bert.hausmans/flashcards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(auth): non-blocking follow-ups from final review

Browse Source 
- /api/stats: add verifyCsrf middleware (defense-in-depth; no-op for GETs)
- VerifyEmailPage: useRef guard to prevent React StrictMode double-fire of
  the single-use verify token in dev
- router.tsx: route-level code splitting via React.lazy + Suspense; initial
  bundle drops from 397 KB to 224 KB with per-route chunks (0.3–14 KB each)
- e2e: wait for verify-email completion before login; bump Account-menu
  timeout to handle Vite cold-chunk compile
This commit is contained in:
Bert Hausmans
2026-05-20 23:27:52 +02:00
parent 5739b6d941
commit e27c1ca06c
5 changed files with 80 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/src/app.ts
View File

@@ -32,7 +32,7 @@ export function createApp(db: Db): Express {
app.use('/api/lessons', requireAuth, verifyCsrf, lessonsRouter(db));
app.use('/api', requireAuth, verifyCsrf, cardsRouter(db));
app.use('/api/sessions', requireAuth, verifyCsrf, sessionsRouter(db));
app.use('/api/stats', requireAuth, statsRouter(db));
app.use('/api/stats', requireAuth, verifyCsrf, statsRouter(db));
app.use('/api/admin/users', requireAuth, requireRole('sysadmin'), verifyCsrf, adminUsersRouter(db));
// Static frontend in production