| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Disable no-img-element (RSS reader needs <img> for arbitrary external
URLs). Remove unused variables/imports and redundant getUser() calls
guarded by middleware. Fix exhaustive-deps by adding stable deps,
wrapping handlers in useCallback, and suppressing intentional omissions.
Fix ref cleanup in use-realtime-entries. Allow triple-slash TS reference
directives in no-comments rule.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add rate limiting to /api/share (30/min), /api/export (5/hr),
/api/account/data (3/day)
- Add client-side 30s throttle to forgot-password form
- Remove immediate tier upgrade on plan change; let invoice.paid
webhook handle tier promotion to prevent free upgrades on payment
failure
- Add SSRF validation to webhook URLs: block localhost, private IPs,
link-local, and metadata endpoints
- Log Stripe webhook signature verification errors instead of
swallowing silently
- Mask webhook secret in GET response (show first/last 4 chars only)
- Add error logging to API key last_used_at update
- Remove internal error message leaking from checkout session route
|
| |
|
|
|
|
|
|
|
| |
Add "share" button to text selection toolbar so users can share an entry
with a highlighted passage visible to visitors. The public share page
renders the highlight and scrolls to it on load.
Also fix magic link and password reset redirects to use NEXT_PUBLIC_APP_URL
instead of window.location.origin so emails link to the production domain.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
settings
- Rename "muted keywords" to "muted phrases" throughout settings UI
- Add header with navigation to auth pages (sign-in, sign-up, etc.)
- Merge security tab (TOTP setup) into account settings tab
- Fix TOTP name input truncation on Safari (w-64 → flex-1 min-w-0)
- Add appearance settings: font size, time display format, entry images toggle, reading time toggle
- Add keyboard shortcuts dialog (? key) with all keybindings documented
- Add extended vim shortcuts: gg, G, n/N (next/prev unread), Ctrl+h/l (panel focus)
- Add command palette shortcut (⌘K) to shortcuts dialog
- Add icon URL fields for folders and custom feeds (DB + queries + settings UI)
- Add data-has-unreads attribute for sidebar keyboard navigation
- Fix SSR prerendering crash from Zustand persist and react-resizable-panels localStorage access
- Add detail panel layout persistence via useDefaultLayout
- Update marketing copy to advertise vim-like keyboard navigation
|
|
|
Full-stack RSS reader SaaS: Supabase + Next.js + Go worker.
Includes three subscription tiers (free/pro/developer), API key auth,
read-only REST API, webhook push notifications, Stripe billing with
proration, and PWA support.
|