7f3fbdc57d
Merge pull request #1095 from bigcapitalhq/fix/plaid-webhook-signature-verification
...
fix(server): verify Plaid webhook signatures (GHSA-g56w-g54f-whq5)
2026-05-17 23:04:30 +02:00
d74e02c21a
Merge branch 'develop' into feat/financial-audit-trail
2026-05-17 19:55:15 +02:00
00feae58a7
wip
2026-05-17 19:50:00 +02:00
78fb158b98
fix(server): verify Plaid webhook signatures (GHSA-g56w-g54f-whq5)
...
POST /api/banking/plaid/webhooks was @PublicRoute() and processed the
body without verifying Plaid's Plaid-Verification JWT, letting any
unauthenticated client replay or fabricate webhook events for a tenant
by guessing a plaidItemId.
Add PlaidWebhookVerificationService that verifies the Plaid-Verification
ES256 JWS using a JWK fetched from plaidClient.webhookVerificationKeyGet
(cached per kid via lru-cache for 24h), enforces a 5-minute iat replay
window through jose.jwtVerify({ maxTokenAge }), and timing-safe compares
the body's SHA-256 against the request_body_sha256 claim. The webhook
controller now consumes the raw body and the plaid-verification header,
runs verification before setupPlaidTenant, and returns 400 Bad Request
on any failure - so no tenant context is ever set for an unsigned or
tampered request.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-16 12:19:30 +02:00
5caa4bce61
Merge pull request #1045 from bigcapitalhq/self-contained-e2e-github-action
...
feat(ci): self contained e2e GitHub action
2026-03-15 23:49:49 +02:00
e3d3da7cd9
feat(sdk): move the generate sdk ts types to nestjs command
2026-03-04 00:20:46 +02:00
e3c55c5d6f
feat(sdk): add OpenAPI export script and TypeScript SDK package
...
- Add export-openapi.ts script for server OpenAPI spec export
- Add shared/sdk-ts package with generated API clients (accounts, bills, customers, vendors, etc.)
- Update Customers and Vendors controllers
- Update ReportsEventsTracker
- Update .gitignore, package.json, and pnpm-lock
Made-with: Cursor
2026-03-03 23:26:24 +02:00
6193358cc3
feat(server): add bull ui board
2026-01-29 20:37:04 +02:00
8a2a8eed3b
fix: import rows aggregator
2025-12-18 20:44:05 +02:00
41143d8bbd
feat: api endpoints throttle ( #837 )
...
* feat: api endpoints throttle
2025-10-30 22:06:05 +02:00
3bd0e89146
feat: migration commands ( #828 )
...
* feat: migration commands
* Update packages/server/src/modules/CLI/commands/TenantsMigrateRollback.command.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Update packages/server/src/modules/CLI/commands/TenantsMigrateLatest.command.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Update packages/server/src/modules/CLI/commands/TenantsList.command.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Update packages/server/src/modules/CLI/commands/SystemMigrateRollback.command.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Update packages/server/src/modules/CLI/commands/TenantsMigrateLatest.command.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-10-22 21:58:02 +02:00
0477133cda
feat: darkmode skeleton and universal search
2025-10-21 00:14:31 +02:00
e548e7dc4a
feat: typecheck gh action
2025-10-18 18:48:03 +02:00
dbc71c2555
feat(server): socket module
2025-10-18 13:27:43 +02:00
84cb7693c8
feat: api keys
2025-07-01 23:05:58 +02:00
88ef60ef28
fix: delete inventory adjustment gl entries
2025-06-15 17:51:44 +02:00
b9755ff01c
refactor(nestjs): import module
2025-04-12 13:39:17 +02:00
55fcc908ef
feat(nestjs): migrate to NestJS
2025-04-07 11:51:24 +02:00
ee284196eb
refactor: inventory adjustments e2e test cases
2025-01-08 15:43:43 +02:00
51aec8d8b3
feat: render server-side invoice pdf template using React server
2024-11-04 12:55:12 +02:00
6687db4085
feat: add shared package to pdf templates to render in the server and client side
2024-11-03 17:31:17 +02:00
42ee8ed9fa
feat: initialize email-components vite package
2024-10-27 10:16:04 +02:00
df9d277e66
fix: Display country name
2024-10-06 13:18:31 +02:00
430cf19533
feat: Link transations with payment methods
2024-09-15 19:42:43 +02:00
a183666df6
feat: Onboard accounts to Stripe Connect
2024-09-08 11:42:26 +02:00
dcfc231d4d
feat(server): Events tracking using Posthog
2024-09-01 23:01:25 +02:00
fc6ebfea5c
Debounce scheduling calculating items cost
2024-08-28 21:25:47 +02:00
fde9ccc5ca
fix: Database connection lost error
2024-08-15 23:47:21 +02:00
f7fcfefc78
fix: Concurrency controlling multiple processes in Bigcapital CLI commands
2024-06-09 22:52:56 +02:00
6a6dcadaf9
fix: TS types
2024-05-30 17:47:27 +02:00
ceb133e29a
feat: getting presigned url of the uploaded attachment
2024-05-29 16:16:08 +02:00
c8f31f33be
feat: wip upload documents
2024-05-24 14:28:21 +02:00
9103b60653
feat: New Relic tracking ( #429 )
2024-04-28 18:12:59 +02:00
9b6f934990
fix: add @lemonsqueezy/lemonsqueezy package dependencies.
2024-04-17 17:44:35 +02:00
ab4c0ab7a7
feat: wip import resources
2024-03-15 00:18:41 +02:00
4270d66928
feat(server): wip import resources
2024-03-11 20:05:12 +02:00
1fc6445123
Merge branch 'develop' into draft-import-resources
2024-03-10 14:54:32 +02:00
b1d5390bfc
WIP
2024-03-10 14:53:10 +02:00
2d3544fe37
feat: add socker connection between client and server
2024-02-24 00:18:48 +02:00
b9886cfac3
feat(server): api endpoint to get Plaid link token
2024-01-30 22:51:55 +02:00
5a958cc9fa
Merge branch 'develop' into optimize-printing
2023-11-29 15:35:06 +02:00
d15c5890ed
feat: export reports csv and xlsx ( #286 )
2023-11-28 19:53:13 +02:00
b167284c8e
chore(deps): bump axios from 0.20.0 to 1.6.0 in /packages/server ( #284 )
...
Bumps [axios](https://github.com/axios/axios ) from 0.20.0 to 1.6.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-17 02:58:28 +02:00
b75d44a3dd
WIP
2023-11-13 20:50:48 +02:00
e070ac72dd
feat: Computed Net Income under Equity in Balance Sheet report. ( #271 )
2023-10-26 18:59:09 +02:00
ee62e3e1c2
feat: migrate to pnpm ( #253 )
2023-10-04 12:17:27 +02:00
5df454dd30
chore: bump packages version to v0.10.2
2023-10-02 23:29:21 +02:00
b3a97ed5d5
chore: dump packages versions
2023-09-25 15:34:10 +02:00
b9572420ed
feat(webapp): add monorepo version on the sidebar
2023-06-12 02:44:12 +02:00
b24a367438
fix(server): fix migrations and seeds dir ( #101 )
2023-03-31 02:26:23 +02:00
Ahmed Bouhuolia