Commit Graph

9 Commits

Author SHA1 Message Date
null 1f777e827d feat: add onMessageWritten cloud function, notification settings screen, user repo cleanup 2026-06-20 18:25:05 -05:00
null a412247bf3 security: kimi-k2.7 review fixes — Ed25519 crypto API, Firestore rules try/catch removal, atomic idempotency, RevenueCat 8.20.0, rate limiter fix, remove plaintext fallback, tighten push wording 2026-06-16 22:42:53 -05:00
null b8b2cc68c4 security: fix webhook signature fail-open (now throws 500 on missing key), fix overly restrictive couple update rules 2026-06-16 22:11:51 -05:00
null 403a8c02e2 security: neutral push notification wording — no question text, categories, streak pressure, or relationship context on lock screen 2026-06-16 21:57:07 -05:00
null b6e7a3e9cf security: add express-rate-limit — webhook 10/min, health 30/min, default 60/min, configurable via env, localhost skip 2026-06-16 21:56:32 -05:00
null ae1087b0aa security: add RevenueCat Ed25519 signature verification, product ID allowlist, expiration storage, verifyPremiumActive helper, raw body capture, complete event types 2026-06-16 21:53:53 -05:00
null bd1ea5cecd security: fix invite rules missing-doc bypass, webhook timing attack, entitlement replay protection and entitlement_id check 2026-06-16 21:45:04 -05:00
null f45f8dd114 security: fail-closed webhook auth, constant-time secret comparison, centralized env validation 2026-06-16 21:37:57 -05:00
null bee617c493 chore(server): add Node.js backend with auth, questions, answers + update gitignore 2026-06-16 01:17:58 -05:00