- Introduced a new skill for backend security audits, detailing checks for input validation, authentication, and sensitive data handling.
- Enhanced user registration process by adding specific error handling for username conflicts, returning a 409 status code with a user-friendly message.
- Improved file upload security by implementing checks for allowed image formats, ensuring only valid raster images are processed.
- Updated password hashing to use a stronger algorithm, increasing security for user credentials.
- Added tests for image magic byte validation and RSS URL safety checks to ensure robustness in file handling and URL processing.
This update significantly strengthens the security posture of the backend and improves user experience during registration.
Transition the database from PostgreSQL to SQLite, updating migration files, database connection settings, and schema definitions accordingly. Adjust package dependencies to reflect the new database type and ensure compatibility. Remove obsolete migration files and snapshots related to PostgreSQL. Enhance error handling in authentication and configuration services to accommodate the new database structure.
Add new database tables for global and user configurations, along with corresponding migration files. Introduce API endpoints for managing configuration values, including retrieval and updates. Enhance authentication context to support configuration access, and implement error handling for configuration-related operations.
Implement the username-password register and login flow with cookie-backed sessions, auth APIs, and login/register pages. Include the supporting auth schema, migration files, service validation fixes, and planning/design docs for the scoped delivery.
Made-with: Cursor
npmrun