due.moe - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	fix(security): mark auth cookies Secure outside localhost	Fuwn	24 hours	1	-1/+0
\| \| \| \| \| \| \| \| \| \|	The user and logout cookies were set with secure:false, so the AniList tokens the user cookie carries could traverse plaintext HTTP. Drop the override and let SvelteKit's default apply (Secure everywhere except http://localhost), giving Secure in production and on https://due.localhost while keeping plain-http local dev working. httpOnly is unchanged (the client reads the token from layout data; tightening that is tracked separately as the architectural part of C2).
*	style: apply biome autofixes and resolve remaining lint findings	Fuwn	4 days	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Auto-fixed cosmetic findings (import ordering, obj["k"]->obj.k, optional chaining, template literals, Date.now, parseInt radix, useless ternaries/ switch cases). Resolved the non-autofixable rest by hand: - Senpy: static-only class -> object literal (no this/static reliance). - app.html: var global shim -> window.global = window (keeps the shim, drops the unused-var flag). - biome-ignore with rationale for the logout document.cookie clear and the holodule scrape non-null assertion. Verified: biome check 0 diagnostics, svelte-check 0/0, 24/24 unit tests.
*	chore(biome): drop formatter style overrides	Fuwn	2026-03-01	1	-11/+11
\|
*	deps(sveltekit): Migrate to SvelteKit 2	Fuwn	2026-01-22	1	-1/+1
\|
*	fix: Throw redirects	Fuwn	2025-12-01	1	-1/+1
\|
*	deps(SvelteKit): Migrate to SvelteKit 2	Fuwn	2025-06-09	1	-1/+1
\|
*	chore(prettier): use spaces instead of tabs	Fuwn	2024-10-09	1	-9/+9
\|
*	feat: stronger logout	Fuwn	2024-02-06	1	-1/+9
\|
*	feat(api): nest routes	Fuwn	2023-12-14	1	-0/+7
\|
*	refactor(auth): move to single path	Fuwn	2023-09-13	1	-7/+0
\|
*	refactor(auth): move to api	Fuwn	2023-09-13	1	-0/+7