The Cognitive Distortion Journal (CDJ) is a smart journaling tool that helps remedy distorted thinking. It can feel impossible to follow the CBT technique of labeling distorted thinking and finding alternative modes of thought (i.e. reframing) while cognitive distortions are occurring. The CDJ does that work for you. -- The CDJ is in beta testing!!
This pull request encompasses a series of updates aimed at enhancing the security of our application and streamlining user experience by adjusting how API keys are managed and how default configurations are set upon registration.
Detailed Updates
Remove API Key from Application
Removed the API key from backend configurations associated with account settings.
Eliminated the API key usage from the Config model and its schema validation.
Removed API key encrypt/decrypt methods from Config.
Adjusted components that previously required API Keys to now utilize environment variables for developer API keys.
Updated the user interface to remove API key text fields from the Config tab in Account settings.
Enhanced the GPT model selection interface to aid users less familiar with the available options.
Remove Other Instances Where apiKey of the Config Model Was Utilized
Cleared apiKey from test data and from the updateAccount controller.
Removed apiKey validations on the User model schema for the account.
Renamed apiKey related fields in the frontend Config component to prevent confusion.
Resolved server error issues where errors occurred due to attempts to retrieve a model configuration that doesn't exist.
Add Default Config on Registration
Implemented a feature that sets a default GPT model configuration when a user registers or is approved for beta access.
This update allows users to immediately use the journal with a pre-configured setup, omitting the necessity for manual configuration.
Change Recommend to Default
Altered the Config naming from "recommend" to "default" to reflect that all journals are now initialized with a default configuration.
This change clarifies that "default" is not a suggestion but the initial setup for journal creation.
Protect Against Backdoor Attack
Instituted safeguards against unauthorized account creation for beta access via password recovery methods.
If suspicious activity is detected, an automated email alerts the admin with options to deny or approve the user beta access.
Updated access events to return HTTP status code 403 when pre-approved beta access events are triggered without proper authorization.
Conclusion
These updates are part of our ongoing commitment to security and user experience. By removing direct API key dependencies and enhancing default configurations, we not only bolster our security posture but also ensure a smoother, more intuitive process for our users.
Please make sure that each change is thoroughly reviewed and tested to maintain the integrity and security of the application.
Changes Overview
This pull request encompasses a series of updates aimed at enhancing the security of our application and streamlining user experience by adjusting how API keys are managed and how default configurations are set upon registration.
Detailed Updates
Remove API Key from Application
Configmodel and its schema validation.Config.Configtab in Account settings.Remove Other Instances Where
apiKeyof the Config Model Was UtilizedapiKeyfrom test data and from theupdateAccountcontroller.apiKeyvalidations on theUsermodel schema for the account.apiKeyrelated fields in the frontendConfigcomponent to prevent confusion.Add Default Config on Registration
Change Recommend to Default
Confignaming from "recommend" to "default" to reflect that all journals are now initialized with a default configuration.Protect Against Backdoor Attack
Conclusion
These updates are part of our ongoing commitment to security and user experience. By removing direct API key dependencies and enhancing default configurations, we not only bolster our security posture but also ensure a smoother, more intuitive process for our users.
Please make sure that each change is thoroughly reviewed and tested to maintain the integrity and security of the application.