belisards
7b2e2cc3c5
feat(auth): replace login/refresh/me with /api/auth/session
2026-05-03 16:20:37 -03:00
belisards
4d4cdee9eb
wip: in-progress mars theme work (saved before auth refactor)
2026-05-03 16:11:12 -03:00
belisards
282e475562
feat(theme): switch to Mars-inspired palette and atmospheric haze (no planet disk)
2026-05-03 15:49:30 -03:00
belisards
e38473e88d
feat(home): inline items grid, drop share button, add planet/newborn theme, rename to Chá do Martin
2026-05-03 15:47:56 -03:00
Adriano Belisario
52f75f0b3d
refactor: update UI components and page layouts
...
Build and Push Docker Image / build-and-push (push) Has been cancelled
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-03 18:18:31 +00:00
Michael T
ee884ccdf2
fix(api): use synchronous transaction for wishlist reorder
...
better-sqlite3 doesn't support async transactions. Removed async/await
and used synchronous .run() and .all() methods instead.
Fixes #38
2026-01-23 15:29:16 -05:00
Michael T
30c661a364
fix(auth): resolve cookie authentication failure over HTTP
...
Cookies were set with secure flag based solely on NODE_ENV, causing
401 errors when accessing over HTTP with NODE_ENV=production.
- Add COOKIE_SECURE env var for explicit control
- Auto-detect HTTPS via X-Forwarded-Proto header in production
- Extract isSecureCookie() utility to lib/auth/utils.ts
- Document COOKIE_SECURE in README and .env.example
Fixes #39
2026-01-23 15:26:24 -05:00
Michael T
ae81206de7
fix(security): sanitize HTML content to prevent XSS attacks
...
Add DOMPurify to sanitize user-generated HTML in the preferences
section before rendering with dangerouslySetInnerHTML.
2026-01-12 11:21:27 -05:00
michaeltieso
3480888eaa
Initial commit
2025-12-01 14:49:17 +00:00
