- Changed asset paths from `/public/assets` to `/public/upload` across various files to ensure consistency in media storage.
- Introduced visibility handling for posts, allowing for better control over comment visibility based on post status.
- Enhanced markdown export functionality with new utilities for exporting unlisted posts and normalizing image URLs.
- Updated tests to reflect changes in asset paths and visibility logic.
These updates improve the overall media management and user experience in handling post visibility and markdown exports.
- Added `ensureClientMeSynced` function to synchronize client session with server, improving user experience by reducing unnecessary API calls.
- Updated `AppShell`, `public.vue`, and other components to utilize the new synchronization method instead of the previous refresh mechanism.
- Introduced a new API endpoint for session handling, ensuring consistent user state across client and server.
- Refactored `useAuthSession` to manage client session state more effectively, enhancing overall authentication flow.
This update streamlines the authentication process and enhances the reliability of user session management.
- Introduced a new skill for backend security audits, detailing checks for input validation, authentication, and sensitive data handling.
- Enhanced user registration process by adding specific error handling for username conflicts, returning a 409 status code with a user-friendly message.
- Improved file upload security by implementing checks for allowed image formats, ensuring only valid raster images are processed.
- Updated password hashing to use a stronger algorithm, increasing security for user credentials.
- Added tests for image magic byte validation and RSS URL safety checks to ensure robustness in file handling and URL processing.
This update significantly strengthens the security posture of the backend and improves user experience during registration.
Add guest email validation with anonymous-mode exceptions and persist guestEmail/guestIsAnonymous in comment creation. Update comment form to collect anonymous and email fields for guests and reset them after successful submit.
Made-with: Cursor
- Introduced user notes for media assets, allowing admins and users to add descriptions.
- Enhanced media asset listing with reference contexts, providing links to related content.
- Updated API endpoints to support note saving and retrieval.
- Modified database schema to include user notes and related fields.
- Improved search functionality to include user notes in media asset queries.
Made-with: Cursor
- Added a custom JSON error handler to improve error responses in Nitro.
- Introduced utility functions to determine JSON request types and normalize error messages.
- Updated Nuxt configuration to utilize the new error handler.
Made-with: Cursor
Transition the database from PostgreSQL to SQLite, updating migration files, database connection settings, and schema definitions accordingly. Adjust package dependencies to reflect the new database type and ensure compatibility. Remove obsolete migration files and snapshots related to PostgreSQL. Enhance error handling in authentication and configuration services to accommodate the new database structure.
Add a unified authentication session composable to manage user state and session handling. Implement global route middleware for access control, ensuring protected routes require authentication. Introduce utility functions for route validation and safe redirect handling. Update login and registration pages to support new authentication flow and redirect logic. Enhance homepage rendering based on user authentication status.
Add new database tables for global and user configurations, along with corresponding migration files. Introduce API endpoints for managing configuration values, including retrieval and updates. Enhance authentication context to support configuration access, and implement error handling for configuration-related operations.
Implement the username-password register and login flow with cookie-backed sessions, auth APIs, and login/register pages. Include the supporting auth schema, migration files, service validation fixes, and planning/design docs for the scoped delivery.
Made-with: Cursor
fix: change dotenv config path to use .env file
feat: add usersTable schema for authentication
fix: update seed file to import usersTable from the correct path
feat: add 404 handler for non-existent API routes
feat: implement file upload API with multer
refactor: remove deprecated health check endpoint
feat: add hello endpoint returning static user data
refactor: remove old hello endpoint implementation
feat: add random image selection API with multiple sources
feat: create public file serving middleware with caching
refactor: update response handler utility for better error handling
npmrun