Version 1.0.0.29 Launched
31st July 2025
Major Features
Dual-Mode Password Reset System
TOTP Authentication: Secure password reset using Time-based One-Time Passwords
Email Verification: Alternative password reset via secure email links
Method Selection UI: Users can choose between TOTP or email verification
Fallback Support: TOTP always available, email requires SMTP configuration
Complete SMTP Integration
Profile-Based Configuration: SMTP settings accessible via
/auth/change
profile pageSecure Credential Storage: Passwords encrypted using Fernet encryption in database
Gmail Support: Both personal Gmail and Gmail Workspace configurations
Real-time Testing: Built-in test email and debug functionality
Visual Configuration: Comprehensive setup guides and troubleshooting tips
Enhanced Profile Management
Tabbed Interface: Organized profile settings into Account & Password, SMTP Config, and TOTP tabs
Tab Persistence: Maintains active tab after form submissions and page reloads
TOTP Integration: QR code and secret key management directly in profile
Visual Password Requirements: Real-time password strength indicator with progress bar
User Interface Improvements
Modern Password Requirements Display
Badge-Style Layout: Compact rounded badges replacing vertical list
Real-time Feedback: Icons change from ✗ to ✓ as requirements are met
Progress Bar: Visual strength meter (None → Weak → Fair → Good → Strong)
Color-coded States: Dynamic colors based on password strength
Responsive Grid: 2-column layout adapting to screen size
Enhanced Email Templates
Professional Design: Clean, modern HTML email templates
Gmail Compatibility: Fixed button text color issues in Gmail
Security Styling: Clear security notices and warnings
Mobile Responsive: Templates work across all email clients
Security Enhancements
Advanced Password Security
Strengthened Requirements: 8+ chars, uppercase, lowercase, numbers, special characters
Real-time Validation: Instant feedback as users type passwords
Secure Token Generation: 32-byte cryptographically secure tokens
Session-based Validation: Server-side token management
Rate Limiting Improvements
Separate Login Limits: 5/minute, 25/hour for login attempts
Password Reset Limits: 15/hour for reset requests
Configurable Rates: Environment-based rate limit configuration
Anti-enumeration: Consistent responses preventing user enumeration
SMTP Security
Encrypted Storage: Password encryption using Fernet symmetric encryption
App Password Support: Full support for Gmail App Passwords
Connection Security: Proper SSL/TLS and STARTTLS handling
Debug Logging: Secure diagnostic information without credential exposure
📡 Broker Enhancements & WebSocket Fixes
Common WebSocket Proxy (All Brokers)
WebSocket Stability: WebSocket made robust across Windows, macOS, and Linux
Thread Cleanup: Fixed heartbeat thread timeouts and non-terminating threads
Graceful Shutdown: WebSocket proxy now shuts down cleanly across all platforms
Flattrade
Subscription Handling: Fixed rapid unsubscribe/subscribe edge cases
Order Accuracy: Equity orders now use average price (
avgprc
) for precisionCache & Snapshot Cleanup: Ensures all maps, snapshots, and subscriptions are cleared
Zerodha
UI Data Streaming Fix: Resolved issue where UI wasn’t reflecting WebSocket data
Subscription Timeout Fix: Large symbol list subscriptions no longer timeout
Firstock
WebSocket Integration: Native Firstock WebSocket support fully integrated
Index Symbol Handling: Common index symbols mapped and standardized
LTP Update Fixes: Resolved inconsistencies in LTP data stream
Historical Data Fix: Fixed historical candle fetch via REST
🛠️ Technical Improvements
Database Enhancements
New SMTP Schema: Added 7 new columns for SMTP configuration
Migration Support: Cross-platform Python migration scripts
Multi-database Support: SQLite, PostgreSQL, MySQL compatibility
Data Validation: Input sanitization and format validation
Authentication Flow Updates
Streamlined Setup: Account creation redirects directly to login
Improved Messaging: Clear SMTP configuration prompts
Session Management: Enhanced session security and regeneration
Error Handling: Comprehensive error messages and user guidance
API & Backend
New Endpoints:
/auth/test-smtp
,/auth/debug-smtp
,/auth/smtp-config
Enhanced Routing: Password reset email link handling
Logging Integration: Comprehensive audit logging for security events
Error Recovery: Graceful handling of SMTP and authentication failures
Documentation
New Documentation Files
PASSWORD_RESET.md: Complete password reset system documentation
SMTP_SETUP.md: Gmail configuration and troubleshooting guide
Migration guides: Step-by-step upgrade procedures
Enhanced Existing Docs
Updated API documentation with new endpoints
Added security best practices
Included troubleshooting guides
Cross-platform installation instructions
Configuration Changes
New Environment Variables
# Rate Limiting Configuration
LOGIN_RATE_LIMIT_MIN=5 per minute
LOGIN_RATE_LIMIT_HOUR=25 per hour
RESET_RATE_LIMIT=15 per hour
# Environment Version
ENV_CONFIG_VERSION=1.0.3
Database Schema Updates
Added
smtp_server
,smtp_port
,smtp_username
columnsAdded
smtp_password_encrypted
,smtp_use_tls
columnsAdded
smtp_from_email
,smtp_helo_hostname
columns
Breaking Changes
Account Setup Flow: QR code no longer displayed after account creation
Profile Structure: Profile page reorganized into tabbed interface
Password Requirements: Updated visual layout (functionality unchanged)
Environment Config: New variables required in
.env
file
Dependencies
No new external dependencies: All features use existing Python libraries
Enhanced existing usage: Improved cryptography, email, and session handling
Cross-platform compatibility: Removed Windows-incompatible shell scripts
Upgrade Instructions
See UPGRADE for detailed upgrade procedures from previous versions.
Migration Notes
Database migration required for SMTP functionality
Environment file updates needed for rate limiting
Profile page changes may affect custom styling
Password reset flow completely redesigned
Support
Documentation: Check
/docs
folder for detailed guidesIssues: Report bugs on GitHub Issues
SMTP Problems: Use built-in debug functionality
Migration Help: See upgrade documentation
Last updated