summaryrefslogtreecommitdiff
path: root/apps/web
Commit message (Collapse)AuthorAgeFilesLines
...
* fix: mobile scroll preservation, bottom toolbar for detail panelFuwn2026-02-082-66/+84
|
* feat: add toolbar position setting (top or bottom)Fuwn2026-02-083-82/+123
|
* feat: enforce tier-based history retention (14d free, 90d pro/dev)Fuwn2026-02-082-3/+3
| | | | | | Replace unlimited history claim with honest 90-day retention for paid tiers. Timeline and search RPCs now filter by tier-appropriate retention window.
* feat: add Umami analytics (production only)Fuwn2026-02-082-2/+10
|
* fix: toast notification z-index behind entry panelFuwn2026-02-081-0/+1
|
* feat: show tier-specific welcome message on subscription activationFuwn2026-02-081-1/+2
|
* fix: invoice.paid handler now retrieves subscription for correct tier resolutionFuwn2026-02-081-16/+13
|
* debug: add webhook signature verification loggingFuwn2026-02-081-1/+5
|
* fix: exclude webhook route from auth middleware to prevent 405Fuwn2026-02-081-1/+1
|
* feat: enable promotion codes on Stripe checkoutFuwn2026-02-081-0/+1
|
* feat: add Vercel BotID protection and fix billing origin fallbackFuwn2026-02-0811-10/+67
| | | | | | | | | Set up BotID bot detection on sensitive API routes (share, billing, account, webhook-config). Adds client instrumentation, server-side checkBotId() guards, and withBotId next config wrapper. Also fix checkout/portal session routes to fall back to request origin when NEXT_PUBLIC_APP_URL is not set, and center SVG icon properly.
* feat: add support email to account settingsFuwn2026-02-081-0/+12
|
* feat: share with highlighted excerpt and fix auth redirect URLsFuwn2026-02-087-19/+199
| | | | | | | | | Add "share" button to text selection toolbar so users can share an entry with a highlighted passage visible to visitors. The public share page renders the highlight and scrolls to it on load. Also fix magic link and password reset redirects to use NEXT_PUBLIC_APP_URL instead of window.location.origin so emails link to the production domain.
* chore: gate Vercel analytics and speed insights to production onlyFuwn2026-02-081-2/+2
|
* fix: share clipboard write for Safari transient activationFuwn2026-02-082-36/+49
| | | | | | | - Use ClipboardItem with Promise to preserve user gesture context - Fall back to showing share URL in toast if clipboard is unavailable - Derive app origin from request URL when NEXT_PUBLIC_APP_URL is unset - Add onError handlers to share/unshare mutations
* feat: add feed management features and fix subscribe_to_feed bugsFuwn2026-02-085-47/+390
| | | | | | | | | | | | | - Fix subscribe_to_feed overload ambiguity by dropping old 4-param version - Fix vault permission error by using vault.create_secret instead of direct INSERT - Add duplicate subscription check with clear error message - Add unmute confirmation dialog matching unsubscribe pattern - Add feed button in subscriptions settings page - Add inline rename for feeds, folders, and custom feeds from reader header - Add drag and drop feeds between folders in sidebar - Add credential management UI (add/update) for pro/developer tier - Add add_feed_credentials RPC to convert public feeds to authenticated - Enable pgsodium extension for vault crypto operations
* feat: implement authenticated feed support across worker and web appFuwn2026-02-086-1/+66
| | | | | | | | | | Wire up the full authenticated feeds pipeline: - Worker resolves credentials from Supabase Vault for authenticated feeds - Worker sets owner_id on entries for per-user dedup - query_param auth now parses name=value format - Add-feed dialog shows auth type + credential fields for pro/developer - Subscribe mutation passes credentials to RPC - Sidebar and settings show [auth] indicator for authenticated feeds
* fix: clicking notifications button while panel is open now correctly ↵Fuwn2026-02-082-1/+4
| | | | dismisses it
* fix: notification count alignment — add flex to button so ml-auto pushes ↵Fuwn2026-02-081-1/+1
| | | | count to right edge
* feat: add feed URL editing in subscription settings, fix notification badge ↵Fuwn2026-02-084-4/+102
| | | | styling and HTML entity decoding
* feat: add option to show favicons next to feed names in entry listFuwn2026-02-083-0/+50
|
* feat: add appearance option to toggle folders above/below ungrouped feeds in ↵Fuwn2026-02-083-99/+134
| | | | sidebar
* feat: display folders above ungrouped feeds in sidebar, add ↵Fuwn2026-02-083-39/+107
| | | | delete-all-custom-feeds to danger zone
* fix: enforce same-origin on all service worker cache routesFuwn2026-02-071-8/+13
| | | | | | Wraps every defaultCache matcher to check sameOrigin first, preventing the SW from intercepting cross-origin requests (Google favicons, external images, fonts) which caused no-response errors on redirects.
* fix: use dynamic icon as favicon, center text with lineHeightFuwn2026-02-074-0/+3
| | | | | | Removed static favicon.ico so the dynamic icon.tsx generates the browser favicon. Added lineHeight: 1 to all icon routes for proper vertical centering.
* fix: service worker passes cross-origin requests through to networkFuwn2026-02-071-2/+8
| | | | | | Prevents no-response errors on redirected cross-origin fetches like Google favicon service by prepending a NetworkOnly rule for all non-same-origin requests.
* fix: move vercel.json into apps/web for monorepo install resolutionFuwn2026-02-071-0/+5
| | | | | Install command runs from repo root so pnpm can resolve workspace packages defined in pnpm-workspace.yaml.
* fix: space/shift+space scrolls focused panel, revert content font, fix share ↵Fuwn2026-02-076-60/+28
| | | | | | | | | modal text Space/Shift+Space now scrolls whichever panel is focused (entry list, detail panel, or sidebar) instead of only working in the detail panel. Removed content font setting. Fixed share modal placeholder casing and ellipsis spacing.
* feat: resolve 7 pre-ship QoL itemsFuwn2026-02-077-6/+140
| | | | | | | | | | | | | | | - Space/Shift+Space: page down/up in detail panel (80% scroll) - Content font: sans-serif/serif/monospace selector in appearance settings, applied to article content in detail panel - Accessibility: entry-list-item uses button instead of div, folder toggles have aria-expanded, shortcut keys have aria-labels - Share notes: replaced window.prompt with proper modal dialog matching existing UI patterns - Worker .env.example: template with all 10 environment variables - Worker poisoned messages: archive unprocessable queue messages instead of leaving them stuck forever - Worker pool Submit: check return value, reschedule dropped feeds 30s into the future, log warnings for rejected submissions
* fix: resolve 6 pre-ship audit bugsFuwn2026-02-077-25/+127
| | | | | | | | | | | | | | - Webhook entry identifier: use entry GUID instead of feed identifier - Optimistic rollback: add previousTimeline snapshot and onError handler to both useToggleEntryReadState and useToggleEntrySavedState - Rate limiter memory leak: delete Map entries when window expires, use else-if to avoid re-setting after delete - Entries API limit param: use Number.isFinite guard instead of falsy coercion that treats 0 as default - PWA manifest: add PNG raster icon routes (192x192, 512x512) for devices that don't support SVG icons - Billing webhook: throw on DB errors and return 500 so Stripe retries failed events instead of silently losing them
* security: remove unsafe-eval CSP, fix host header injection, harden API routesFuwn2026-02-075-16/+33
| | | | | | | | - Remove unsafe-eval from script-src CSP (not needed in production) - Replace Host/Origin header fallback with NEXT_PUBLIC_APP_URL in share and checkout routes to prevent host header injection - Add .catch() to request.json() in share POST and PATCH routes - Add rate limiting (3/min) to account deletion endpoint
* fix: dynamically calculate detail panel equal split from current layoutFuwn2026-02-071-4/+9
|
* fix: reset panel sizes without page reload, prevent partial-data max width ↵Fuwn2026-02-074-37/+74
| | | | | | | | | | | | clamping Use imperative groupRef API to resize panels instantly instead of writing to localStorage and calling window.location.reload(). Register reset callbacks in Zustand store from layout components. Change sidebarMaxWidth early return from && to || so the generous 35% fallback is used until both subscriptions and custom feeds have loaded, preventing intermittent clamping to minimum size.
* fix: reset sidebar to midpoint of min/max, detail to 50/50 splitFuwn2026-02-071-6/+32
| | | | | | Read current panel dimensions from DOM, compute sidebar midpoint as (192px + maxWidth) / 2, and detail as equal halves. Write computed values to localStorage before reload.
* fix: prevent sidebar max width from clamping persisted size on loadFuwn2026-02-071-0/+1
| | | | | | Return 35% max until subscriptions/feeds data loads. Previously the useMemo computed a small max from just nav items on first render, causing the library to clamp and overwrite the stored sidebar width.
* fix: persist sidebar size across collapse/expand cyclesFuwn2026-02-071-1/+1
| | | | | | When sidebar is collapsed, the Group fires onLayoutChanged with only main-content, overwriting the stored sidebar size. Pass undefined for onLayoutChanged when collapsed so the stored layout is preserved.
* fix: api key prefix rename, revoke fix, and webhook validationFuwn2026-02-075-16/+40
| | | | | | Rename API key prefix from asn_ to asa_, fix key revoke by aligning response property names with frontend interface, and add server/client validation to prevent enabling webhooks without a URL.
* feat: dynamically compute sidebar max width from item text widthsFuwn2026-02-071-2/+105
| | | | | | Measures all sidebar items (nav links, feeds, folders, custom feeds, footer) using Canvas measureText to determine the narrowest width that avoids truncation, then passes it as the Panel maxSize.
* fix: use fixed rem-based sidebar min/default with whitespace-nowrapFuwn2026-02-073-79/+7
| | | | | | | | The dynamic measurement approach failed because the library caches Panel constraints at mount and ignores state-driven prop updates. Now uses fixed rem values (12rem min, 16rem default) which scale with font size, plus whitespace-nowrap on all sidebar items to prevent text wrapping at any width.
* fix: measure text nodes in sidebar min width calculationFuwn2026-02-072-26/+23
| | | | | | querySelectorAll(':scope > *') misses bare text nodes like 'notifications' in the footer button. Now walks childNodes to handle mixed text node + element children correctly.
* fix: include sidebar footer items in min width measurementFuwn2026-02-071-19/+48
| | | | | | Notifications button text is wider than all entries. Now measures all nav items AND footer links/buttons, taking the widest row plus badge reserve as the sidebar minimum width.
* fix: use Canvas text measurement for sidebar min widthFuwn2026-02-071-8/+23
| | | | | | getBoundingClientRect on wrapped text returns the narrow wrapped width, not the single-line width. Canvas measureText is layout- independent and gives the true single-line intrinsic text width.
* fix: measure sidebar min width from children intrinsic widthsFuwn2026-02-071-2/+16
| | | | | | scrollWidth on a block flex element returns parent width, not content width. Now sums getBoundingClientRect().width of each child element (text span + unread badge) for a screen-independent measurement.
* feat: derive sidebar min/default width from measured contentFuwn2026-02-071-2/+19
| | | | | | Measures the first sidebar nav item (all entries + unread badge) after mount and uses its scrollWidth + padding as minSize. Default is 1.4x the minimum for comfortable reading of feed titles.
* fix: persist detail panel sizes with panelIds-keyed storageFuwn2026-02-072-1/+2
| | | | | Without panelIds, the single-panel state (no entry selected) was overwriting the two-panel layout on every navigation.
* feat: persist sidebar panel sizes across page refreshesFuwn2026-02-072-2/+15
| | | | | Wire useDefaultLayout to sidebar Group with localStorage storage. Update reset command to clear both sidebar and detail layout keys.
* fix: use string percentages for react-resizable-panels v4 size propsFuwn2026-02-072-45/+56
| | | | | v4 treats numeric size props as pixels, not percentages. defaultSize={20} was rendering as 20px (~1.9% of viewport).
* feat: pre-ship polish — UI improvements, keyboard shortcuts, appearance ↵Fuwn2026-02-0730-452/+1127
| | | | | | | | | | | | | | | | | | settings - Rename "muted keywords" to "muted phrases" throughout settings UI - Add header with navigation to auth pages (sign-in, sign-up, etc.) - Merge security tab (TOTP setup) into account settings tab - Fix TOTP name input truncation on Safari (w-64 → flex-1 min-w-0) - Add appearance settings: font size, time display format, entry images toggle, reading time toggle - Add keyboard shortcuts dialog (? key) with all keybindings documented - Add extended vim shortcuts: gg, G, n/N (next/prev unread), Ctrl+h/l (panel focus) - Add command palette shortcut (⌘K) to shortcuts dialog - Add icon URL fields for folders and custom feeds (DB + queries + settings UI) - Add data-has-unreads attribute for sidebar keyboard navigation - Fix SSR prerendering crash from Zustand persist and react-resizable-panels localStorage access - Add detail panel layout persistence via useDefaultLayout - Update marketing copy to advertise vim-like keyboard navigation
* style: lowercase all user-facing strings and add custom eslint ruleFuwn2026-02-0741-132/+402
| | | | | | | | Comprehensive sweep of all user-facing text to enforce lowercase convention, including acronyms (api, rest, http, opml, json, totp, mfa, qr, hmac). Added asa-lowercase/lowercase-strings eslint rule that reports uppercase in notify() calls, error messages, jsx text, and checked attributes (placeholder, alt, title).
* feat: asa.news RSS reader with developer tier, REST API, and webhooksFuwn2026-02-07134-0/+13435
Full-stack RSS reader SaaS: Supabase + Next.js + Go worker. Includes three subscription tiers (free/pro/developer), API key auth, read-only REST API, webhook push notifications, Stripe billing with proration, and PWA support.
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-26 03:03:49 +0000