aboutsummaryrefslogtreecommitdiff
path: root/src/routes/api/badges/+server.ts
Commit message (Collapse)AuthorAgeFilesLines
* fix(api): await setShadowHidden in badges PUTFuwn2026-04-181-1/+4
| | | | | | | setShadowHidden is async and hits Supabase. The PUT handler called it without await, so the handler could respond before the database write landed (and any error was silently lost). Add the missing await so the response only goes out after the update settles.
* fix(api): gate badge click-count on Origin and fix 401 response reuseFuwn2026-04-181-9/+11
| | | | | | | | | | | | | The PUT ?incrementClickCount path ran before any auth guard, letting unauthenticated callers spam-increment arbitrary badges. Require the request Origin to match appOrigin() so legitimate in-browser clicks (authenticated or not) still count while direct scripted calls are rejected. Also convert the shared `unauthorised` Response singleton into a factory. The singleton's body was consumed on first use, so subsequent 401 paths returned a `Response body is locked` error instead of the intended "Unauthorised" body.
* fix(auth): ignore malformed user cookiesFuwn2026-03-281-6/+16
|
* refactor: centralise site origin usageFuwn2026-03-221-3/+2
|
* refactor(effect): add request body schema decoders to api routesFuwn2026-03-031-2/+12
|
* refactor(effect): migrate api auth cookie decodingFuwn2026-03-031-14/+5
|
* chore(biome): drop formatter style overridesFuwn2026-03-011-133/+148
|
* chore(biome): re-enable noDoubleEquals ruleFuwn2026-03-011-1/+1
|
* fix(wrapped): li::marker consistent colouringFuwn2024-12-241-3/+3
|
* refactor(authorised): move authorised user functionality to moduleFuwn2024-11-181-5/+5
|
* chore(prettier): use spaces instead of tabsFuwn2024-10-091-3/+3
|
* feat(badges): move badge operations to graphqlFuwn2024-10-061-129/+128
|
* refactor(Data): rename database referencesFuwn2024-08-241-1/+1
|
* refactor(Database): move Supabase user modules to User moduleFuwn2024-07-251-1/+1
|
* refactor(Database): separate providersFuwn2024-07-251-1/+1
|
* feat(badges): click counter for badgesFuwn2024-05-271-1/+8
|
* fix(match): delayed and subtitled time compatibilityFuwn2024-05-241-121/+122
|
* fix(badges): shadow hide refreshFuwn2024-05-211-1/+1
|
* fix(badges): use correct id when hidingFuwn2024-05-211-1/+1
|
* feat(badges): individual badges shadow hidingFuwn2024-05-201-111/+121
|
* fix(badges): shadow hide authorisation toggleFuwn2024-04-191-1/+1
|
* fix(badges): hide shadow hidden badgesFuwn2024-04-191-1/+1
|
* feat(badges): admin shadow hideFuwn2024-04-191-1/+9
|
* fix(badges): empty fieldsFuwn2024-04-151-5/+5
|
* feat(badges): source and designer fieldsFuwn2024-04-151-1/+3
|
* feat(badges): hide category buttonFuwn2024-04-141-0/+26
|
* feat(badges): badge hidingFuwn2024-04-131-3/+4
|
* feat(badges): migrate category modeFuwn2024-03-011-1/+10
|
* refactor(database): rename badgesFuwn2024-02-111-3/+3
|
* refactor(anilist): move to data moduleFuwn2024-02-081-1/+1
|
* feat(badges): delete allFuwn2024-02-051-2/+11
|
* fix(badges): batch import single identityFuwn2024-02-041-2/+11
|
* fix(badges): await badgesFuwn2024-02-021-3/+3
|
* feat(api): corsFuwn2024-01-061-1/+6
|
* style(badges): simplifyFuwn2024-01-041-23/+18
|
* feat(badges): put returns badgesFuwn2024-01-031-1/+1
|
* feat(badges): return on deleteFuwn2024-01-031-1/+1
|
* fix(badges): id as numberFuwn2024-01-031-1/+1
|
* ci: move to vercelFuwn2024-01-031-5/+7
|
* feat(badges): categoriesFuwn2024-01-021-27/+4
|
* feat(badges): update and delete uiFuwn2024-01-021-2/+38
|
* feat(badges): manual time setFuwn2023-12-301-1/+2
|
* style(src): remove .js extension from importsFuwn2023-12-241-1/+1
|
* refactor(database): move badges into moduleFuwn2023-12-241-3/+3
|
* refactor(badges): use http methodsFuwn2023-10-291-0/+52
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 03:08:47 +0000