Form Fuse
FF

Author

Form Fuse

AI-Powered

Form Fuse Changelog

All notable changes to Form Fuse are documented here.

Questions or feedback? [email protected]

03/21/26

New

AppSumo Early Customer Plan — Policy Coverage

  • Added Section 3 (AppSumo Early Customer Plan) to Refund Policy: $59 one-time for 3 years of Pro access, 14-day refund window via AppSumo, no partial refunds, post-term revert to Free
  • Added Section 5.5 (AppSumo Early Customer Plan) to Terms of Service: eligibility, included features, 3-year term, renewal at current market price, non-transferability, AppSumo as Merchant of Record
  • Renumbered subsequent Refund Policy sections (3–11 → 4–12) to accommodate new AppSumo section
New

Refund Policy Page

  • Added /refund page with full refund policy (12 sections)
  • Linked from footer alongside Privacy and Terms
New

User Registration

  • Added /register page with email, password, and name fields
  • Added POST /api/auth/register route proxying to SSO gateway
Improved

Policy Page UI

  • Fixed back-to-home button alignment on Refund, Privacy, and Terms pages — icon and label now on the same row
  • Hover colour on back-to-home button now matches footer link style (hover:text-primary)

03/19/26

Improved

Marketing Copy — Form Backend Positioning

  • Reframed Form Fuse as a form backend service (like usebasin.com) rather than a spam filter
  • Updated landing page hero: "Handle Form Submissions Without a Backend"
  • Rewrote How It Works steps to focus on the form endpoint → store → notify flow
  • Updated Features section: Drop-in Form Endpoint, Submissions Dashboard, Instant Notifications, Built-in Spam Protection
  • Updated metadata title, description, and JSON-LD structured data to reflect form backend positioning
  • Updated FAQ to cover "How do I connect my form?" and "Does it work with static sites?"
  • Updated Terms of Service section 2 (Description of Service) and section 8 (Spam Filtering Accuracy)
  • Updated Privacy Policy section 2.2 and section 3 to use form backend language

03/19/26

Improved

App Structure — Route Groups

  • Reorganised all pages into Next.js route groups: (public) for unauthenticated pages and (protected) for dashboard pages
  • Deleted legacy flat-layout pages under src/app/ (dashboard/*, login, page, privacy, terms, f/[id], changelog)
  • Replaced yarn.lock with npm — package manager now consistent with the rest of the monorepo
New

Authentication & Middleware

  • Root-level middleware.ts protecting all routes by default with PUBLIC_PATHS allowlist
  • Unauthenticated requests redirected to /login; expired tokens transparently refreshed before the page loads
  • POST /api/auth/login — proxies credentials to SSO gateway and sets HttpOnly cookies
  • GET /api/auth/session — reads auth_meta cookie and returns session state
  • POST /api/auth/logout — clears access_token, refresh_token, and auth_meta cookies
  • GET /api/auth/refresh — rotates all cookies and redirects to original URL or /login
  • GET/POST/... /api/proxy/[...path] — catch-all proxy forwarding to gateway with Bearer token injection
  • useAuthStore (Zustand) with login(), logout(), checkSession(), and clearError()
New

Type System

  • Ambient Auth namespace in types/auth.d.ts — globally available with no imports required
  • NodeJS.ProcessEnv augmentation in types/env.d.ts for typed environment variables
  • .env.development (GATEWAY_URL=http://localhost:5214) and .env.production added
New

SEO & Public Assets

  • src/app/robots.ts — robots.txt generated at build time
  • src/app/sitemap.ts — sitemap.xml generated at build time
  • public/og.png — Open Graph image for social sharing
  • public/llms.txt — LLM-friendly site description
New

Backend — Spam Detection

  • ISpamDetectionService interface and SpamDetectionService implementation
  • SpamDetectionResult model carrying score, label, and per-signal breakdown
  • Integrated into FormService submission pipeline to gate and flag spammy submissions

03/18/26

Improved

TypeScript Path Aliases

  • Added @store alias mapping to src/stores/ for cleaner store imports
  • Added @lib alias mapping to src/lib/ for utility imports
  • Added @hooks alias mapping to src/hooks/ for hook imports
  • Updated all existing imports across src/ to use the new aliases

03/18/26

New

Authentication

  • SSO login via gateway — credentials validated against the OAuthServer using password grant
  • Three HttpOnly cookies set on login: access_token, refresh_token, and auth_meta
  • Access token cookie expiry matched to the SSO expires_in value
  • Refresh token cookie with a fixed 30-day window
  • auth_meta cookie storing token expiry timestamp, token type, and expires_in for client-side session awareness
  • POST /api/auth/login — Next.js route that proxies credentials to the SSO gateway
  • GET /api/auth/session — reads auth_meta cookie server-side and returns session state
  • POST /api/auth/logout — clears all three auth cookies
  • GET /api/auth/refresh — exchanges refresh token for new tokens and rotates all cookies, redirects to original URL on success or /login on failure
New

Middleware & Route Protection

  • Root-level Next.js middleware protecting /dashboard and all sub-routes
  • Unauthenticated requests redirected to /login
  • Expired access tokens transparently refreshed via /api/auth/refresh before the page loads
  • Corrupt or missing auth_meta cookie treated as unauthenticated
  • Open redirect guard on the refresh redirect parameter
New

API Proxy

  • GET /api/proxy/[...path] — catch-all proxy forwarding requests to the gateway with Bearer token injected from the access_token cookie
  • All HTTP methods supported (GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS)
  • Query strings, request body, and safe headers forwarded as-is
  • Hop-by-hop headers stripped in both directions
  • Returns 401 immediately if access_token cookie is absent
New

Auth Store (Zustand)

  • useAuthStore with isAuthenticated, meta, isLoading, and error state
  • login() calls /api/auth/login then hydrates meta from /api/auth/session
  • logout() calls /api/auth/logout and resets all store state
  • checkSession() rehydrates store from cookie on page load or refresh
  • clearError() utility for resetting error state before a new attempt
New

Type System

  • Ambient Auth namespace in types/auth.d.ts — globally available with no imports required
  • Covers all SSO, cookie, API request/response, and store shapes
  • process.env typed via NodeJS.ProcessEnv augmentation in types/env.d.ts
  • nebula-ui TextBox validation props (required, email, url, minLength, maxLength, minValue, maxValue) typed to accept string messages alongside booleans
New

Login Page

  • Login page wired to useAuthStore — no inline fetch logic
  • Uses nebula-ui Form component with field-level validation (required, email) handled automatically
  • Inline server error displayed below fields on failed login
  • Button disabled and shows "Signing in…" during in-flight request
  • Redirects to /dashboard on success
New

Environment Configuration

  • .env.development with GATEWAY_URL=http://localhost:5214
  • .env.production with GATEWAY_URL=https://gateway.skybin.io
  • Environment-specific files loaded automatically by Next.js — no code changes needed between environments