null
|
b8b2cc68c4
|
security: fix webhook signature fail-open (now throws 500 on missing key), fix overly restrictive couple update rules
|
2026-06-16 22:11:51 -05:00 |
null
|
403a8c02e2
|
security: neutral push notification wording — no question text, categories, streak pressure, or relationship context on lock screen
|
2026-06-16 21:57:07 -05:00 |
null
|
b6e7a3e9cf
|
security: add express-rate-limit — webhook 10/min, health 30/min, default 60/min, configurable via env, localhost skip
|
2026-06-16 21:56:32 -05:00 |
null
|
ae1087b0aa
|
security: add RevenueCat Ed25519 signature verification, product ID allowlist, expiration storage, verifyPremiumActive helper, raw body capture, complete event types
|
2026-06-16 21:53:53 -05:00 |
null
|
bd1ea5cecd
|
security: fix invite rules missing-doc bypass, webhook timing attack, entitlement replay protection and entitlement_id check
|
2026-06-16 21:45:04 -05:00 |
null
|
f45f8dd114
|
security: fail-closed webhook auth, constant-time secret comparison, centralized env validation
|
2026-06-16 21:37:57 -05:00 |
null
|
bee617c493
|
chore(server): add Node.js backend with auth, questions, answers + update gitignore
|
2026-06-16 01:17:58 -05:00 |