{"items":[{"id":"7436de69-f290-4445-af7b-aca4b55f96e8","type":"push","org":"unchainedshop","repo":"unchained","title":"Fix preserve watch output","summary":"pozylon updated master to fix preserved watch output by moving the TypeScript watch setting into the dev script. The Fastify GraphQL route now uses the handler’s configured endpoint and simplifies request handling by returning the handler response directly.","url":"https://nomit.dev/unchainedshop/unchained/status/154d51c515ea2357dade05239236f40fe8741bdd18303fb5ad2f3cdf2b33b85c","author":"pozylon","contributors":["pozylon"],"updated_at":"2026-01-30T12:34:57+00:00"},{"id":"52a70416-c2bf-4149-b944-b5e33cfa74f4","type":"push","org":"unchainedshop","repo":"unchained","title":"Fix verbose auth logging, add unit tests for auth, refactor types.ts files","summary":"pozylon pushed a set of auth and type-organization improvements on master: JWT verification now treats malformed JWS tokens as a handled invalid case (reducing noisy auth logs) and adds a comprehensive auth.test.ts suite covering fingerprints, signing, and token validation edge cases. The update also refactors several standalone types.ts files by moving shared types into existing implementation/schema files (e.g., localization types into schemas.ts and inlining system handler option types), and updates ticketing to define TicketingAPI in index.ts.","url":"https://nomit.dev/unchainedshop/unchained/status/7d329fbe0ddeae508fbc8f79b3baa7f619b815c4bb6fc61be7fcd085b60ad58b","author":"pozylon","contributors":["pozylon"],"updated_at":"2026-01-23T10:15:39+00:00"},{"id":"c4236eef-15c6-4230-94e7-96d42c625f5c","type":"push","org":"unchainedshop","repo":"unchained","title":"Simplify return type of logoutAllSessions and get rid of jsonwebtoken dependency","summary":"pozylon updated the API auth flow to drop the jsonwebtoken dependency in favor of jose, making JWT signing/verification async and updating middleware accordingly. The logoutAllSessions mutation was simplified to return only a success response (schema + tests updated), and ACL sensitive action prefixes were tightened (e.g., manageUser/updateUser/createUser).","url":"https://nomit.dev/unchainedshop/unchained/status/ef9757700a23e482e756d67c27a017ae1fb66702c0a4ce5c26093bd014160878","author":"pozylon","contributors":["pozylon"],"updated_at":"2026-01-23T07:39:15+00:00"},{"id":"2e726e65-8e4b-4efa-8bfe-1769cd3325c4","type":"push","org":"unchainedshop","repo":"unchained","title":"Fix backchannel-logout","summary":"pozylon fixed OIDC backchannel logout by refactoring it into a unified HTTP route that mounts alongside plugin routes for both Express and Fastify. The update introduces a new route-based backchannel logout implementation with stricter handling and adds comprehensive tests (including JWKS/keypair setup) to verify token verification, error cases, and session invalidation behavior.","url":"https://nomit.dev/unchainedshop/unchained/status/3ca12b679aefb3584934c5cd4ca26f179f30c4483593c7681a189c9dbc943205","author":"pozylon","contributors":["pozylon"],"updated_at":"2026-01-20T19:01:33+00:00"},{"id":"d10f2ac9-43fc-485e-88cc-72203e935fa1","type":"push","org":"unchainedshop","repo":"unchained","title":"Add sensitive actions events","summary":"pozylon pushed updates adding ACL audit events: permission denials now emit an ACL_DENIED event, and granted checks for “sensitive” actions (e.g., manage/login/reset/create/update) emit ACL_GRANTED_SENSITIVE, with tests updated to register and tolerate the new events. The same push also hardens the email worker’s browser preview by HTML-escaping headers/links/text to prevent injection, and extends the PricingCalculation type with optional discount/tax/pricing fields.","url":"https://nomit.dev/unchainedshop/unchained/status/9d1353b4d7ab455b384c3024f4afdf4567f7100abb2e38e1d04c2bc1189d483c","author":"pozylon","contributors":["pozylon"],"updated_at":"2026-01-20T18:23:07+00:00"}],"pagination":{"offset":0,"limit":5,"has_more":true}}