null
|
653dd72e12
|
feat: TOTP 2FA for login & profile setup flow
|
2026-06-04 04:10:14 -05:00 |
null
|
71dfbe36cc
|
refactor: component splits, PWA support, CommandPalette
Component Splits:
- AdminPage.jsx: 1,906 -> 82 lines (logic moved to client/components/admin/ — 9 files)
- DataPage.jsx: 3,132 -> 60 lines (logic moved to client/components/data/ — 8 files)
- TrackerPage.jsx: 2,566 -> 2,132 lines (MonthlyStateDialog, StartingAmountsEditDialog, PaymentModal)
PWA:
- vite-plugin-pwa installed with NetworkFirst caching for API routes
- Square PWA icons (192x192, 512x512, apple-touch-icon)
- theme-color, apple meta tags, touch icon in index.html
- Build generates dist/sw.js + Workbox runtime
CommandPalette:
- Navigation commands, Add bill action, month jumps
- Grouped results with empty/filtered states
|
2026-05-28 20:53:22 -05:00 |
null
|
8cab248959
|
security fixes
|
2026-05-28 03:59:35 -05:00 |
null
|
9d933f70cc
|
v0.28.01
|
2026-05-16 20:26:09 -05:00 |
null
|
0ba315bd32
|
v0.28.0
|
2026-05-15 22:45:38 -05:00 |
null
|
2ce5328fd2
|
v0.25.0: roadmap redesign, import CSRF fix, AdminDashboard removed
- RoadmapPage: kanban-style priority lanes, shadcn Collapsible/Tabs,
lazy-loaded activity log, admin-only /api/about/roadmap + /dev-log endpoints
- Import CSRF fix: added x-csrf-token header to importAdminBackup,
previewSpreadsheetImport, previewUserDbImport raw fetch() calls
- Removed AdminDashboard.jsx, replaced by RoadmapPage
- Added @radix-ui/react-collapsible + collapsible shadcn component
- Security audit by Private_Hudson: PASS (CSRF fix verified,
admin endpoints gated, path traversal mitigated, XSS safe)
|
2026-05-11 21:42:36 -05:00 |
null
|
d67fe6e61d
|
v0.22.0: React Query Migration
- Added @tanstack/react-query and @tanstack/react-query-devtools
- Created useTracker, useBills, useCategories custom hooks (useQueries.js)
- Migrated TrackerPage from manual useState/useEffect to useQuery
- Added QueryClientProvider with 2min staleTime, 1 retry, refetchOnWindowFocus: false
- Added ReactQueryDevtools for development
- Fixed error handling: useRef pattern prevents duplicate toast notifications
- Replaced load() callback with refetch() from useQuery
- Hudson security audit: 4/5 PASS (1 FAIL fixed: error handling toast duplication)
|
2026-05-10 03:10:43 -05:00 |
null
|
6c7d481494
|
feat: add admin about page with security hardening
- Add /api/about-admin endpoint (admin-only, path traversal protection, content redaction, error sanitization)
- Add /admin/about route with RequireAuth admin guard
- Add adminActionLimiter rate limiting on about-admin endpoint
- Add rehype-sanitize XSS prevention in AboutPage.jsx
- Add aboutAdmin API client endpoint
- Create HISTORY.md with version bump convention (patch/minor/major)
- Update Engineering Reference Manual with about-admin docs and security measures
- Add INIT_REGULAR_USER/INIT_REGULAR_PASS env vars to docs
- Update FUTURE.md with critical regular user env var item
|
2026-05-09 16:25:12 -05:00 |
kaspa
|
4d1709aea3
|
push
|
2026-05-09 13:03:36 -05:00 |
_null
|
3228332e8c
|
push
|
2026-05-04 23:34:24 -05:00 |
_null
|
d1efeece04
|
push
|
2026-05-04 20:12:57 -05:00 |
_null
|
969139251d
|
calendar
|
2026-05-04 13:14:32 -05:00 |
_null
|
b9d1366d46
|
initial commit
|
2026-05-03 19:51:57 -05:00 |