5822dbc8ae
feat(app): mount sharing routes + post-migration backfill
2026-05-21 00:28:29 +02:00
fb95ccd772
feat(routes): thread userId through routes + visibility/fork/curated endpoints
2026-05-21 00:26:49 +02:00
181a757323
refactor(marketplace): substring-only q filter, fix test to use real substring
2026-05-21 00:24:01 +02:00
9dcce76f01
feat(marketplace): list shared roots with filters + sort + pagination
2026-05-21 00:23:10 +02:00
4339728326
feat(fork): subtree fork service + tests
2026-05-21 00:19:46 +02:00
f378c0fdb0
feat(subs): subscribe/unsubscribe/list service + routes
2026-05-21 00:17:16 +02:00
28321c6f84
feat(stats): per-user filtering across all aggregations
2026-05-21 00:15:24 +02:00
a0c11d8e21
feat(sessions): per-user sessions and progress
2026-05-21 00:13:15 +02:00
2d37aee32c
feat(cards): permission-aware CRUD
2026-05-21 00:11:00 +02:00
9aaba94b95
feat(lessons): ownership-aware CRUD + tree filtering + visibility/curated
2026-05-21 00:09:32 +02:00
66363b8094
feat(perms): canRead/canEdit with ancestor walk + tests
2026-05-21 00:07:05 +02:00
262ac8b162
feat(shared): ownership types and marketplace schemas
2026-05-21 00:05:01 +02:00
a872560477
feat(db): ownership columns and lesson_subscriptions table
2026-05-21 00:03:24 +02:00
e27c1ca06c
chore(auth): non-blocking follow-ups from final review
...
- /api/stats: add verifyCsrf middleware (defense-in-depth; no-op for GETs)
- VerifyEmailPage: useRef guard to prevent React StrictMode double-fire of
the single-use verify token in dev
- router.tsx: route-level code splitting via React.lazy + Suspense; initial
bundle drops from 397 KB to 224 KB with per-route chunks (0.3–14 KB each)
- e2e: wait for verify-email completion before login; bump Account-menu
timeout to handle Vite cold-chunk compile
2026-05-20 23:27:52 +02:00
bb0d9d7d01
feat(auth): wire auth middleware in app, protect all /api endpoints
2026-05-20 23:00:20 +02:00
9ca025f128
feat(auth): admin user management service, routes, and integration tests
2026-05-20 22:58:29 +02:00
70658556aa
feat(auth): /api/auth routes + integration tests (pending wiring)
2026-05-20 22:56:10 +02:00
574e3de0e8
feat(auth): currentUser, requireAuth, requireRole middleware
2026-05-20 22:53:31 +02:00
c9d593984d
feat(auth): named rate limiters (skip in tests)
2026-05-20 22:52:42 +02:00
0b62aad7d8
feat(auth): cookies helpers and CSRF middleware
2026-05-20 22:51:42 +02:00
1ba2cab2e8
feat(auth): email service with stub fallback + html templates
2026-05-20 22:50:22 +02:00
4ef3eaae52
feat(auth): server-side auth sessions with rolling expiry
2026-05-20 22:48:39 +02:00
04fbe6e9c3
feat(auth): token service with single-use, hashed storage
2026-05-20 22:47:02 +02:00
0e6bc8c640
feat(auth): password hashing service
2026-05-20 22:45:21 +02:00
7c5600cdef
feat(db): add users, sessions_auth, auth_tokens tables
2026-05-20 22:42:07 +02:00
1c977c4743
feat(frontend): API client modules + backend GET /api/cards/:id
2026-05-20 21:12:38 +02:00
4a382b5dd7
feat(backend): serve built frontend in production
2026-05-20 21:08:06 +02:00
ea45f6fcaf
feat(backend): excel import and export
2026-05-20 21:06:44 +02:00
d60ec34501
feat(backend): stats service and routes
2026-05-20 21:03:39 +02:00
5de988d23b
feat(backend): sessions routes
2026-05-20 20:59:48 +02:00
9ed5fc39bd
feat(backend): session engine with Leitner integration
2026-05-20 20:56:32 +02:00
5468b7c172
feat(backend): cards CRUD service and routes
2026-05-20 20:51:42 +02:00
fcad3d252e
fix(lessons): cascade delete descendants in service (no FK on parent_id)
2026-05-20 20:48:42 +02:00
8af8ad54fa
feat(backend): lessons CRUD service and routes
2026-05-20 20:47:43 +02:00
3ff79b252c
test(backend): in-memory db helper
2026-05-20 20:44:34 +02:00
6283992004
fix(db): non-null assertions in seed for noUncheckedIndexedAccess
2026-05-20 20:43:17 +02:00
dc64a08320
feat(backend): leitner algorithm with tests
2026-05-20 20:42:41 +02:00
1584901c0a
feat(db): drizzle schema, migrations, and seed
2026-05-20 20:40:00 +02:00
d13af79940
feat(backend): bootstrap express app with error handling
2026-05-20 20:36:55 +02:00
