summaryrefslogtreecommitdiff
path: root/apps/web/app
Commit message (Collapse)AuthorAgeFilesLines
* fix: include feed name in unsubscribe notificationHEADmainFuwn2026-02-121-0/+2
|
* fix: keep scroll position stable when entry list re-sorts after read state ↵Fuwn2026-02-121-6/+7
| | | | change
* fix: prioritise unread entries server-side so they appear in all-entries viewFuwn2026-02-121-16/+11
|
* feat: add drag-and-drop reordering for feeds, folders, and custom feedsFuwn2026-02-121-296/+734
|
* feat: add previous/next navigation buttons on mobile detail viewFuwn2026-02-101-9/+36
|
* fix: query entry state directly instead of relying on unfiltered timelineFuwn2026-02-101-9/+26
| | | | | | The detail panel called useTimeline() with no args, creating a separate cache from the entry list's filtered query. Entries not in the first 50 of the global timeline had isSaved/isRead stuck at false.
* fix: let display density apply to main content panelFuwn2026-02-101-1/+1
|
* fix: exclude hidden feeds from total/folder unread counts onlyFuwn2026-02-101-5/+9
| | | | | | Reverts the DB-level filter so individual hidden feeds still show their own unread badge. Filters client-side in totalUnreadCount and getFolderUnreadCount instead.
* feat: add scrollbar style setting (themed/native/hidden)Fuwn2026-02-103-0/+85
| | | | | Themed scrollbars (default) use 6px thin bars matching the existing colour palette. Synced to body via class toggle in Providers.
* fix: remove font size selector, always use default text-baseFuwn2026-02-102-24/+1
|
* feat: add unread priority option to push unread entries to topFuwn2026-02-102-1/+35
| | | | | | Adds a persisted appearance setting (disabled by default) that partitions the entry list into unread-first, preserving original order within each group.
* feat: reorder feature grid by attention-grabbing impactFuwn2026-02-101-21/+21
|
* fix: use md/lg breakpoints for 3/4-column feature gridFuwn2026-02-102-2/+2
|
* fix: use max-w-screen-xl for features section to fit 4-column gridFuwn2026-02-101-1/+1
|
* fix: widen features section to allow 4-column grid on xl screensFuwn2026-02-101-1/+1
|
* fix: widen feature grid to 4 columns on xl screensFuwn2026-02-101-1/+1
|
* fix: remove typography mention from feature gridFuwn2026-02-101-1/+1
|
* fix: refine feature grid copy for customisation and API cardsFuwn2026-02-101-2/+2
|
* feat: add missing features to marketing feature gridFuwn2026-02-101-0/+30
| | | | | Add folders & custom feeds, muted phrases, full-text search, customisable interface, installable PWA, and API & webhooks cards.
* feat: add offline reading row to pricing comparison tableFuwn2026-02-101-0/+6
|
* feat: gate offline reading to pro and developer plansFuwn2026-02-104-1/+32
| | | | | | | Service worker now only caches Supabase REST responses when the user's tier allows offline reading. Client syncs tier status to SW via postMessage after profile loads. Free users see a descriptive offline banner instead of stale cached data.
* feat: add automatic timeline refresh with scroll position preservationFuwn2026-02-103-1/+44
| | | | | | | New appearance setting (disabled by default) that silently refreshes the entry list when new entries arrive, provided the user is scrolled to the top. Falls back to notification when scrolled down to avoid disrupting reading position.
* feat: scoped mark-all-read, share enhancements, notification z-indexFuwn2026-02-106-13/+110
| | | | | | | | | - Mark all as read now scopes to current feed/folder instead of all - Added undo button to mark-all-read toast notification - Share notes can be toggled between public and private visibility - Track share view count and display in shares list - Activity-based share expiry: views reset the expiry timer - Fixed notification panel z-index layering behind content area
* fix: service worker cross-origin image handling and CI env varsFuwn2026-02-101-1/+2
| | | | | | Stop SW from intercepting cross-origin image requests (favicons, remote entry images) which caused no-response errors in production. Add Supabase env vars to CI build step.
* refactor: use Supabase Auth display name instead of custom columnFuwn2026-02-103-12/+6
| | | | | | Migrate existing display names from user_profiles to auth.users user_metadata. Drop display_name column from user_profiles. Frontend now reads from auth user metadata and updates via auth.updateUser().
* fix: reduce lint warnings from 34 to 0Fuwn2026-02-1016-38/+20
| | | | | | | | | Disable no-img-element (RSS reader needs <img> for arbitrary external URLs). Remove unused variables/imports and redundant getUser() calls guarded by middleware. Fix exhaustive-deps by adding stable deps, wrapping handlers in useCallback, and suppressing intentional omissions. Fix ref cleanup in use-realtime-entries. Allow triple-slash TS reference directives in no-comments rule.
* fix: P2 security hardening and tier limit parityFuwn2026-02-102-51/+19
| | | | | | Webhook routes switched from admin client to server client (RLS). Added DNS-resolution SSRF protection for webhook URLs with private IP blocking. Added tier limit parity check script.
* fix: P0 correctness/security fixes and P1 lint error resolutionFuwn2026-02-096-28/+47
| | | | | | | | | | | P0: add missing 'developer' case to check_custom_feed_limit trigger, scope user_entry_states join to authenticated user in API v1 entries, replace in-memory rate limiting with Supabase-backed check_rate_limit RPC. P1: fix all 9 ESLint errors — useSyncExternalStore for useIsMobile, restructure WebhookSection to avoid set-state-in-effect, move ref mutations into useEffect, replace <a> with <Link> on shared page, ignore generated public/sw.js in eslint config.
* fix: P0 correctness and security fixesFuwn2026-02-0911-10/+11
| | | | | | - Add missing 'developer' case to check_custom_feed_limit trigger (was falling through to else 1) - Scope user_entry_states join to authenticated user in /api/v1/entries (admin client bypasses RLS) - Replace in-memory rate limiting with Supabase-backed solution (UNLOGGED table + check_rate_limit RPC + pg_cron cleanup)
* feat: offline support tier 3 — mutation queue and image cachingFuwn2026-02-092-3/+91
| | | | | | | Paused mutations (read/save toggles) are now persisted to IndexedDB and automatically resumed on reconnection or page reload via TanStack Query's offlineFirst networkMode. Service worker caches images with CacheFirst strategy (500 entries, 7-day expiry) for offline reading.
* feat: offline support tier 2 — prefetch entry content and SW runtime cachingFuwn2026-02-092-7/+30
| | | | | | | Prefetch content_html for the first 10 timeline entries in the background so they are available offline without needing to click each one. Add NetworkFirst runtime caching in service worker for Supabase REST GET requests (24h expiry, 200 entry limit).
* feat: offline support tier 1 — IndexedDB query persistence and offline bannerFuwn2026-02-093-4/+66
| | | | | | Persist React Query cache to IndexedDB via idb-keyval so timeline, entry details, subscriptions, and other read data survive page reloads and brief offline periods. Add network status banner in reader layout.
* fix: add spacing between collapsible appearance settings sectionsFuwn2026-02-091-1/+1
|
* ui: group appearance settings into collapsible sectionsFuwn2026-02-091-197/+228
|
* ui: reorder sidebar footer, import/export tab, and subscription actionsFuwn2026-02-093-47/+47
|
* feat: add per-feed "hide from timeline" optionFuwn2026-02-093-1/+21
|
* fix: elevate to AAL2 before password/email change when MFA is enabledFuwn2026-02-091-2/+62
|
* fix: update marketing page copy and add missing pricing rowsFuwn2026-02-082-5/+17
| | | | | | Move highlight and sharing limits from feature cards to pricing table, reword keyboard shortcuts card to highlight mobile support, and correct real-time updates description.
* security: sanitize HTML in marketing demoFuwn2026-02-081-2/+3
| | | | | | Apply sanitizeEntryContent() to dangerouslySetInnerHTML in the interactive demo component. Content comes from the database and should be sanitized before rendering on the public marketing page.
* security: harden API routesFuwn2026-02-087-15/+75
| | | | | | | | | | | | | | | | - Add rate limiting to /api/share (30/min), /api/export (5/hr), /api/account/data (3/day) - Add client-side 30s throttle to forgot-password form - Remove immediate tier upgrade on plan change; let invoice.paid webhook handle tier promotion to prevent free upgrades on payment failure - Add SSRF validation to webhook URLs: block localhost, private IPs, link-local, and metadata endpoints - Log Stripe webhook signature verification errors instead of swallowing silently - Mask webhook secret in GET response (show first/last 4 chars only) - Add error logging to API key last_used_at update - Remove internal error message leaking from checkout session route
* feat: truncate action bar button labels on mobile portraitFuwn2026-02-081-2/+2
|
* fix: mobile scroll preservation, bottom toolbar for detail panelFuwn2026-02-082-66/+84
|
* feat: add toolbar position setting (top or bottom)Fuwn2026-02-082-82/+115
|
* feat: enforce tier-based history retention (14d free, 90d pro/dev)Fuwn2026-02-082-3/+3
| | | | | | Replace unlimited history claim with honest 90-day retention for paid tiers. Timeline and search RPCs now filter by tier-appropriate retention window.
* feat: add Umami analytics (production only)Fuwn2026-02-081-0/+8
|
* fix: toast notification z-index behind entry panelFuwn2026-02-081-0/+1
|
* feat: show tier-specific welcome message on subscription activationFuwn2026-02-081-1/+2
|
* fix: invoice.paid handler now retrieves subscription for correct tier resolutionFuwn2026-02-081-16/+13
|
* debug: add webhook signature verification loggingFuwn2026-02-081-1/+5
|
* feat: enable promotion codes on Stripe checkoutFuwn2026-02-081-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-17 13:11:39 +0000