Bug fixes:
- bbb.js: replace undefined t('defaultWelcome') call that threw a
ReferenceError when a room had an empty welcome message, breaking
meeting creation. Default welcome and the guest-invite hint are now
localised via the i18n system (new "bbb" namespace in de/en).
- auth.js: app name was read from the never-written 'branding' settings
key, so custom names never appeared in verification emails or the TOTP
issuer. Now resolved through a shared getAppName() helper.
- auth.js: lowercase the email in the registration duplicate check so
case-variant duplicates return a clean 409 instead of a 500 (UNIQUE
violation).
- federation.js: select the user's "language" column so federation
invite emails respect the recipient's language instead of always
defaulting to English.
- calendar.js: a set reminder could not be cleared. COALESCE treated an
explicit reminder_minutes: null as "keep existing"; use a direct
assignment that distinguishes "omitted" (keep) from "null" (clear).
- index.js / analytics.js: exclude the BBB learning-analytics callback
from the global 100kb body limit and give it its own 5mb limit, since
analytics payloads for large meetings can be several MB.
Cleanup:
- Add server/config/appName.js as the single source of truth for the
app name (admin setting -> APP_NAME env -> 'Redlight') and use it in
auth, admin, rooms, calendar and federation, replacing the previous
mix of wrong DB key, direct app_name reads and bare process.env reads.
- Localise the BBB default welcome message in the room owner's language.
- Remove two unused safeAppName variables in mailer.js.
- Added OAuth configuration management in the admin panel.
- Implemented OAuth authorization flow with PKCE for enhanced security.
- Created routes for handling OAuth provider discovery, authorization, and callback.
- Integrated OAuth login and registration options in the frontend.
- Updated UI components to support OAuth login and registration.
- Added internationalization strings for OAuth-related messages.
- Implemented encryption for client secrets and secure state management.
- Added error handling and user feedback for OAuth processes.
- Updated import statements to remove invisible characters.
- Standardized comments to use a consistent hyphen format.
- Adjusted username validation error messages for consistency.
- Enhanced email sending functions to include language support.
- Added email internationalization configuration for dynamic translations.
- Updated calendar and federation routes to include language in user queries.
- Improved user feedback messages in German and English for clarity.
feat(federation): add room sync and deletion notification endpoints for federated instances
fix(federation): handle room deletion and update settings during sync process
feat(federation): enhance FederatedRoomCard and FederatedRoomDetail components to display deleted rooms
i18n: add translations for room deletion messages in English and German
- Escape XML and HTML special characters to prevent injection attacks.
- Implement rate limiting for various endpoints to mitigate abuse.
- Add validation for email formats, password lengths, and field limits.
- Ensure proper access control for recordings and room management.
Michelle