asa.news - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	fix: prevent read entries from reverting to unread on re-fetch	Fuwn	2026-02-12	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Root cause: cleanup_stale_entries deleted read-but-unsaved entries from active feeds, then the Go worker re-inserted them with new UUIDs, orphaning the user_entry_states rows and making entries appear unread. - cleanup_stale_entries: skip feeds with active subscribers and preserve entries that have been read (not just saved) - Go parser: normalize GUIDs by trimming whitespace and stripping tracking query parameters from URL-based identifiers - Go writer: preserve original published_at on upsert instead of overwriting, preventing old entries from jumping to timeline top - get_unread_counts: apply same time boundary as get_timeline so ancient re-inserted entries don't inflate counts - Realtime listener: ignore INSERT events for entries older than 48h to suppress misleading "new entries" notifications from re-inserts
*	fix: harden CI and close remaining test/security gaps	Fuwn	2026-02-10	3	-0/+373
\| \| \| \| \| \| \| \| \|	- Make webhook URL tests deterministic with injectable DNS resolver - Wire tier parity checker into CI and root scripts - Add rate_limits cleanup cron job (hourly, >1hr retention) - Change rate limiter to fail closed on RPC error - Add Go worker tests: parser, SSRF protection, error classification, authentication, and worker pool (48 test functions)
*	format(worker): Apply Iku formatting	Fuwn	2026-02-09	2	-1/+3
\|
*	security: harden Go worker	Fuwn	2026-02-08	2	-2/+35
\| \| \| \| \| \| \| \| \| \| \| \|	- Fix SSRF TOCTOU: add custom dialer that resolves DNS and validates IPs at connection time, preventing DNS rebinding attacks - Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1) in SSRF protection by normalizing to IPv4 before checking reserved ranges - Sanitize feed error messages before storing: strip credentials from URLs and truncate to 500 chars - Remove unused EncryptionKey from configuration - Add stack trace logging to worker panic recovery for debugging - Run go fmt
*	feat: implement authenticated feed support across worker and web app	Fuwn	2026-02-08	1	-1/+8
\| \| \| \| \| \| \| \| \| \|	Wire up the full authenticated feeds pipeline: - Worker resolves credentials from Supabase Vault for authenticated feeds - Worker sets owner_id on entries for per-user dedup - query_param auth now parses name=value format - Add-feed dialog shows auth type + credential fields for pro/developer - Subscribe mutation passes credentials to RPC - Sidebar and settings show [auth] indicator for authenticated feeds
*	style: format Go worker with iku	Fuwn	2026-02-07	2	-0/+7
\|
*	feat: asa.news RSS reader with developer tier, REST API, and webhooks	Fuwn	2026-02-07	4	-0/+381
	Full-stack RSS reader SaaS: Supabase + Next.js + Go worker. Includes three subscription tiers (free/pro/developer), API key auth, read-only REST API, webhook push notifications, Stripe billing with proration, and PWA support.