root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39 Commits 1 Branch 0 Tags
21e8b7e13761809a263a02d537fe68713b971b34
Commit Graph

28 Commits

Author SHA1 Message Date
Adriano Belisario
21e8b7e137 fix(quantity): enforce claim limits on backend, fix quantity field in admin form
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-03 21:07:24 +00:00
Adriano Belisario
23114637ac fix: sync reorder transaction + redirect unauthenticated users to wishlist
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details 
- reorder route used async callback with better-sqlite3 (sync driver),
  causing "Transaction function cannot return a promise" — converted to sync
- home page now redirects unauthenticated visitors to the wishlist slug
  instead of getting stuck on the loading screen

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-03 21:02:10 +00:00
Adriano Belisario
2726be337e feat: simplify to single-wishlist instance
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details 
- Home page redirects guests directly to the single wishlist slug
- Admin shows settings + single wishlist header + items only
- Removed multi-wishlist create/delete/reorder UI

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-03 20:57:00 +00:00
Adriano Belisario
cac2c223dd feat: remove price and currency fields from frontend and backend
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-03 20:51:49 +00:00
belisards
4e031a9d4d feat(admin): claims dashboard listing all reservations
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details
2026-05-03 17:26:19 -03:00
belisards
007aa35521 feat(admin): drop ShareButton and View Public Site from header 2026-05-03 17:25:10 -03:00
belisards
96d38301c4 feat(slug): drop Voltar ao início link
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details
2026-05-03 17:15:51 -03:00
belisards
31c912fc3d revert: drop visitor CTA button and public visit endpoint
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details
2026-05-03 17:15:20 -03:00
belisards
17117ed7b2 feat(home): add Ver lista do Martin CTA, mints anonymous visitor guest
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details
2026-05-03 17:13:41 -03:00
belisards
e96181a6f3 feat(home): teaser promo for unauthenticated visitors
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details
2026-05-03 17:04:51 -03:00
belisards
d33feced1d fix(build): read URL params via window in guards (avoid useSearchParams prerender error)
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details
2026-05-03 17:02:45 -03:00
belisards
c959cc8829 feat(ui): hide spoiler banner, anonymize claims, optional guest name, list wishlists on home, drop esgotados toggle 2026-05-03 16:53:48 -03:00
belisards
ce7731cebb chore: remove password-lock; switch to ADMIN_TOKEN env; update docs 2026-05-03 16:34:41 -03:00
belisards
0832c0f9e5 feat(admin): guests CRUD UI with copy-link 2026-05-03 16:32:19 -03:00
belisards
8d9e7c0709 feat(home): show convite necessário; route admin/guest tokens 2026-05-03 16:31:40 -03:00
belisards
4f3017a02d refactor(auth): replace JWT/password-lock with token guards 2026-05-03 16:31:00 -03:00
belisards
e518e28957 feat(api): tokens on all routes; items expose claims/claimedQuantity/remainingQuantity 2026-05-03 16:25:19 -03:00
belisards
844951c832 feat(claim): quantity-aware claims via item_claims; per-guest unclaim 2026-05-03 16:22:22 -03:00
belisards
32f9403bd8 feat(api): admin guests CRUD endpoints 2026-05-03 16:21:26 -03:00
belisards
7b2e2cc3c5 feat(auth): replace login/refresh/me with /api/auth/session 2026-05-03 16:20:37 -03:00
belisards
4d4cdee9eb wip: in-progress mars theme work (saved before auth refactor) 2026-05-03 16:11:12 -03:00
belisards
282e475562 feat(theme): switch to Mars-inspired palette and atmospheric haze (no planet disk) 2026-05-03 15:49:30 -03:00
belisards
e38473e88d feat(home): inline items grid, drop share button, add planet/newborn theme, rename to Chá do Martin 2026-05-03 15:47:56 -03:00
Adriano Belisario
52f75f0b3d refactor: update UI components and page layouts
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-03 18:18:31 +00:00
Michael T
ee884ccdf2 fix(api): use synchronous transaction for wishlist reorder 
better-sqlite3 doesn't support async transactions. Removed async/await
and used synchronous .run() and .all() methods instead.

Fixes #38
 2026-01-23 15:29:16 -05:00
Michael T
30c661a364 fix(auth): resolve cookie authentication failure over HTTP 
Cookies were set with secure flag based solely on NODE_ENV, causing
401 errors when accessing over HTTP with NODE_ENV=production.

- Add COOKIE_SECURE env var for explicit control
- Auto-detect HTTPS via X-Forwarded-Proto header in production
- Extract isSecureCookie() utility to lib/auth/utils.ts
- Document COOKIE_SECURE in README and .env.example

Fixes #39
 2026-01-23 15:26:24 -05:00
Michael T
ae81206de7 fix(security): sanitize HTML content to prevent XSS attacks 
Add DOMPurify to sanitize user-generated HTML in the preferences
section before rendering with dangerouslySetInnerHTML.
 2026-01-12 11:21:27 -05:00
michaeltieso
3480888eaa Initial commit 2025-12-01 14:49:17 +00:00