e27c1ca06c
chore(auth): non-blocking follow-ups from final review
...
- /api/stats: add verifyCsrf middleware (defense-in-depth; no-op for GETs)
- VerifyEmailPage: useRef guard to prevent React StrictMode double-fire of
the single-use verify token in dev
- router.tsx: route-level code splitting via React.lazy + Suspense; initial
bundle drops from 397 KB to 224 KB with per-route chunks (0.3–14 KB each)
- e2e: wait for verify-email completion before login; bump Account-menu
timeout to handle Vite cold-chunk compile
2026-05-20 23:27:52 +02:00
bb0d9d7d01
feat(auth): wire auth middleware in app, protect all /api endpoints
2026-05-20 23:00:20 +02:00
9ca025f128
feat(auth): admin user management service, routes, and integration tests
2026-05-20 22:58:29 +02:00
70658556aa
feat(auth): /api/auth routes + integration tests (pending wiring)
2026-05-20 22:56:10 +02:00
574e3de0e8
feat(auth): currentUser, requireAuth, requireRole middleware
2026-05-20 22:53:31 +02:00
c9d593984d
feat(auth): named rate limiters (skip in tests)
2026-05-20 22:52:42 +02:00
0b62aad7d8
feat(auth): cookies helpers and CSRF middleware
2026-05-20 22:51:42 +02:00
1ba2cab2e8
feat(auth): email service with stub fallback + html templates
2026-05-20 22:50:22 +02:00
4ef3eaae52
feat(auth): server-side auth sessions with rolling expiry
2026-05-20 22:48:39 +02:00
04fbe6e9c3
feat(auth): token service with single-use, hashed storage
2026-05-20 22:47:02 +02:00
0e6bc8c640
feat(auth): password hashing service
2026-05-20 22:45:21 +02:00
7c5600cdef
feat(db): add users, sessions_auth, auth_tokens tables
2026-05-20 22:42:07 +02:00
1c977c4743
feat(frontend): API client modules + backend GET /api/cards/:id
2026-05-20 21:12:38 +02:00
4a382b5dd7
feat(backend): serve built frontend in production
2026-05-20 21:08:06 +02:00
ea45f6fcaf
feat(backend): excel import and export
2026-05-20 21:06:44 +02:00
d60ec34501
feat(backend): stats service and routes
2026-05-20 21:03:39 +02:00
5de988d23b
feat(backend): sessions routes
2026-05-20 20:59:48 +02:00
9ed5fc39bd
feat(backend): session engine with Leitner integration
2026-05-20 20:56:32 +02:00
5468b7c172
feat(backend): cards CRUD service and routes
2026-05-20 20:51:42 +02:00
fcad3d252e
fix(lessons): cascade delete descendants in service (no FK on parent_id)
2026-05-20 20:48:42 +02:00
8af8ad54fa
feat(backend): lessons CRUD service and routes
2026-05-20 20:47:43 +02:00
3ff79b252c
test(backend): in-memory db helper
2026-05-20 20:44:34 +02:00
6283992004
fix(db): non-null assertions in seed for noUncheckedIndexedAccess
2026-05-20 20:43:17 +02:00
dc64a08320
feat(backend): leitner algorithm with tests
2026-05-20 20:42:41 +02:00
1584901c0a
feat(db): drizzle schema, migrations, and seed
2026-05-20 20:40:00 +02:00
d13af79940
feat(backend): bootstrap express app with error handling
2026-05-20 20:36:55 +02:00
