| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
Strip UTM, fbclid, gclid, and other tracking query parameters from entry URLs
at parse time in the Go worker. Filter out sub-3px tracking pixel images from
sanitized HTML content via exclusiveFilter.
|
| |
|
|
| |
change
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Uses pg_trgm % operator instead of ILIKE for title/summary matching,
enabling the existing GIN trigram indexes. Results are now ranked by
similarity score. Threshold lowered to 0.1 for inclusive matching.
Also adds owner_id filter that was previously missing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Root cause: cleanup_stale_entries deleted read-but-unsaved entries from
active feeds, then the Go worker re-inserted them with new UUIDs,
orphaning the user_entry_states rows and making entries appear unread.
- cleanup_stale_entries: skip feeds with active subscribers and preserve
entries that have been read (not just saved)
- Go parser: normalize GUIDs by trimming whitespace and stripping
tracking query parameters from URL-based identifiers
- Go writer: preserve original published_at on upsert instead of
overwriting, preventing old entries from jumping to timeline top
- get_unread_counts: apply same time boundary as get_timeline so
ancient re-inserted entries don't inflate counts
- Realtime listener: ignore INSERT events for entries older than 48h
to suppress misleading "new entries" notifications from re-inserts
|
| | |
|
| | |
|
| |
|
|
|
| |
RPC now returns uuid[] of affected entry IDs. Undo passes those IDs
back via p_entry_ids so only entries that actually changed are reverted.
|
| |
|
|
|
|
| |
The detail panel called useTimeline() with no args, creating a separate
cache from the entry list's filtered query. Entries not in the first 50
of the global timeline had isSaved/isRead stuck at false.
|
| | |
|
| |
|
|
|
|
| |
Reverts the DB-level filter so individual hidden feeds still show
their own unread badge. Filters client-side in totalUnreadCount
and getFolderUnreadCount instead.
|
| |
|
|
|
|
| |
get_unread_counts() now filters on hidden_from_timeline = false,
so feeds hidden from the timeline no longer inflate the total
unread badge or appear in aggregated counts.
|
| |
|
|
|
| |
Themed scrollbars (default) use 6px thin bars matching the existing
colour palette. Synced to body via class toggle in Providers.
|
| | |
|
| |
|
|
|
|
| |
Adds a persisted appearance setting (disabled by default) that
partitions the entry list into unread-first, preserving original
order within each group.
|
| |
|
|
|
|
| |
- Add webhook tests: HMAC signing, headers, status handling, timeout
- Add writer tests: credential stripping, truncation, edge cases
- Add Go test step to CI workflow (actions/setup-go + go test)
|
| |
|
|
|
|
|
|
|
| |
- Make webhook URL tests deterministic with injectable DNS resolver
- Wire tier parity checker into CI and root scripts
- Add rate_limits cleanup cron job (hourly, >1hr retention)
- Change rate limiter to fail closed on RPC error
- Add Go worker tests: parser, SSRF protection, error classification,
authentication, and worker pool (48 test functions)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Add folders & custom feeds, muted phrases, full-text search,
customisable interface, installable PWA, and API & webhooks cards.
|
| | |
|
| |
|
|
|
|
|
| |
Service worker now only caches Supabase REST responses when the user's
tier allows offline reading. Client syncs tier status to SW via
postMessage after profile loads. Free users see a descriptive offline
banner instead of stale cached data.
|
| |
|
|
|
|
|
| |
New appearance setting (disabled by default) that silently refreshes
the entry list when new entries arrive, provided the user is scrolled
to the top. Falls back to notification when scrolled down to avoid
disrupting reading position.
|
| |
|
|
|
|
|
|
|
| |
- Mark all as read now scopes to current feed/folder instead of all
- Added undo button to mark-all-read toast notification
- Share notes can be toggled between public and private visibility
- Track share view count and display in shares list
- Activity-based share expiry: views reset the expiry timer
- Fixed notification panel z-index layering behind content area
|
| |
|
|
|
|
| |
Stop SW from intercepting cross-origin image requests (favicons,
remote entry images) which caused no-response errors in production.
Add Supabase env vars to CI build step.
|
| |
|
|
|
|
| |
Migrate existing display names from user_profiles to auth.users
user_metadata. Drop display_name column from user_profiles. Frontend
now reads from auth user metadata and updates via auth.updateUser().
|
| |
|
|
|
| |
Document prerequisites, env vars, scripts, architecture, and project
structure for the asa.news web app.
|
| |
|
|
|
|
| |
24 tests covering webhook URL validation (SSRF), API key generation/
hashing, and HTML sanitization. CI workflow runs lint, typecheck
(build), and test on push/PR to main.
|
| |
|
|
|
|
|
|
|
| |
Disable no-img-element (RSS reader needs <img> for arbitrary external
URLs). Remove unused variables/imports and redundant getUser() calls
guarded by middleware. Fix exhaustive-deps by adding stable deps,
wrapping handlers in useCallback, and suppressing intentional omissions.
Fix ref cleanup in use-realtime-entries. Allow triple-slash TS reference
directives in no-comments rule.
|
| |
|
|
|
|
| |
Webhook routes switched from admin client to server client (RLS).
Added DNS-resolution SSRF protection for webhook URLs with private IP
blocking. Added tier limit parity check script.
|
| |
|
|
|
|
| |
Enable RLS on rate_limits table (accessed only via SECURITY DEFINER).
Fix api_keys delete policy to use (select auth.uid()) subquery to
avoid per-row re-evaluation. Refresh schema dump from live database.
|
| |
|
|
|
|
|
|
|
|
|
| |
P0: add missing 'developer' case to check_custom_feed_limit trigger,
scope user_entry_states join to authenticated user in API v1 entries,
replace in-memory rate limiting with Supabase-backed check_rate_limit RPC.
P1: fix all 9 ESLint errors — useSyncExternalStore for useIsMobile,
restructure WebhookSection to avoid set-state-in-effect, move ref
mutations into useEffect, replace <a> with <Link> on shared page,
ignore generated public/sw.js in eslint config.
|
| |
|
|
|
|
| |
- Add missing 'developer' case to check_custom_feed_limit trigger (was falling through to else 1)
- Scope user_entry_states join to authenticated user in /api/v1/entries (admin client bypasses RLS)
- Replace in-memory rate limiting with Supabase-backed solution (UNLOGGED table + check_rate_limit RPC + pg_cron cleanup)
|
| |
|
|
|
|
|
| |
offlineFirst fires the mutation once even when offline, causing a
network error that triggers onError and rolls back the optimistic
update. online mode pauses the mutation without calling mutationFn,
keeping the optimistic state intact until reconnection.
|
| |
|
|
|
|
|
| |
Paused mutations (read/save toggles) are now persisted to IndexedDB
and automatically resumed on reconnection or page reload via TanStack
Query's offlineFirst networkMode. Service worker caches images with
CacheFirst strategy (500 entries, 7-day expiry) for offline reading.
|
| |
|
|
|
|
|
| |
Prefetch content_html for the first 10 timeline entries in the
background so they are available offline without needing to click
each one. Add NetworkFirst runtime caching in service worker for
Supabase REST GET requests (24h expiry, 200 entry limit).
|
| |
|
|
|
|
| |
Persist React Query cache to IndexedDB via idb-keyval so timeline,
entry details, subscriptions, and other read data survive page reloads
and brief offline periods. Add network status banner in reader layout.
|
| | |
|
| | |
|
| | |
|
| | |
|