chore(release): publish new version

- @standardnotes/analytics@2.19.2
 - @standardnotes/api-gateway@1.45.2
 - @standardnotes/auth-server@1.81.9
 - @standardnotes/domain-events-infra@1.9.60
 - @standardnotes/domain-events@2.105.2
 - @standardnotes/event-store@1.6.57
 - @standardnotes/files-server@1.9.5
 - @standardnotes/revisions-server@1.10.4
 - @standardnotes/scheduler-server@1.16.6
 - @standardnotes/security@1.7.3
 - @standardnotes/syncing-server@1.28.6
 - @standardnotes/websockets-server@1.5.4
 - @standardnotes/workspace-server@1.19.5

.pnp.cjs

@@ -2690,7 +2690,7 @@ const RAW_RUNTIME_STATE =
           ["@types/express", "npm:4.17.14"],\
           ["@types/ioredis", "npm:5.0.0"],\
           ["@types/jest", "npm:29.1.1"],\
-          ["@types/jsonwebtoken", "npm:8.5.9"],\
+          ["@types/jsonwebtoken", "npm:9.0.1"],\
           ["@types/newrelic", "npm:7.0.4"],\
           ["@types/prettyjson", "npm:0.0.30"],\
           ["@typescript-eslint/eslint-plugin", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:5.40.1"],\
@@ -2701,12 +2701,13 @@ const RAW_RUNTIME_STATE =
           ["eslint", "npm:8.25.0"],\
           ["eslint-plugin-prettier", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.2.1"],\
           ["express", "npm:4.18.2"],\
+          ["express-robots-txt", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0"],\
           ["helmet", "npm:6.0.0"],\
           ["inversify", "npm:6.0.1"],\
           ["inversify-express-utils", "npm:6.4.3"],\
           ["ioredis", "npm:5.2.4"],\
           ["jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.1.2"],\
-          ["jsonwebtoken", "npm:8.5.1"],\
+          ["jsonwebtoken", "npm:9.0.0"],\
           ["newrelic", "npm:9.6.0"],\
           ["nodemon", "npm:2.0.20"],\
           ["npm-check-updates", "npm:16.0.1"],\
@@ -2977,7 +2978,7 @@ const RAW_RUNTIME_STATE =
           ["@types/express", "npm:4.17.14"],\
           ["@types/ioredis", "npm:5.0.0"],\
           ["@types/jest", "npm:29.1.1"],\
-          ["@types/jsonwebtoken", "npm:8.5.9"],\
+          ["@types/jsonwebtoken", "npm:9.0.1"],\
           ["@types/newrelic", "npm:7.0.4"],\
           ["@types/prettyjson", "npm:0.0.30"],\
           ["@types/uuid", "npm:8.3.4"],\
@@ -2990,13 +2991,14 @@ const RAW_RUNTIME_STATE =
           ["eslint", "npm:8.25.0"],\
           ["eslint-plugin-prettier", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.2.1"],\
           ["express", "npm:4.18.2"],\
+          ["express-robots-txt", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0"],\
           ["express-winston", "virtual:b442cf0427cc365d1c137f7340f9b81f9b204561afe791a8564ae9590c3a7fc4b5f793aaf8817b946f75a3cb64d03ef8790eb847f8b576b41e700da7b00c240c#npm:4.2.0"],\
           ["helmet", "npm:6.0.0"],\
           ["inversify", "npm:6.0.1"],\
           ["inversify-express-utils", "npm:6.4.3"],\
           ["ioredis", "npm:5.2.4"],\
           ["jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.1.2"],\
-          ["jsonwebtoken", "npm:8.5.1"],\
+          ["jsonwebtoken", "npm:9.0.0"],\
           ["newrelic", "npm:9.6.0"],\
           ["nodemon", "npm:2.0.20"],\
           ["npm-check-updates", "npm:16.0.1"],\
@@ -3182,11 +3184,11 @@ const RAW_RUNTIME_STATE =
           ["@standardnotes/security", "workspace:packages/security"],\
           ["@standardnotes/common", "workspace:packages/common"],\
           ["@types/jest", "npm:29.1.1"],\
-          ["@types/jsonwebtoken", "npm:8.5.9"],\
+          ["@types/jsonwebtoken", "npm:9.0.1"],\
           ["@typescript-eslint/eslint-plugin", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:5.30.5"],\
           ["eslint-plugin-prettier", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:4.2.1"],\
           ["jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.1.2"],\
-          ["jsonwebtoken", "npm:8.5.1"],\
+          ["jsonwebtoken", "npm:9.0.0"],\
           ["reflect-metadata", "npm:0.1.13"],\
           ["ts-jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.0.3"],\
           ["typescript", "patch:typescript@npm%3A4.8.4#optional!builtin<compat/typescript>::version=4.8.4&hash=701156"]\
@@ -3287,7 +3289,7 @@ const RAW_RUNTIME_STATE =
           ["@types/inversify-express-utils", "npm:2.0.0"],\
           ["@types/ioredis", "npm:5.0.0"],\
           ["@types/jest", "npm:29.1.1"],\
-          ["@types/jsonwebtoken", "npm:8.5.9"],\
+          ["@types/jsonwebtoken", "npm:9.0.1"],\
           ["@types/newrelic", "npm:7.0.4"],\
           ["@types/prettyjson", "npm:0.0.30"],\
           ["@types/ua-parser-js", "npm:0.7.36"],\
@@ -3305,7 +3307,7 @@ const RAW_RUNTIME_STATE =
           ["inversify-express-utils", "npm:6.4.3"],\
           ["ioredis", "npm:5.2.4"],\
           ["jest", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:29.1.2"],\
-          ["jsonwebtoken", "npm:8.5.1"],\
+          ["jsonwebtoken", "npm:9.0.0"],\
           ["mysql2", "npm:2.3.3"],\
           ["newrelic", "npm:9.6.0"],\
           ["nodemon", "npm:2.0.20"],\
@@ -3754,10 +3756,10 @@ const RAW_RUNTIME_STATE =
       }]\
     ]],\
     ["@types/jsonwebtoken", [\
-      ["npm:8.5.9", {\
-        "packageLocation": "./.yarn/cache/@types-jsonwebtoken-npm-8.5.9-79c2843a81-3f15a76cd5.zip/node_modules/@types/jsonwebtoken/",\
+      ["npm:9.0.1", {\
+        "packageLocation": "./.yarn/cache/@types-jsonwebtoken-npm-9.0.1-5f660fdf38-44d3fccc6b.zip/node_modules/@types/jsonwebtoken/",\
         "packageDependencies": [\
-          ["@types/jsonwebtoken", "npm:8.5.9"],\
+          ["@types/jsonwebtoken", "npm:9.0.1"],\
           ["@types/node", "npm:18.0.3"]\
         ],\
         "linkType": "HARD"\
@@ -7316,6 +7318,28 @@ const RAW_RUNTIME_STATE =
         "linkType": "HARD"\
       }]\
     ]],\
+    ["express-robots-txt", [\
+      ["npm:1.0.0", {\
+        "packageLocation": "./.yarn/cache/express-robots-txt-npm-1.0.0-dcc8bd8f0a-54f066f6c3.zip/node_modules/express-robots-txt/",\
+        "packageDependencies": [\
+          ["express-robots-txt", "npm:1.0.0"]\
+        ],\
+        "linkType": "SOFT"\
+      }],\
+      ["virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0", {\
+        "packageLocation": "./.yarn/__virtual__/express-robots-txt-virtual-0a3eb9f2f5/0/cache/express-robots-txt-npm-1.0.0-dcc8bd8f0a-54f066f6c3.zip/node_modules/express-robots-txt/",\
+        "packageDependencies": [\
+          ["express-robots-txt", "virtual:04783e12400851b8a3d76e71495851cc94959db6e62f04cb0a31190080629440b182d8c8eb4d7f2b04e281912f2783a5fd4d2c3c6ab68d38b7097246c93f4c19#npm:1.0.0"],\
+          ["@types/express", "npm:4.17.14"],\
+          ["express", "npm:4.18.2"]\
+        ],\
+        "packagePeers": [\
+          "@types/express",\
+          "express"\
+        ],\
+        "linkType": "HARD"\
+      }]\
+    ]],\
     ["express-winston", [\
       ["npm:4.2.0", {\
         "packageLocation": "./.yarn/cache/express-winston-npm-4.2.0-e4cfb26486-2d4b37671d.zip/node_modules/express-winston/",\
@@ -9783,6 +9807,17 @@ const RAW_RUNTIME_STATE =
           ["semver", "npm:5.7.1"]\
         ],\
         "linkType": "HARD"\
+      }],\
+      ["npm:9.0.0", {\
+        "packageLocation": "./.yarn/cache/jsonwebtoken-npm-9.0.0-36fd1594c0-7ccbd0b7bf.zip/node_modules/jsonwebtoken/",\
+        "packageDependencies": [\
+          ["jsonwebtoken", "npm:9.0.0"],\
+          ["jws", "npm:3.2.2"],\
+          ["lodash", "npm:4.17.21"],\
+          ["ms", "npm:2.1.3"],\
+          ["semver", "npm:7.3.8"]\
+        ],\
+        "linkType": "HARD"\
       }]\
     ]],\
     ["jsrsasign", [\
@@ -12497,6 +12532,14 @@ const RAW_RUNTIME_STATE =
           ["lru-cache", "npm:6.0.0"]\
         ],\
         "linkType": "HARD"\
+      }],\
+      ["npm:7.3.8", {\
+        "packageLocation": "./.yarn/cache/semver-npm-7.3.8-25a996cb4f-94ad80ee14.zip/node_modules/semver/",\
+        "packageDependencies": [\
+          ["semver", "npm:7.3.8"],\
+          ["lru-cache", "npm:6.0.0"]\
+        ],\
+        "linkType": "HARD"\
       }]\
     ]],\
     ["semver-diff", [\

packages/analytics/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [2.19.2](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.19.1...@standardnotes/analytics@2.19.2) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
 ## [2.19.1](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.19.0...@standardnotes/analytics@2.19.1) (2022-12-30)
 
 ### Bug Fixes

packages/analytics/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/analytics",
-  "version": "2.19.1",
+  "version": "2.19.2",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/api-gateway/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.45.2](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.45.1...@standardnotes/api-gateway@1.45.2) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.45.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.45.0...@standardnotes/api-gateway@1.45.1) (2023-01-13)
+
+### Bug Fixes
+
+* add robots.txt setup for api-gateway and files server to disallow indexing ([bb82043](https://github.com/standardnotes/api-gateway/commit/bb820437af2b9644d7597de045b5840037b81db3))
+
 # [1.45.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.44.0...@standardnotes/api-gateway@1.45.0) (2023-01-05)
 
 ### Features

packages/api-gateway/bin/server.ts

@@ -31,6 +31,8 @@ import helmet from 'helmet'
 import * as cors from 'cors'
 import { text, json, Request, Response, NextFunction, RequestHandler, ErrorRequestHandler } from 'express'
 import * as winston from 'winston'
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const robots = require('express-robots-txt')
 
 import { InversifyExpressServer } from 'inversify-express-utils'
 import { ContainerConfigLoader } from '../src/Bootstrap/Container'
@@ -78,6 +80,12 @@ void container.load().then((container) => {
       }),
     )
     app.use(cors())
+    app.use(
+      robots({
+        UserAgent: '*',
+        Disallow: '/',
+      }),
+    )
 
     if (env.get('SENTRY_DSN', true)) {
       Sentry.init({

packages/api-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/api-gateway",
-  "version": "1.45.0",
+  "version": "1.45.2",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -32,11 +32,12 @@
     "cors": "2.8.5",
     "dotenv": "^16.0.1",
     "express": "^4.18.2",
+    "express-robots-txt": "^1.0.0",
     "helmet": "^6.0.0",
     "inversify": "^6.0.1",
     "inversify-express-utils": "^6.4.3",
     "ioredis": "^5.2.4",
-    "jsonwebtoken": "8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "newrelic": "^9.6.0",
     "prettyjson": "^1.2.5",
     "reflect-metadata": "0.1.13",
@@ -47,7 +48,7 @@
     "@types/express": "^4.17.14",
     "@types/ioredis": "^5.0.0",
     "@types/jest": "^29.1.1",
-    "@types/jsonwebtoken": "^8.5.0",
+    "@types/jsonwebtoken": "^9.0.1",
     "@types/newrelic": "^7.0.4",
     "@types/prettyjson": "^0.0.30",
     "@typescript-eslint/eslint-plugin": "^5.29.0",

packages/auth/.env.sample

@@ -67,3 +67,7 @@ VALET_TOKEN_SECRET=
 VALET_TOKEN_TTL=
 
 WEB_SOCKET_CONNECTION_TOKEN_SECRET=
+
+# (Optional) U2F Setup
+U2F_RELYING_PARTY_ID=
+U2F_RELYING_PARTY_NAME=

packages/auth/CHANGELOG.md

@@ -3,6 +3,40 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.81.9](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.8...@standardnotes/auth-server@1.81.9) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.81.8](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.7...@standardnotes/auth-server@1.81.8) (2023-01-11)
+
+### Bug Fixes
+
+* **auth:** add relying party configuration options ([d18f6cc](https://github.com/standardnotes/server/commit/d18f6ccd32fa97c927781c17659cf7a8e662ee07))
+
+## [1.81.7](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.6...@standardnotes/auth-server@1.81.7) (2023-01-09)
+
+### Bug Fixes
+
+* **auth:** failure messages for debug logs upon signing in with recovery codes ([7ae8845](https://github.com/standardnotes/server/commit/7ae8845ae9ff9c208d192aea48e5517a16c8338f))
+
+## [1.81.6](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.5...@standardnotes/auth-server@1.81.6) (2023-01-09)
+
+### Bug Fixes
+
+* **auth:** request parameters names ([dda8d79](https://github.com/standardnotes/server/commit/dda8d795262d6629493377ae5a6143263a792378))
+
+## [1.81.5](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.4...@standardnotes/auth-server@1.81.5) (2023-01-09)
+
+### Bug Fixes
+
+* **auth:** debuggin recovery sign in ([96669bf](https://github.com/standardnotes/server/commit/96669bff5bc0903f28c51628e9289626622e674c))
+
+## [1.81.4](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.3...@standardnotes/auth-server@1.81.4) (2023-01-09)
+
+### Bug Fixes
+
+* **auth:** error messages on account recovery ([1fc3c9b](https://github.com/standardnotes/server/commit/1fc3c9b83ee2239b618dfb609b1dc2d68d063331))
+
 ## [1.81.3](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.81.2...@standardnotes/auth-server@1.81.3) (2023-01-09)
 
 ### Bug Fixes

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/auth-server",
-  "version": "1.81.3",
+  "version": "1.81.9",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/auth/src/Bootstrap/Container.ts

@@ -463,7 +463,12 @@ export class ContainerConfigLoader {
     container
       .bind(TYPES.SESSION_TRACE_DAYS_TTL)
       .toConstantValue(env.get('SESSION_TRACE_DAYS_TTL', true) ? +env.get('SESSION_TRACE_DAYS_TTL', true) : 90)
-
+    container
+      .bind(TYPES.U2F_RELYING_PARTY_NAME)
+      .toConstantValue(env.get('U2F_RELYING_PARTY_NAME', true) ?? 'Standard Notes')
+    container
+      .bind(TYPES.U2F_RELYING_PARTY_ID)
+      .toConstantValue(env.get('U2F_RELYING_PARTY_ID', true) ?? 'standardnotes.com')
     // Services
     container.bind<UAParser>(TYPES.DeviceDetector).toConstantValue(new UAParser())
     container.bind<SessionService>(TYPES.SessionService).to(SessionService)
@@ -567,6 +572,8 @@ export class ContainerConfigLoader {
         new GenerateAuthenticatorRegistrationOptions(
           container.get(TYPES.AuthenticatorRepository),
           container.get(TYPES.AuthenticatorChallengeRepository),
+          container.get(TYPES.U2F_RELYING_PARTY_NAME),
+          container.get(TYPES.U2F_RELYING_PARTY_ID),
         ),
       )
     container
@@ -575,6 +582,7 @@ export class ContainerConfigLoader {
         new VerifyAuthenticatorRegistrationResponse(
           container.get(TYPES.AuthenticatorRepository),
           container.get(TYPES.AuthenticatorChallengeRepository),
+          container.get(TYPES.U2F_RELYING_PARTY_ID),
         ),
       )
     container
@@ -591,6 +599,7 @@ export class ContainerConfigLoader {
         new VerifyAuthenticatorAuthenticationResponse(
           container.get(TYPES.AuthenticatorRepository),
           container.get(TYPES.AuthenticatorChallengeRepository),
+          container.get(TYPES.U2F_RELYING_PARTY_ID),
         ),
       )
     container

packages/auth/src/Bootstrap/Types.ts

@@ -94,6 +94,8 @@ const TYPES = {
   VERSION: Symbol.for('VERSION'),
   PAYMENTS_SERVER_URL: Symbol.for('PAYMENTS_SERVER_URL'),
   SESSION_TRACE_DAYS_TTL: Symbol.for('SESSION_TRACE_DAYS_TTL'),
+  U2F_RELYING_PARTY_ID: Symbol.for('U2F_RELYING_PARTY_ID'),
+  U2F_RELYING_PARTY_NAME: Symbol.for('U2F_RELYING_PARTY_NAME'),
   // use cases
   AuthenticateUser: Symbol.for('AuthenticateUser'),
   AuthenticateRequest: Symbol.for('AuthenticateRequest'),

packages/auth/src/Controller/AuthController.spec.ts

@@ -12,6 +12,7 @@ import { ApiVersion } from '@standardnotes/api'
 import { SignInWithRecoveryCodes } from '../Domain/UseCase/SignInWithRecoveryCodes/SignInWithRecoveryCodes'
 import { GetUserKeyParamsRecovery } from '../Domain/UseCase/GetUserKeyParamsRecovery/GetUserKeyParamsRecovery'
 import { GenerateRecoveryCodes } from '../Domain/UseCase/GenerateRecoveryCodes/GenerateRecoveryCodes'
+import { Logger } from 'winston'
 
 describe('AuthController', () => {
   let clearLoginAttempts: ClearLoginAttempts
@@ -23,6 +24,7 @@ describe('AuthController', () => {
   let doSignInWithRecoveryCodes: SignInWithRecoveryCodes
   let getUserKeyParamsRecovery: GetUserKeyParamsRecovery
   let doGenerateRecoveryCodes: GenerateRecoveryCodes
+  let logger: Logger
 
   const createController = () =>
     new AuthController(
@@ -33,6 +35,7 @@ describe('AuthController', () => {
       doSignInWithRecoveryCodes,
       getUserKeyParamsRecovery,
       doGenerateRecoveryCodes,
+      logger,
     )
 
   beforeEach(() => {
@@ -52,6 +55,9 @@ describe('AuthController', () => {
 
     domainEventFactory = {} as jest.Mocked<DomainEventFactoryInterface>
     domainEventFactory.createUserRegisteredEvent = jest.fn().mockReturnValue(event)
+
+    logger = {} as jest.Mocked<Logger>
+    logger.debug = jest.fn()
   })
 
   it('should register a user', async () => {

packages/auth/src/Controller/AuthController.ts

@@ -23,6 +23,7 @@ import { RecoveryKeyParamsResponse } from '../Infra/Http/Response/RecoveryKeyPar
 import { GenerateRecoveryCodes } from '../Domain/UseCase/GenerateRecoveryCodes/GenerateRecoveryCodes'
 import { GenerateRecoveryCodesRequestParams } from '../Infra/Http/Request/GenerateRecoveryCodesRequestParams'
 import { GenerateRecoveryCodesResponse } from '../Infra/Http/Response/GenerateRecoveryCodesResponse'
+import { Logger } from 'winston'
 
 @injectable()
 export class AuthController implements UserServerInterface {
@@ -34,6 +35,7 @@ export class AuthController implements UserServerInterface {
     @inject(TYPES.SignInWithRecoveryCodes) private doSignInWithRecoveryCodes: SignInWithRecoveryCodes,
     @inject(TYPES.GetUserKeyParamsRecovery) private getUserKeyParamsRecovery: GetUserKeyParamsRecovery,
     @inject(TYPES.GenerateRecoveryCodes) private doGenerateRecoveryCodes: GenerateRecoveryCodes,
+    @inject(TYPES.Logger) private logger: Logger,
   ) {}
 
   async deleteAccount(_params: never): Promise<UserDeletionResponse> {
@@ -138,6 +140,8 @@ export class AuthController implements UserServerInterface {
     })
 
     if (result.isFailed()) {
+      this.logger.debug(`Failed to sign in with recovery codes: ${result.getError()}`)
+
       return {
         status: HttpStatusCode.Unauthorized,
         data: {
@@ -173,6 +177,8 @@ export class AuthController implements UserServerInterface {
     })
 
     if (result.isFailed()) {
+      this.logger.debug(`Failed to get recovery key params: ${result.getError()}`)
+
       return {
         status: HttpStatusCode.Unauthorized,
         data: {

packages/auth/src/Domain/Authenticator/RelyingParty.ts

@@ -1,4 +0,0 @@
-export enum RelyingParty {
-  RP_NAME = 'Standard Notes',
-  RP_ID = 'standardnotes.com',
-}

packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts

@@ -11,7 +11,12 @@ describe('GenerateAuthenticatorRegistrationOptions', () => {
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
 
   const createUseCase = () =>
-    new GenerateAuthenticatorRegistrationOptions(authenticatorRepository, authenticatorChallengeRepository)
+    new GenerateAuthenticatorRegistrationOptions(
+      authenticatorRepository,
+      authenticatorChallengeRepository,
+      'Standard Notes',
+      'standardnotes.com',
+    )
 
   beforeEach(() => {
     const authenticator = Authenticator.create({

packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts

@@ -5,12 +5,13 @@ import { GenerateAuthenticatorRegistrationOptionsDTO } from './GenerateAuthentic
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge'
-import { RelyingParty } from '../../Authenticator/RelyingParty'
 
 export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterface<Record<string, unknown>> {
   constructor(
     private authenticatorRepository: AuthenticatorRepositoryInterface,
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
+    private relyingPartyName: string,
+    private relyingPartyId: string,
   ) {}
 
   async execute(dto: GenerateAuthenticatorRegistrationOptionsDTO): Promise<Result<Record<string, unknown>>> {
@@ -28,8 +29,8 @@ export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterfac
 
     const authenticators = await this.authenticatorRepository.findByUserUuid(userUuid)
     const options = generateRegistrationOptions({
-      rpID: RelyingParty.RP_ID,
-      rpName: RelyingParty.RP_NAME,
+      rpID: this.relyingPartyId,
+      rpName: this.relyingPartyName,
       userID: userUuid.value,
       userName: username.value,
       attestationType: 'none',

packages/auth/src/Domain/UseCase/SignInWithRecoveryCodes/SignInWithRecoveryCodes.spec.ts

@@ -81,7 +81,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Empty password')
   })
 
   it('should return error if username is not provided', async () => {
@@ -107,7 +107,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Invalid code verifier')
   })
 
   it('should return error if recovery codes are not provided', async () => {
@@ -120,7 +120,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid recovery codes')
+    expect(result.getError()).toBe('Empty recovery codes')
   })
 
   it('should return error if code verifier is invalid', async () => {
@@ -135,7 +135,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Invalid code verifier')
   })
 
   it('should return error if user is not found', async () => {
@@ -150,7 +150,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Could not find user')
   })
 
   it('should return error if recovery codes are invalid', async () => {
@@ -176,7 +176,7 @@ describe('SignInWithRecoveryCodes', () => {
     })
 
     expect(result.isFailed()).toBe(true)
-    expect(result.getError()).toBe('Invalid email or password')
+    expect(result.getError()).toBe('Invalid password')
   })
 
   it('should return error if recovery codes are not generated for user', async () => {

packages/auth/src/Domain/UseCase/SignInWithRecoveryCodes/SignInWithRecoveryCodes.ts

@@ -40,21 +40,21 @@ export class SignInWithRecoveryCodes implements UseCaseInterface<AuthResponse202
     if (!validCodeVerifier) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Invalid code verifier')
     }
 
     const passwordValidationResult = Validator.isNotEmpty(dto.password)
     if (passwordValidationResult.isFailed()) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Empty password')
     }
 
     const recoveryCodesValidationResult = Validator.isNotEmpty(dto.recoveryCodes)
     if (recoveryCodesValidationResult.isFailed()) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid recovery codes')
+      return Result.fail('Empty recovery codes')
     }
 
     const user = await this.userRepository.findOneByEmail(username.value)
@@ -62,14 +62,14 @@ export class SignInWithRecoveryCodes implements UseCaseInterface<AuthResponse202
     if (!user) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Could not find user')
     }
 
     const passwordMatches = await bcrypt.compare(dto.password, user.encryptedPassword)
     if (!passwordMatches) {
       await this.increaseLoginAttempts.execute({ email: username.value })
 
-      return Result.fail('Invalid email or password')
+      return Result.fail('Invalid password')
     }
 
     const recoveryCodesSetting = await this.settingService.findSettingWithDecryptedValue({

packages/auth/src/Domain/UseCase/VerifyAuthenticatorAuthenticationResponse/VerifyAuthenticatorAuthenticationResponse.spec.ts

@@ -13,7 +13,11 @@ describe('VerifyAuthenticatorAuthenticationResponse', () => {
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
 
   const createUseCase = () =>
-    new VerifyAuthenticatorAuthenticationResponse(authenticatorRepository, authenticatorChallengeRepository)
+    new VerifyAuthenticatorAuthenticationResponse(
+      authenticatorRepository,
+      authenticatorChallengeRepository,
+      'standardnotes.com',
+    )
 
   beforeEach(() => {
     const authenticator = Authenticator.create({

packages/auth/src/Domain/UseCase/VerifyAuthenticatorAuthenticationResponse/VerifyAuthenticatorAuthenticationResponse.ts

@@ -5,12 +5,12 @@ import { AuthenticatorDevice } from '@simplewebauthn/typescript-types'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { VerifyAuthenticatorAuthenticationResponseDTO } from './VerifyAuthenticatorAuthenticationResponseDTO'
-import { RelyingParty } from '../../Authenticator/RelyingParty'
 
 export class VerifyAuthenticatorAuthenticationResponse implements UseCaseInterface<boolean> {
   constructor(
     private authenticatorRepository: AuthenticatorRepositoryInterface,
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
+    private relyingPartyId: string,
   ) {}
 
   async execute(dto: VerifyAuthenticatorAuthenticationResponseDTO): Promise<Result<boolean>> {
@@ -40,8 +40,8 @@ export class VerifyAuthenticatorAuthenticationResponse implements UseCaseInterfa
       verification = await verifyAuthenticationResponse({
         credential: dto.authenticationCredential,
         expectedChallenge: authenticatorChallenge.props.challenge.toString(),
-        expectedOrigin: `https://${RelyingParty.RP_ID}`,
-        expectedRPID: RelyingParty.RP_ID,
+        expectedOrigin: `https://${this.relyingPartyId}`,
+        expectedRPID: this.relyingPartyId,
         authenticator: {
           counter: authenticator.props.counter,
           credentialID: authenticator.props.credentialId,

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts

@@ -13,7 +13,11 @@ describe('VerifyAuthenticatorRegistrationResponse', () => {
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
 
   const createUseCase = () =>
-    new VerifyAuthenticatorRegistrationResponse(authenticatorRepository, authenticatorChallengeRepository)
+    new VerifyAuthenticatorRegistrationResponse(
+      authenticatorRepository,
+      authenticatorChallengeRepository,
+      'standardnotes.com',
+    )
 
   beforeEach(() => {
     authenticatorRepository = {} as jest.Mocked<AuthenticatorRepositoryInterface>

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts

@@ -2,7 +2,6 @@ import { Dates, Result, UseCaseInterface, Uuid, Validator } from '@standardnotes
 import { VerifiedRegistrationResponse, verifyRegistrationResponse } from '@simplewebauthn/server'
 
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
-import { RelyingParty } from '../../Authenticator/RelyingParty'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { Authenticator } from '../../Authenticator/Authenticator'
 import { VerifyAuthenticatorRegistrationResponseDTO } from './VerifyAuthenticatorRegistrationResponseDTO'
@@ -11,6 +10,7 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
   constructor(
     private authenticatorRepository: AuthenticatorRepositoryInterface,
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
+    private relyingPartyId: string,
   ) {}
 
   async execute(dto: VerifyAuthenticatorRegistrationResponseDTO): Promise<Result<boolean>> {
@@ -35,8 +35,8 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
       verification = await verifyRegistrationResponse({
         credential: dto.registrationCredential,
         expectedChallenge: authenticatorChallenge.props.challenge.toString(),
-        expectedOrigin: `https://${RelyingParty.RP_ID}`,
-        expectedRPID: RelyingParty.RP_ID,
+        expectedOrigin: `https://${this.relyingPartyId}`,
+        expectedRPID: this.relyingPartyId,
       })
 
       if (!verification.verified) {

packages/auth/src/Infra/InversifyExpressUtils/InversifyExpressAuthController.ts

@@ -264,10 +264,10 @@ export class InversifyExpressAuthController extends BaseHttpController {
   @httpPost('/recovery/login', TYPES.LockMiddleware)
   async recoveryLogin(request: Request): Promise<results.JsonResult> {
     const result = await this.authController.signInWithRecoveryCodes({
-      apiVersion: request.body.api,
+      apiVersion: request.body.api_version,
       userAgent: <string>request.headers['user-agent'],
       codeVerifier: request.body.code_verifier,
-      username: request.body.email,
+      username: request.body.username,
       recoveryCodes: request.body.recovery_codes,
       password: request.body.password,
     })
@@ -278,8 +278,8 @@ export class InversifyExpressAuthController extends BaseHttpController {
   @httpPost('/recovery/params')
   async recoveryParams(request: Request): Promise<results.JsonResult> {
     const result = await this.authController.recoveryKeyParams({
-      apiVersion: request.body.api,
-      username: request.body.email,
+      apiVersion: request.body.api_version,
+      username: request.body.username,
       codeChallenge: request.body.code_challenge,
       recoveryCodes: request.body.recovery_codes,
     })

packages/domain-events-infra/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.9.60](https://github.com/standardnotes/server/compare/@standardnotes/domain-events-infra@1.9.59...@standardnotes/domain-events-infra@1.9.60) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/domain-events-infra
+
 ## [1.9.59](https://github.com/standardnotes/server/compare/@standardnotes/domain-events-infra@1.9.58...@standardnotes/domain-events-infra@1.9.59) (2022-12-20)
 
 **Note:** Version bump only for package @standardnotes/domain-events-infra

packages/domain-events-infra/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/domain-events-infra",
-  "version": "1.9.59",
+  "version": "1.9.60",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/domain-events/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [2.105.2](https://github.com/standardnotes/server/compare/@standardnotes/domain-events@2.105.1...@standardnotes/domain-events@2.105.2) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/domain-events
+
 ## [2.105.1](https://github.com/standardnotes/server/compare/@standardnotes/domain-events@2.105.0...@standardnotes/domain-events@2.105.1) (2022-12-20)
 
 ### Bug Fixes

packages/domain-events/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/domain-events",
-  "version": "2.105.1",
+  "version": "2.105.2",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/event-store/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.6.57](https://github.com/standardnotes/server/compare/@standardnotes/event-store@1.6.56...@standardnotes/event-store@1.6.57) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/event-store
+
 ## [1.6.56](https://github.com/standardnotes/server/compare/@standardnotes/event-store@1.6.55...@standardnotes/event-store@1.6.56) (2022-12-20)
 
 **Note:** Version bump only for package @standardnotes/event-store

packages/event-store/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/event-store",
-  "version": "1.6.56",
+  "version": "1.6.57",
   "description": "Event Store Service",
   "private": true,
   "main": "dist/src/index.js",

packages/files/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.9.5](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.9.4...@standardnotes/files-server@1.9.5) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/files-server
+
+## [1.9.4](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.9.3...@standardnotes/files-server@1.9.4) (2023-01-13)
+
+### Bug Fixes
+
+* add robots.txt setup for api-gateway and files server to disallow indexing ([bb82043](https://github.com/standardnotes/files/commit/bb820437af2b9644d7597de045b5840037b81db3))
+
 ## [1.9.3](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.9.2...@standardnotes/files-server@1.9.3) (2022-12-28)
 
 **Note:** Version bump only for package @standardnotes/files-server

packages/files/bin/server.ts

@@ -12,6 +12,8 @@ import helmet from 'helmet'
 import * as cors from 'cors'
 import { urlencoded, json, raw, Request, Response, NextFunction, RequestHandler, ErrorRequestHandler } from 'express'
 import * as winston from 'winston'
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const robots = require('express-robots-txt')
 
 import { InversifyExpressServer } from 'inversify-express-utils'
 import { ContainerConfigLoader } from '../src/Bootstrap/Container'
@@ -65,6 +67,12 @@ void container.load().then((container) => {
         exposedHeaders: ['Content-Range', 'Accept-Ranges'],
       }),
     )
+    app.use(
+      robots({
+        UserAgent: '*',
+        Disallow: '/',
+      }),
+    )
 
     if (env.get('SENTRY_DSN', true)) {
       Sentry.init({

packages/files/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/files-server",
-  "version": "1.9.3",
+  "version": "1.9.5",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -39,12 +39,13 @@
     "dayjs": "^1.11.6",
     "dotenv": "^16.0.1",
     "express": "^4.18.2",
+    "express-robots-txt": "^1.0.0",
     "express-winston": "^4.0.5",
     "helmet": "^6.0.0",
     "inversify": "^6.0.1",
     "inversify-express-utils": "^6.4.3",
     "ioredis": "^5.2.4",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "newrelic": "^9.6.0",
     "nodemon": "^2.0.19",
     "prettyjson": "^1.2.5",
@@ -59,7 +60,7 @@
     "@types/express": "^4.17.14",
     "@types/ioredis": "^5.0.0",
     "@types/jest": "^29.1.1",
-    "@types/jsonwebtoken": "^8.5.0",
+    "@types/jsonwebtoken": "^9.0.1",
     "@types/newrelic": "^7.0.4",
     "@types/prettyjson": "^0.0.30",
     "@types/uuid": "^8.3.0",

packages/revisions/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.10.4](https://github.com/standardnotes/server/compare/@standardnotes/revisions-server@1.10.3...@standardnotes/revisions-server@1.10.4) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/revisions-server
+
 ## [1.10.3](https://github.com/standardnotes/server/compare/@standardnotes/revisions-server@1.10.2...@standardnotes/revisions-server@1.10.3) (2022-12-28)
 
 **Note:** Version bump only for package @standardnotes/revisions-server

packages/revisions/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/revisions-server",
-  "version": "1.10.3",
+  "version": "1.10.4",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/scheduler/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.16.6](https://github.com/standardnotes/server/compare/@standardnotes/scheduler-server@1.16.5...@standardnotes/scheduler-server@1.16.6) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/scheduler-server
+
 ## [1.16.5](https://github.com/standardnotes/server/compare/@standardnotes/scheduler-server@1.16.4...@standardnotes/scheduler-server@1.16.5) (2023-01-06)
 
 ### Bug Fixes

packages/scheduler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/scheduler-server",
-  "version": "1.16.5",
+  "version": "1.16.6",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/security/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.7.3](https://github.com/standardnotes/server/compare/@standardnotes/security@1.7.2...@standardnotes/security@1.7.3) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/security
+
 ## [1.7.2](https://github.com/standardnotes/server/compare/@standardnotes/security@1.7.1...@standardnotes/security@1.7.2) (2022-11-25)
 
 **Note:** Version bump only for package @standardnotes/security

packages/security/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/security",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -26,12 +26,12 @@
   },
   "dependencies": {
     "@standardnotes/common": "workspace:*",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "reflect-metadata": "^0.1.13"
   },
   "devDependencies": {
     "@types/jest": "^29.1.1",
-    "@types/jsonwebtoken": "^8.5.8",
+    "@types/jsonwebtoken": "^9.0.1",
     "@typescript-eslint/eslint-plugin": "^5.30.0",
     "eslint-plugin-prettier": "^4.2.1",
     "jest": "^29.1.2",

packages/syncing-server/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.28.6](https://github.com/standardnotes/syncing-server-js/compare/@standardnotes/syncing-server@1.28.5...@standardnotes/syncing-server@1.28.6) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/syncing-server
+
 ## [1.28.5](https://github.com/standardnotes/syncing-server-js/compare/@standardnotes/syncing-server@1.28.4...@standardnotes/syncing-server@1.28.5) (2023-01-04)
 
 **Note:** Version bump only for package @standardnotes/syncing-server

packages/syncing-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/syncing-server",
-  "version": "1.28.5",
+  "version": "1.28.6",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -47,7 +47,7 @@
     "inversify": "^6.0.1",
     "inversify-express-utils": "^6.4.3",
     "ioredis": "^5.2.4",
-    "jsonwebtoken": "8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "mysql2": "^2.3.3",
     "newrelic": "^9.6.0",
     "nodemon": "^2.0.19",
@@ -65,7 +65,7 @@
     "@types/inversify-express-utils": "^2.0.0",
     "@types/ioredis": "^5.0.0",
     "@types/jest": "^29.1.1",
-    "@types/jsonwebtoken": "^8.5.0",
+    "@types/jsonwebtoken": "^9.0.1",
     "@types/newrelic": "^7.0.4",
     "@types/prettyjson": "^0.0.30",
     "@types/ua-parser-js": "^0.7.36",

packages/websockets/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.5.4](https://github.com/standardnotes/server/compare/@standardnotes/websockets-server@1.5.3...@standardnotes/websockets-server@1.5.4) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/websockets-server
+
 ## [1.5.3](https://github.com/standardnotes/server/compare/@standardnotes/websockets-server@1.5.2...@standardnotes/websockets-server@1.5.3) (2022-12-28)
 
 **Note:** Version bump only for package @standardnotes/websockets-server

packages/websockets/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/websockets-server",
-  "version": "1.5.3",
+  "version": "1.5.4",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/workspace/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.19.5](https://github.com/standardnotes/server/compare/@standardnotes/workspace-server@1.19.4...@standardnotes/workspace-server@1.19.5) (2023-01-13)
+
+**Note:** Version bump only for package @standardnotes/workspace-server
+
 ## [1.19.4](https://github.com/standardnotes/server/compare/@standardnotes/workspace-server@1.19.3...@standardnotes/workspace-server@1.19.4) (2022-12-28)
 
 **Note:** Version bump only for package @standardnotes/workspace-server

packages/workspace/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/workspace-server",
-  "version": "1.19.4",
+  "version": "1.19.5",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

yarn.lock

@@ -1918,7 +1918,7 @@ __metadata:
     "@types/express": "npm:^4.17.14"
     "@types/ioredis": "npm:^5.0.0"
     "@types/jest": "npm:^29.1.1"
-    "@types/jsonwebtoken": "npm:^8.5.0"
+    "@types/jsonwebtoken": "npm:^9.0.1"
     "@types/newrelic": "npm:^7.0.4"
     "@types/prettyjson": "npm:^0.0.30"
     "@typescript-eslint/eslint-plugin": "npm:^5.29.0"
@@ -1929,12 +1929,13 @@ __metadata:
     eslint: "npm:^8.14.0"
     eslint-plugin-prettier: "npm:^4.0.0"
     express: "npm:^4.18.2"
+    express-robots-txt: "npm:^1.0.0"
     helmet: "npm:^6.0.0"
     inversify: "npm:^6.0.1"
     inversify-express-utils: "npm:^6.4.3"
     ioredis: "npm:^5.2.4"
     jest: "npm:^29.1.2"
-    jsonwebtoken: "npm:8.5.1"
+    jsonwebtoken: "npm:^9.0.0"
     newrelic: "npm:^9.6.0"
     nodemon: "npm:^2.0.19"
     npm-check-updates: "npm:^16.0.1"
@@ -2203,7 +2204,7 @@ __metadata:
     "@types/express": "npm:^4.17.14"
     "@types/ioredis": "npm:^5.0.0"
     "@types/jest": "npm:^29.1.1"
-    "@types/jsonwebtoken": "npm:^8.5.0"
+    "@types/jsonwebtoken": "npm:^9.0.1"
     "@types/newrelic": "npm:^7.0.4"
     "@types/prettyjson": "npm:^0.0.30"
     "@types/uuid": "npm:^8.3.0"
@@ -2216,13 +2217,14 @@ __metadata:
     eslint: "npm:^8.14.0"
     eslint-plugin-prettier: "npm:^4.0.0"
     express: "npm:^4.18.2"
+    express-robots-txt: "npm:^1.0.0"
     express-winston: "npm:^4.0.5"
     helmet: "npm:^6.0.0"
     inversify: "npm:^6.0.1"
     inversify-express-utils: "npm:^6.4.3"
     ioredis: "npm:^5.2.4"
     jest: "npm:^29.1.2"
-    jsonwebtoken: "npm:^8.5.1"
+    jsonwebtoken: "npm:^9.0.0"
     newrelic: "npm:^9.6.0"
     nodemon: "npm:^2.0.19"
     npm-check-updates: "npm:^16.0.1"
@@ -2399,11 +2401,11 @@ __metadata:
   dependencies:
     "@standardnotes/common": "workspace:*"
     "@types/jest": "npm:^29.1.1"
-    "@types/jsonwebtoken": "npm:^8.5.8"
+    "@types/jsonwebtoken": "npm:^9.0.1"
     "@typescript-eslint/eslint-plugin": "npm:^5.30.0"
     eslint-plugin-prettier: "npm:^4.2.1"
     jest: "npm:^29.1.2"
-    jsonwebtoken: "npm:^8.5.1"
+    jsonwebtoken: "npm:^9.0.0"
     reflect-metadata: "npm:^0.1.13"
     ts-jest: "npm:^29.0.3"
     typescript: "npm:^4.8.4"
@@ -2495,7 +2497,7 @@ __metadata:
     "@types/inversify-express-utils": "npm:^2.0.0"
     "@types/ioredis": "npm:^5.0.0"
     "@types/jest": "npm:^29.1.1"
-    "@types/jsonwebtoken": "npm:^8.5.0"
+    "@types/jsonwebtoken": "npm:^9.0.1"
     "@types/newrelic": "npm:^7.0.4"
     "@types/prettyjson": "npm:^0.0.30"
     "@types/ua-parser-js": "npm:^0.7.36"
@@ -2513,7 +2515,7 @@ __metadata:
     inversify-express-utils: "npm:^6.4.3"
     ioredis: "npm:^5.2.4"
     jest: "npm:^29.1.2"
-    jsonwebtoken: "npm:8.5.1"
+    jsonwebtoken: "npm:^9.0.0"
     mysql2: "npm:^2.3.3"
     newrelic: "npm:^9.6.0"
     nodemon: "npm:^2.0.19"
@@ -2913,12 +2915,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/jsonwebtoken@npm:^8.5.0, @types/jsonwebtoken@npm:^8.5.8":
-  version: 8.5.9
-  resolution: "@types/jsonwebtoken@npm:8.5.9"
+"@types/jsonwebtoken@npm:^9.0.1":
+  version: 9.0.1
+  resolution: "@types/jsonwebtoken@npm:9.0.1"
   dependencies:
     "@types/node": "npm:*"
-  checksum: 3f15a76cd58fb56272cdcb1cf475e8f03b3127000ed9c49670b7be450a24460edeef6fa69837bb7feee554c1ead7d9ff4584eef0ea48d810282872dcfa03508e
+  checksum: 44d3fccc6b35826ad231012e5b25f82d9ec9c5790b2c41263bb5095673a8bd57ea19c1969ec3849d07c036bb95c992655b70265a2e456b83f6fa2cb137a7670e
   languageName: node
   linkType: hard
 
@@ -5580,6 +5582,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"express-robots-txt@npm:^1.0.0":
+  version: 1.0.0
+  resolution: "express-robots-txt@npm:1.0.0"
+  peerDependencies:
+    express: ^4.12.1
+  checksum: 54f066f6c305694ea2082d2b0a46bab8dcbf2b478780cf3f1bc404a5d8c83a4e2d6f06e15b42f0aec2c8866ffb97150487e0bb9abdd9604fa78ea68950946b43
+  languageName: node
+  linkType: hard
+
 "express-winston@npm:^4.0.5":
   version: 4.2.0
   resolution: "express-winston@npm:4.2.0"
@@ -7753,7 +7764,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"jsonwebtoken@npm:8.5.1, jsonwebtoken@npm:^8.5.1":
+"jsonwebtoken@npm:^8.5.1":
   version: 8.5.1
   resolution: "jsonwebtoken@npm:8.5.1"
   dependencies:
@@ -7771,6 +7782,18 @@ __metadata:
   languageName: node
   linkType: hard
 
+"jsonwebtoken@npm:^9.0.0":
+  version: 9.0.0
+  resolution: "jsonwebtoken@npm:9.0.0"
+  dependencies:
+    jws: "npm:^3.2.2"
+    lodash: "npm:^4.17.21"
+    ms: "npm:^2.1.1"
+    semver: "npm:^7.3.8"
+  checksum: 7ccbd0b7bf6a8058458d84cf7551a96a9ad7c31094b9a1b83d90728b8008e5e3c42c8acb324b08511affef5d088d49499fe08e23b3347010ed2c1a069622066c
+  languageName: node
+  linkType: hard
+
 "jsrsasign@npm:^10.4.0":
   version: 10.6.1
   resolution: "jsrsasign@npm:10.6.1"
@@ -10221,6 +10244,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"semver@npm:^7.3.8":
+  version: 7.3.8
+  resolution: "semver@npm:7.3.8"
+  dependencies:
+    lru-cache: "npm:^6.0.0"
+  bin:
+    semver: bin/semver.js
+  checksum: 94ad80ee14889020cb4a14d809fb99d16cbf4ff3dc7f4c564fc72efe2c5763a60090a1c16a9fd18ceeb1e993a1303a4d870c0a22f26adaf435b368b46a7d8462
+  languageName: node
+  linkType: hard
+
 "semver@npm:~7.0.0":
   version: 7.0.0
   resolution: "semver@npm:7.0.0"