| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | fix(api): gate badge click-count on Origin and fix 401 response reuse | Fuwn | 2026-04-18 | 1 | -9/+11 |
| | | | | | | | | | | | | | | The PUT ?incrementClickCount path ran before any auth guard, letting unauthenticated callers spam-increment arbitrary badges. Require the request Origin to match appOrigin() so legitimate in-browser clicks (authenticated or not) still count while direct scripted calls are rejected. Also convert the shared `unauthorised` Response singleton into a factory. The singleton's body was consumed on first use, so subsequent 401 paths returned a `Response body is locked` error instead of the intended "Unauthorised" body. | ||||
| * | fix(api): encode subsplease timezone to prevent query-param injection | Fuwn | 2026-04-18 | 1 | -5/+6 |
| | | | | | | | | The `tz` query value was interpolated raw into the upstream URL, letting callers append arbitrary query segments (e.g. `tz=foo&f=hax`). Wrap the value in encodeURIComponent and rename the local variable away from the banned `tz` abbreviation. | ||||
| * | fix(auth): ignore malformed user cookies | Fuwn | 2026-03-28 | 6 | -24/+54 |
| | | |||||
| * | fix(api): keep preferences publicly readable | Fuwn | 2026-03-27 | 1 | -4/+1 |
| | | |||||
| * | refactor(supabase): move app access to service role | Fuwn | 2026-03-27 | 2 | -40/+56 |
| | | |||||
| * | refactor: centralise site origin usage | Fuwn | 2026-03-22 | 10 | -55/+37 |
| | | |||||
| * | refactor(effect): add request body schema decoders to api routes | Fuwn | 2026-03-03 | 4 | -5/+36 |
| | | |||||
| * | refactor(effect): migrate api auth cookie decoding | Fuwn | 2026-03-03 | 4 | -57/+18 |
| | | |||||
| * | refactor(effect): migrate core auth decode boundaries | Fuwn | 2026-03-03 | 2 | -18/+6 |
| | | |||||
| * | chore(biome): drop formatter style overrides | Fuwn | 2026-03-01 | 21 | -530/+563 |
| | | |||||
| * | chore(biome): re-enable noDoubleEquals rule | Fuwn | 2026-03-01 | 1 | -1/+1 |
| | | |||||
| * | deps(sveltekit): Migrate to SvelteKit 2 | Fuwn | 2026-01-22 | 2 | -2/+2 |
| | | |||||
| * | fix(api:birthdays): Update HTML parser for primary source | Fuwn | 2025-12-07 | 1 | -3/+3 |
| | | |||||
| * | fix: Throw redirects | Fuwn | 2025-12-01 | 2 | -2/+2 |
| | | |||||
| * | deps(SvelteKit): Migrate to SvelteKit 2 | Fuwn | 2025-06-09 | 2 | -2/+2 |
| | | |||||
| * | fix(birthdays): Send cookie to bypass bot detection | Fuwn | 2025-04-27 | 1 | -1/+4 |
| | | |||||
| * | fix(wrapped): li::marker consistent colouring | Fuwn | 2024-12-24 | 1 | -3/+3 |
| | | |||||
| * | refactor(authorised): move authorised user functionality to module | Fuwn | 2024-11-18 | 1 | -5/+5 |
| | | |||||
| * | chore(prettier): use spaces instead of tabs | Fuwn | 2024-10-09 | 19 | -356/+356 |
| | | |||||
| * | feat(badges): move badge operations to graphql | Fuwn | 2024-10-06 | 1 | -129/+128 |
| | | |||||
| * | feat(notifications): fingerprint for multiple grants | Fuwn | 2024-08-24 | 2 | -6/+8 |
| | | |||||
| * | refactor(Data): rename database references | Fuwn | 2024-08-24 | 9 | -9/+9 |
| | | |||||
| * | refactor(Database): move Supabase user modules to User module | Fuwn | 2024-07-25 | 6 | -6/+6 |
| | | |||||
| * | refactor(Database): separate providers | Fuwn | 2024-07-25 | 9 | -9/+9 |
| | | |||||
| * | feat(notifications): allow unsubscribe | Fuwn | 2024-07-25 | 1 | -0/+26 |
| | | |||||
| * | refactor(trigger): v2 -> v3 | Fuwn | 2024-07-24 | 1 | -8/+0 |
| | | |||||
| * | feat: background notifications | Fuwn | 2024-07-24 | 2 | -0/+34 |
| | | |||||
| * | refactor(Birthday): rename modules | Fuwn | 2024-07-22 | 2 | -0/+0 |
| | | |||||
| * | feat(badges): click counter for badges | Fuwn | 2024-05-27 | 1 | -1/+8 |
| | | |||||
| * | fix(match): delayed and subtitled time compatibility | Fuwn | 2024-05-24 | 1 | -121/+122 |
| | | |||||
| * | fix(badges): shadow hide refresh | Fuwn | 2024-05-21 | 1 | -1/+1 |
| | | |||||
| * | fix(badges): use correct id when hiding | Fuwn | 2024-05-21 | 1 | -1/+1 |
| | | |||||
| * | feat(badges): individual badges shadow hiding | Fuwn | 2024-05-20 | 1 | -111/+121 |
| | | |||||
| * | feat(badges): use array for pinned categories | Fuwn | 2024-05-05 | 1 | -7/+4 |
| | | |||||
| * | feat(user): drag and drop pinned categories | Fuwn | 2024-05-05 | 1 | -1/+12 |
| | | |||||
| * | feat(user): pinned category ui | Fuwn | 2024-05-04 | 1 | -1/+12 |
| | | |||||
| * | feat(badges): allow awc badges hiding | Fuwn | 2024-04-28 | 1 | -1/+9 |
| | | |||||
| * | fix(badges): shadow hide authorisation toggle | Fuwn | 2024-04-19 | 1 | -1/+1 |
| | | |||||
| * | fix(badges): hide shadow hidden badges | Fuwn | 2024-04-19 | 1 | -1/+1 |
| | | |||||
| * | feat(badges): admin shadow hide | Fuwn | 2024-04-19 | 1 | -1/+9 |
| | | |||||
| * | fix(badges): empty fields | Fuwn | 2024-04-15 | 1 | -5/+5 |
| | | |||||
| * | feat(badges): source and designer fields | Fuwn | 2024-04-15 | 1 | -1/+3 |
| | | |||||
| * | feat(badges): hide category button | Fuwn | 2024-04-14 | 1 | -0/+26 |
| | | |||||
| * | feat(badges): badge hiding | Fuwn | 2024-04-13 | 1 | -3/+4 |
| | | |||||
| * | feat(user): biography option | Fuwn | 2024-04-13 | 1 | -5/+15 |
| | | |||||
| * | feat(badges): custom css | Fuwn | 2024-04-02 | 1 | -3/+28 |
| | | |||||
| * | feat(badges): migrate category mode | Fuwn | 2024-03-01 | 1 | -1/+10 |
| | | |||||
| * | fix(preferences): add preferences when not set | Fuwn | 2024-02-18 | 1 | -31/+0 |
| | | |||||
| * | fix(badges): return empty preferences | Fuwn | 2024-02-18 | 1 | -2/+5 |
| | | |||||
| * | feat(badges): optionally hide missing badges | Fuwn | 2024-02-17 | 2 | -1/+48 |
| | | |||||