e27c1ca06c
chore(auth): non-blocking follow-ups from final review
...
- /api/stats: add verifyCsrf middleware (defense-in-depth; no-op for GETs)
- VerifyEmailPage: useRef guard to prevent React StrictMode double-fire of
the single-use verify token in dev
- router.tsx: route-level code splitting via React.lazy + Suspense; initial
bundle drops from 397 KB to 224 KB with per-route chunks (0.3–14 KB each)
- e2e: wait for verify-email completion before login; bump Account-menu
timeout to handle Vite cold-chunk compile
2026-05-20 23:27:52 +02:00
5739b6d941
test(e2e): register+verify smoke and admin invite flow via Mailpit
2026-05-20 23:19:56 +02:00
28bb903b93
feat(frontend): router with auth boundary, role guard, and all auth pages
2026-05-20 23:12:59 +02:00
117cd52e3e
feat(frontend): admin users page (invite, role, activate, send-reset)
2026-05-20 23:11:53 +02:00
88ba0a790c
feat(frontend): profile page (display name, email, change password)
2026-05-20 23:10:28 +02:00
1850cd78f5
feat(frontend): VerifyEmail + ForgotPassword + ResetPassword + AcceptInvite pages
2026-05-20 23:09:04 +02:00
4e15d8b59d
feat(frontend): Login + Register pages
2026-05-20 23:07:19 +02:00
6f921ae44e
feat(frontend): AuthBoundary, RoleGuard, UserMenu + Layout integration
2026-05-20 23:05:36 +02:00
bd74098786
feat(frontend): authStore (Zustand)
2026-05-20 23:03:43 +02:00
eb540c2cd8
feat(frontend): API client CSRF support + auth and admin-users API modules
2026-05-20 23:02:47 +02:00
00e69a8d90
chore: docker-compose mailpit, env.example, README auth section
2026-05-20 23:01:18 +02:00
bb0d9d7d01
feat(auth): wire auth middleware in app, protect all /api endpoints
2026-05-20 23:00:20 +02:00
9ca025f128
feat(auth): admin user management service, routes, and integration tests
2026-05-20 22:58:29 +02:00
70658556aa
feat(auth): /api/auth routes + integration tests (pending wiring)
2026-05-20 22:56:10 +02:00
574e3de0e8
feat(auth): currentUser, requireAuth, requireRole middleware
2026-05-20 22:53:31 +02:00
c9d593984d
feat(auth): named rate limiters (skip in tests)
2026-05-20 22:52:42 +02:00
0b62aad7d8
feat(auth): cookies helpers and CSRF middleware
2026-05-20 22:51:42 +02:00
1ba2cab2e8
feat(auth): email service with stub fallback + html templates
2026-05-20 22:50:22 +02:00
4ef3eaae52
feat(auth): server-side auth sessions with rolling expiry
2026-05-20 22:48:39 +02:00
04fbe6e9c3
feat(auth): token service with single-use, hashed storage
2026-05-20 22:47:02 +02:00
0e6bc8c640
feat(auth): password hashing service
2026-05-20 22:45:21 +02:00
afd51571c5
feat(shared): add auth types and zod schemas
2026-05-20 22:44:08 +02:00
7c5600cdef
feat(db): add users, sessions_auth, auth_tokens tables
2026-05-20 22:42:07 +02:00
ee7ca9187a
docs: implementation plan for sub-project A — auth & roles (22 TDD tasks)
2026-05-20 22:32:38 +02:00
dce6809893
docs: spec for sub-project A — auth & roles
2026-05-20 22:16:41 +02:00
b984e83e2b
feat(frontend): apply UI/UX design system - purple/green palette, gradient buttons, 3D flip, polished pages
...
Applied ui-ux-pro-max design system recommendations:
- Tailwind theme: study purple primary + correct green accent
- Inter + Plus Jakarta Sans typography
- Glassmorphic surfaces with soft shadows and mesh background
- Real 3D card flip with spring physics + answer feedback flash
- Gradient stat cards, progress bar, animated done screen with score ring
- Polished Layout, Dashboard, Admin, AdminLesson, CardTable, ImportDialog, PracticeSetup, Practice, PracticeDone
- E2E smoke updated for new accessible names
2026-05-20 21:48:47 +02:00
9300af2820
docs: readme with quickstart
2026-05-20 21:30:27 +02:00
f88b4d57de
test(e2e): playwright smoke for create→practice flow
2026-05-20 21:29:51 +02:00
b1992d0dad
feat(frontend): resume active session prompt
2026-05-20 21:26:09 +02:00
f1abb64573
feat(frontend): settings page with dark mode and defaults
2026-05-20 21:24:12 +02:00
289a58fac0
feat(frontend): dashboard and stats pages
2026-05-20 21:22:44 +02:00
2444e2400f
feat(frontend): practice setup, session and done flow
2026-05-20 21:20:30 +02:00
16a7cc6ad6
feat(frontend): admin card management with excel import/export
2026-05-20 21:17:55 +02:00
1fd31e1001
feat(frontend): admin lesson tree CRUD
2026-05-20 21:15:54 +02:00
1d501ee50a
feat(frontend): zustand stores for settings, lessons, session
2026-05-20 21:14:20 +02:00
1c977c4743
feat(frontend): API client modules + backend GET /api/cards/:id
2026-05-20 21:12:38 +02:00
480ee15df9
feat(frontend): bootstrap React + Vite + Tailwind + Router + Layout
2026-05-20 21:10:27 +02:00
4a382b5dd7
feat(backend): serve built frontend in production
2026-05-20 21:08:06 +02:00
ea45f6fcaf
feat(backend): excel import and export
2026-05-20 21:06:44 +02:00
d60ec34501
feat(backend): stats service and routes
2026-05-20 21:03:39 +02:00
5de988d23b
feat(backend): sessions routes
2026-05-20 20:59:48 +02:00
9ed5fc39bd
feat(backend): session engine with Leitner integration
2026-05-20 20:56:32 +02:00
5468b7c172
feat(backend): cards CRUD service and routes
2026-05-20 20:51:42 +02:00
fcad3d252e
fix(lessons): cascade delete descendants in service (no FK on parent_id)
2026-05-20 20:48:42 +02:00
8af8ad54fa
feat(backend): lessons CRUD service and routes
2026-05-20 20:47:43 +02:00
3ff79b252c
test(backend): in-memory db helper
2026-05-20 20:44:34 +02:00
6283992004
fix(db): non-null assertions in seed for noUncheckedIndexedAccess
2026-05-20 20:43:17 +02:00
dc64a08320
feat(backend): leitner algorithm with tests
2026-05-20 20:42:41 +02:00
1584901c0a
feat(db): drizzle schema, migrations, and seed
2026-05-20 20:40:00 +02:00
d13af79940
feat(backend): bootstrap express app with error handling
2026-05-20 20:36:55 +02:00
