| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
- Mark all as read now scopes to current feed/folder instead of all
- Added undo button to mark-all-read toast notification
- Share notes can be toggled between public and private visibility
- Track share view count and display in shares list
- Activity-based share expiry: views reset the expiry timer
- Fixed notification panel z-index layering behind content area
|
| |
|
|
|
|
|
|
|
| |
Set up BotID bot detection on sensitive API routes (share, billing,
account, webhook-config). Adds client instrumentation, server-side
checkBotId() guards, and withBotId next config wrapper.
Also fix checkout/portal session routes to fall back to request origin
when NEXT_PUBLIC_APP_URL is not set, and center SVG icon properly.
|
| |
|
|
|
|
|
|
| |
- Remove unsafe-eval from script-src CSP (not needed in production)
- Replace Host/Origin header fallback with NEXT_PUBLIC_APP_URL in share
and checkout routes to prevent host header injection
- Add .catch() to request.json() in share POST and PATCH routes
- Add rate limiting (3/min) to account deletion endpoint
|
| |
|
|
|
|
|
|
| |
Comprehensive sweep of all user-facing text to enforce lowercase
convention, including acronyms (api, rest, http, opml, json, totp,
mfa, qr, hmac). Added asa-lowercase/lowercase-strings eslint rule
that reports uppercase in notify() calls, error messages, jsx text,
and checked attributes (placeholder, alt, title).
|
|
|
Full-stack RSS reader SaaS: Supabase + Next.js + Go worker.
Includes three subscription tiers (free/pro/developer), API key auth,
read-only REST API, webhook push notifications, Stripe billing with
proration, and PWA support.
|