RequestHunt is a community-driven platform that collects and curates feature requests from X (Twitter), Reddit, and GitHub. We help product teams discover what features real users are asking for, making it easier to validate product ideas and prioritize feature development based on actual user demand.

How does RequestHunt collect feature requests?

RequestHunt uses AI-powered extraction to automatically collect feature requests from social media platforms including X, Reddit, and GitHub. The platform monitors discussions, issues, and posts to identify genuine user feature requests, extracting key information like the requested feature, product mentioned, and user sentiment.

Who uses RequestHunt?

RequestHunt is used by product managers, founders, developers, and product teams who want to discover what features real users are requesting. It's particularly valuable for startups looking to validate ideas, established companies prioritizing their roadmap, and developers building products that solve real user problems.

Is RequestHunt free to use?

Yes, browsing and searching feature requests on RequestHunt is completely free. We also offer API access for developers who want to integrate feature request data into their own applications. Check our pricing page for API plan details.

How often is RequestHunt data updated?

RequestHunt continuously collects feature requests from Reddit, X (Twitter), GitHub, YouTube, LinkedIn, and Amazon. You can also trigger on-demand scraping via the API or web interface to get the freshest data for any topic.

[Strapi] Add expiry date for password reset tokens

Currently, password reset tokens do not expire, which poses a security risk. Adding an expiry date would enhance security for users.

Original Source

@@amerhafian | 0 pts | 3/11/2026

### Node Version 22.19.0 ### NPM/Yarn/PNPM Version NPM 10.9.3 ### Strapi Version 5.39.0 ### Operating System Strapi Cloud ### Database Strapi Cloud ### Javascript or Typescript Typescript ### Reproduction URL _No response_ ### Bug Description When requesting a password reset, the generated reset token has no expiry date, meaning it remains valid indefinitely. If an attacker obtains a reset token (e.g. via email interception, logs, or a compromised inbox), they can use it at any point in the future to take over the account even months later. Thanks to @Schero94 for introducing me to the Strapi project. ### Steps to Reproduce 1. Create Password Reset Request 2. Store Password Reset Token 3. AS long as the token is not used or another password reset request is being made, it will stay valid forever ### Expected Behavior The token should have an expiry date (for example now+15 minutes). After that, the token is invalid and a new one has to be requested. ### Logs ```

Discussion

Loading comments...