)] md:translate-y-0",
                 className
             )}
             {...props}