Archive/screentinker

Fork 0

mirror of https://github.com/screentinker/screentinker.git synced 2026-06-15 10:43:36 -06:00

Commit graph

Author	SHA1	Message	Date
ScreenTinker	c0b220836a	fix(signup): make admin-notify recipient env-driven, not hardcoded The admin signup-notify recipient was hardcoded to support@screentinker.com and shipped in the open-source code. Combined with the opt-out SELF_HOSTED gate, any self-hoster who configured their own Graph credentials but forgot SELF_HOSTED=true would fire their users' signup PII (email, IP, country) into our support inbox. Source the recipient from ADMIN_NOTIFY_EMAIL instead, defaulting to null. When unset, the admin notification is skipped entirely and logged ("[SIGNUP-EMAIL] admin notify skipped (ADMIN_NOTIFY_EMAIL unset)"); the user's welcome email is unaffected. Hosted prod sets the env var so its notifications continue; self-hosters send nothing to us by default, and the .com address no longer ships in code. Document ADMIN_NOTIFY_EMAIL (and the related mail/self-host vars) in a new .env.example. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-30 16:16:33 -05:00
ScreenTinker	a0abdc01ed	fix(signup): route admin signup notification to support@ not personal inbox Admin signup notifications were going to dw5304@gmail.com. Route them to the monitored support@screentinker.com queue instead, so signups land in the shared inbox rather than a personal account. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-05-30 14:52:59 -05:00
ScreenTinker	b67fbaa1b6	feat(signup): welcome email + admin signup notification (slice 1) Every new user now gets a personal welcome email from "Dan at ScreenTinker" <support@screentinker.com>, and Dan gets an admin notification, immediately after signup. Fired from all three signup paths (local /register, Google, Microsoft) via a shared helper (services/signupEmails.js) at the new-user branch only, so OAuth logins of existing users don't re-trigger. - Reuses the single Microsoft Graph transport (services/email.js). Adds two optional, backward-compatible params: fromName (custom From display name; address stays support@ so replies route there) and rawSubject (skip the "[ScreenTinker] " prefix for clean subjects "Welcome to ScreenTinker" / "New signup: <email>"). - Idempotency: users.welcome_email_sent_at, stamped after the send block; non-null short-circuits so a user is only emailed once. Paired backfill stamps all pre-existing users with sentinel 1 so a future "IS NULL" sweep can't mistake the legacy base for un-welcomed and blast them. - Production-only: gated on !config.selfHosted so self-host operators never emit mail from our domain or CC Dan. - No retry logic by design (no re-trigger path on existing users); per-email {sent, reason} is logged so a Graph hiccup is visible. Admin notification includes workspace org name, email, UTC + Central timestamp, client IP (CF-aware), CF-IPCountry, and user agent.	2026-05-30 14:50:27 -05:00

Author

SHA1

Message

Date

ScreenTinker

c0b220836a

fix(signup): make admin-notify recipient env-driven, not hardcoded

The admin signup-notify recipient was hardcoded to
support@screentinker.com and shipped in the open-source code. Combined
with the opt-out SELF_HOSTED gate, any self-hoster who configured their
own Graph credentials but forgot SELF_HOSTED=true would fire their
users' signup PII (email, IP, country) into our support inbox.

Source the recipient from ADMIN_NOTIFY_EMAIL instead, defaulting to
null. When unset, the admin notification is skipped entirely and logged
("[SIGNUP-EMAIL] admin notify skipped (ADMIN_NOTIFY_EMAIL unset)"); the
user's welcome email is unaffected. Hosted prod sets the env var so its
notifications continue; self-hosters send nothing to us by default, and
the .com address no longer ships in code.

Document ADMIN_NOTIFY_EMAIL (and the related mail/self-host vars) in a
new .env.example.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-05-30 16:16:33 -05:00

ScreenTinker

a0abdc01ed

fix(signup): route admin signup notification to support@ not personal inbox

Admin signup notifications were going to dw5304@gmail.com. Route them
to the monitored support@screentinker.com queue instead, so signups
land in the shared inbox rather than a personal account.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-05-30 14:52:59 -05:00

ScreenTinker

b67fbaa1b6

feat(signup): welcome email + admin signup notification (slice 1)

Every new user now gets a personal welcome email from
"Dan at ScreenTinker" <support@screentinker.com>, and Dan gets an
admin notification, immediately after signup. Fired from all three
signup paths (local /register, Google, Microsoft) via a shared
helper (services/signupEmails.js) at the new-user branch only, so
OAuth logins of existing users don't re-trigger.

- Reuses the single Microsoft Graph transport (services/email.js).
  Adds two optional, backward-compatible params: fromName (custom
  From display name; address stays support@ so replies route there)
  and rawSubject (skip the "[ScreenTinker] " prefix for clean
  subjects "Welcome to ScreenTinker" / "New signup: <email>").
- Idempotency: users.welcome_email_sent_at, stamped after the send
  block; non-null short-circuits so a user is only emailed once.
  Paired backfill stamps all pre-existing users with sentinel 1 so
  a future "IS NULL" sweep can't mistake the legacy base for
  un-welcomed and blast them.
- Production-only: gated on !config.selfHosted so self-host
  operators never emit mail from our domain or CC Dan.
- No retry logic by design (no re-trigger path on existing users);
  per-email {sent, reason} is logged so a Graph hiccup is visible.

Admin notification includes workspace org name, email, UTC + Central
timestamp, client IP (CF-aware), CF-IPCountry, and user agent.

2026-05-30 14:50:27 -05:00

3 commits