- Added `ensureClientMeSynced` function to synchronize client session with server, improving user experience by reducing unnecessary API calls.
- Updated `AppShell`, `public.vue`, and other components to utilize the new synchronization method instead of the previous refresh mechanism.
- Introduced a new API endpoint for session handling, ensuring consistent user state across client and server.
- Refactored `useAuthSession` to manage client session state more effectively, enhancing overall authentication flow.
This update streamlines the authentication process and enhances the reliability of user session management.
- Introduced a new skill for backend security audits, detailing checks for input validation, authentication, and sensitive data handling.
- Enhanced user registration process by adding specific error handling for username conflicts, returning a 409 status code with a user-friendly message.
- Improved file upload security by implementing checks for allowed image formats, ensuring only valid raster images are processed.
- Updated password hashing to use a stronger algorithm, increasing security for user credentials.
- Added tests for image magic byte validation and RSS URL safety checks to ensure robustness in file handling and URL processing.
This update significantly strengthens the security posture of the backend and improves user experience during registration.
Replace session ID retrieval and validation logic with a direct call to requireUser() for improved clarity and efficiency in user authentication. This change streamlines the error handling process by ensuring that session cookies are cleared only when necessary.
Introduce a new error handling component to display user-friendly error messages based on HTTP status codes. Implement global configuration management to control registration availability across the application. Update various components and pages to utilize the new configuration, ensuring consistent behavior for registration links and error handling. Enhance middleware to bypass authentication for specific paths and improve overall user experience.
Add new database tables for global and user configurations, along with corresponding migration files. Introduce API endpoints for managing configuration values, including retrieval and updates. Enhance authentication context to support configuration access, and implement error handling for configuration-related operations.
Implement the username-password register and login flow with cookie-backed sessions, auth APIs, and login/register pages. Include the supporting auth schema, migration files, service validation fixes, and planning/design docs for the scoped delivery.
Made-with: Cursor
npmrun