* Avoid empty webhook processor work via cached subscription lookup
WebhookProcessor ran for every event but most teams have no matching
webhook subscription, costing an empty processor job and a database query
per event.
Cache a team's enabled subscriptions ({ id, events }) in Redis, invalidated
by model lifecycle hooks, and add an optional BaseProcessor.shouldQueue hook
consulted by the global event queue so the webhook processor only enqueues a
job when a matching subscription exists.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* feedback
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* fix: Run single process when only the worker service is enabled
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* perf: Improve memory consumption through lazy service loading
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* chore: promote no-explicit-any from warn to error and resolve violations
Upgrades the oxlint rule severity and removes all 40 existing
`no-explicit-any` warnings across the codebase. Most call sites gained
proper types (SharedEditor refs, JSONNode/JSONMark for ProseMirror JSON
walking, DocumentsStore, dd-trace `Span` parameter inference, prosemirror
Fragment public API in place of internal `(fragment as any).content`).
A few load-bearing `any` uses were preserved with scoped disable
comments where changing the type would cascade widely (Sequelize JSONB
columns on `Event`, the `withTracing` higher-order function generic,
`Extension.options` consumed by many subclasses, dd-trace's `req`
patching).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat: Add support for configurable proxy IP header in environment settings
* Update server/env.ts
Remove mention of Koa from docs
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* Update .env.sample
Remove mention of Koa from env sample.
Co-authored-by: Tom Moor <tom.moor@gmail.com>
---------
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* wip
* Implementation complete
* tidying
* test
* Address feedback
* Remove duplicative retry logic from UpdateDocumentsPopularityScoreTask.
Now that we're split across many runs this is not neccessary
* Refactor to subclass, config to instance
* Refactor BaseTask to named export
* fix: Missing partition
* tsc
* Feedback
* feat: Add POST method option to redirectOnClient helper
* Applied automatic fixes
* fix: Add missing closing HTML tag in redirectOnClient GET method
* fix: Use lodash escape for form field values to prevent XSS
* Applied automatic fixes
* fix: Add missing lodash/escape import
* Applied automatic fixes
* fix: Escape all URLs in redirectOnClient function
* Update index.ts
* fix: CSP
* Refactor CSP middleware
* docs, only use for email signin
---------
Co-authored-by: codegen-sh[bot] <131295404+codegen-sh[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com>
This PR contains the necessary work to make Outline an OAuth provider including:
- OAuth app registration
- OAuth app management
- Private / public apps (Public in cloud only)
- Full OAuth 2.0 spec compatible authentication flow
- Granular scopes
- User token management screen in settings
- Associated API endpoints for programatic access
Tom Moor