kencove · dnplkndll · Feb 28, 2026
diff --git a/Dockerfile b/Dockerfile
@@ -99,4 +99,6 @@ ENV HOME=/home/docuseal
 ENV WORKDIR=/data/docuseal
 
 EXPOSE 3000
+HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
+  CMD wget -qO /dev/null http://localhost:3000/up || exit 1
 CMD ["/app/bin/bundle", "exec", "puma", "-C", "/app/config/puma.rb", "--dir", "/app"]
diff --git a/app/controllers/submitters_send_sms_controller.rb b/app/controllers/submitters_send_sms_controller.rb
@@ -4,6 +4,8 @@ class SubmittersSendSmsController < ApplicationController
   load_and_authorize_resource :submitter, id_param: :submitter_slug, find_by: :slug
 
   def create
+    RateLimit.call("sms_send:#{current_user.id}", limit: 10, ttl: 1.hour, enabled: true)
+
     if SubmissionEvent.exists?(submitter: @submitter,
                                event_type: 'send_sms',
                                created_at: 10.hours.ago..Time.current)
@@ -17,5 +19,8 @@ def create
     @submitter.save!
 
     redirect_back(fallback_location: submission_path(@submitter.submission), notice: I18n.t('sms_has_been_sent'))
+  rescue RateLimit::LimitApproached
+    redirect_back(fallback_location: submission_path(@submitter.submission),
+                  alert: I18n.t('too_many_requests_try_again_later'))
   end
 end
diff --git a/config/initializers/active_storage.rb b/config/initializers/active_storage.rb
@@ -75,7 +75,7 @@ def delete
   end
 
   LoadActiveStorageConfigs.call
-rescue StandardError => e
+rescue StandardError, LoadError => e
   Rails.logger.error(e) unless Rails.env.production?
 
   nil

diff --git a/lib/rate_limit.rb b/lib/rate_limit.rb
@@ -6,11 +6,18 @@ module RateLimit
   STORE = begin
     redis_url = ENV.fetch('REDIS_URL', nil)
     if redis_url.present?
-      ActiveSupport::Cache::RedisCacheStore.new(url: redis_url, namespace: 'rate_limit')
+      ActiveSupport::Cache::RedisCacheStore.new(
+        url: redis_url,
+        namespace: 'rate_limit',
+        connect_timeout: 2,
+        read_timeout: 1,
+        write_timeout: 1,
+        reconnect_attempts: 1
+      )
     else
       ActiveSupport::Cache::MemoryStore.new
     end
-  rescue StandardError
+  rescue StandardError, LoadError
     ActiveSupport::Cache::MemoryStore.new
   end
 

diff --git a/lib/users.rb b/lib/users.rb
@@ -31,6 +31,13 @@ def create_from_oauth(oauth, email)
 
     role = ENV.fetch('GOOGLE_AUTO_CREATE_ROLE', User::ADMIN_ROLE)
 
+    unless role.in?(User::ROLES)
+      Rails.logger.warn("OAuth auto-create: unknown role '#{role}', falling back to '#{User::ADMIN_ROLE}'")
+      role = User::ADMIN_ROLE
+    end
+
+    Rails.logger.info("OAuth auto-create: creating user #{email} with role '#{role}'")
+
     account.users.create!(
       email:,
       first_name: oauth.info.first_name.to_s,