Skip to content

Bebop CMS v0.3.0 - Takayama

Choose a tag to compare

View all tags
@ddri ddri released this 12 Jun 05:09
· 61 commits to main since this release
v0.3.0
3436b92
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Date: June 2025
Type: Audit and security update
Breaking Changes: Yes - Authentication Required

Security Updates

This release tackles a security audit, addressed some typical vulnerabilities, and implements authentication for production-ready deployment. Previous versions (v0.2.3 and below) had no API authentication, allowing unauthorized access to:

  • All user content and data
  • Modify or delete operations
  • File upload functionality
  • Administrative functions

New Security Features

  • GitHub OAuth Authentication - Secure login via GitHub accounts
  • Universal API Protection - All endpoints require valid authentication
  • Clerk Integration - Enterprise-grade authentication infrastructure
  • Session Management - Secure user session handling
  • Input Validation - Comprehensive request sanitization
  • File Security - Protected upload operations with type validation
  • Error Sanitization - Prevents information disclosure

✨ New Features

Authentication System

  • GitHub OAuth Login - Seamless authentication via GitHub
  • Protected Routes - Automatic redirection for unauthenticated users
  • Session Persistence - Secure login state management
  • Clean Sign Out - Proper session termination

API Security

  • Universal Protection - All API endpoints require authentication
  • Consistent Error Handling - Standardized 401/403 responses
  • Request Validation - Input sanitization and type checking
  • Production Safety - Environment-based operation restrictions

Developer Experience

  • Clean Architecture - Professional authentication patterns
  • Error Boundaries - Graceful failure handling
  • Build Stability - Reliable production builds
  • TypeScript Compliance - Zero compilation errors

Breaking Changes

Authentication Required

All users must now authenticate via GitHub to access the application.

Environment Variables Required:

NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_xxx
CLERK_SECRET_KEY=sk_xxx
DATABASE_URL=mongodb://xxx

API Changes

  • All endpoints now require valid authentication
  • Unauthorized requests return 401 status
  • Error responses use standardized JSON format

Bug Fixes

Build & Compilation

  • Fixed: TypeScript compilation error in GitHubSettings component
  • Fixed: Vercel deployment failures due to module resolution
  • Fixed: Component import path inconsistencies
  • Resolved: ESLint configuration conflicts

Dependencies

  • Updated: Next.js 15.1.4 → 15.3.3 (critical security patches)
  • Fixed: All npm audit vulnerabilities (now clean)
  • Updated: Security patches across dependency tree

Error Handling

  • Improved: Consistent API error responses
  • Added: Proper HTTP status codes
  • Fixed: Information disclosure in error messages

Migration Guide

For New Deployments

  1. Set up Clerk account at clerk.com
  2. Configure GitHub OAuth in Clerk dashboard
  3. Add environment variables to deployment platform
  4. Deploy and test authentication flow

For Existing Deployments

  1. Add required environment variables: 
    NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_xxx
CLERK_SECRET_KEY=sk_xxx
  2. Redeploy application
  3. Verify authentication works correctly
  4. Test all functionality with authenticated users

Technical Details

Authentication Stack

  • Provider: Clerk (clerk.com)
  • OAuth: GitHub integration
  • Session: Server-side validation
  • Security: Industry-standard practices

API Protection

  • Middleware: Clerk authentication middleware
  • Validation: Request-level authentication checks
  • Errors: Standardized error responses
  • Logging: Comprehensive authentication logging

Support

Authentication Issues

  1. Verify Clerk configuration in dashboard
  2. Check environment variables are properly set
  3. Review GitHub OAuth setup in Clerk
  4. Test authentication flow in development

Deployment Problems

  1. Ensure all environment variables are configured
  2. Verify build process completes successfully
  3. Check authentication endpoints respond correctly
  4. Monitor application logs for errors

Installation

git clone https://github.com/yourusername/bebop.git
cd bebop
npm install

Environment Setup:

cp .env.example .env
# Configure Clerk authentication keys
# Add MongoDB connection string
npm run dev
Assets 2
Loading