null
|
e7b45cc84f
|
fix: profile photo temp dir, Firestore rules field-level lockdown (batch v0.2.10)
- Move temp profile photos to filesDir/photos/ subdirectory with mkdirs
- Update file_paths.xml to scope FileProvider to photos/ subdirectory
- Firestore rules: restrict couple doc updates to only mutable fields (streakCount, lastAnsweredAt, wrappedCoupleKey, kdfSalt, kdfParams, encryptionVersion) — prevents client from overwriting currentQuestionId, activePackId, id
|
2026-06-19 20:33:08 -05:00 |
null
|
30fddcc2df
|
feat: E2EE — Tink AEAD, Argon2id KDF, recovery phrase, encrypted Firestore fields (batch v0.2.6)
- Add crypto module: CoupleKeyStore (EncryptedSharedPreferences), RecoveryKeyManager (Argon2id + AES-256-GCM key wrap), FieldEncryptor (AEAD per-field), CoupleEncryptionManager (orchestration)
- Add Tink + Bouncy Castle dependencies to build.gradle.kts, register AeadConfig in CloserApp
- Encrypt answer fields (writtenText, selectedOptionIds, scaleValue) on write, decrypt on read
- Encrypt DesireSync, HowWell, WheelAnswer, QuestionThread fields via CoupleEncryptionManager
- Generate recovery phrase during invite creation, display in CreateInviteScreen
- Add recovery phrase input to InviteConfirmScreen for encrypted invites
- Add RecoveryScreen + RecoveryViewModel for post-pairing key recovery
- Update Couple model with encryptionVersion, wrappedCoupleKey, kdfSalt, kdfParams
- Update Firestore rules: allow couple doc creation by members, fcmTokens path, encryptionVersion monotonic check, invite doc extended fields
|
2026-06-19 19:52:35 -05:00 |
null
|
9e587a23dd
|
feat: update question thread data source, repository, ViewModel, and Firestore security rules
|
2026-06-19 03:19:58 -05:00 |
null
|
eaac8ffcc9
|
feat: couple-scoped daily question, answer sync, partner notifications, and answer review
|
2026-06-18 00:18:05 -05:00 |
null
|
d86a5de2a0
|
fix: deny client access to entitlement_events collection
|
2026-06-17 19:42:41 -05:00 |
null
|
19c6b4a6cb
|
fix: real uid in bucket list, Firestore rules hardening for date plans & bucket list
|
2026-06-17 19:41:27 -05:00 |
null
|
b049024ba9
|
feat: update date_plan_preferences Firestore rules to use auto-IDs
|
2026-06-17 19:12:14 -05:00 |
null
|
2b1238a64c
|
feat: add Firestore rules for entitlements and notification_queue collections
|
2026-06-17 19:10:45 -05:00 |
null
|
557af3e546
|
feat(dates): add Date Builder + Bucket List — backend models, Room DAOs, Firestore sources, repositories, UI screens, ViewModels, navigation routes, Firestore rules
|
2026-06-17 00:05:46 -05:00 |
null
|
512a6c9f42
|
feat(dates): add Date Match MVP Phase 1 — swipe UI, Firestore models, 30+ seed ideas, match reveal
|
2026-06-16 23:30:58 -05:00 |
null
|
a412247bf3
|
security: kimi-k2.7 review fixes — Ed25519 crypto API, Firestore rules try/catch removal, atomic idempotency, RevenueCat 8.20.0, rate limiter fix, remove plaintext fallback, tighten push wording
|
2026-06-16 22:42:53 -05:00 |
null
|
b8b2cc68c4
|
security: fix webhook signature fail-open (now throws 500 on missing key), fix overly restrictive couple update rules
|
2026-06-16 22:11:51 -05:00 |
null
|
c28ce9c58d
|
security: restrict couple-level Firestore writes — immutable fields, owner-only messages/reactions, server-only deletes, valid state transitions
|
2026-06-16 21:46:56 -05:00 |
null
|
bd1ea5cecd
|
security: fix invite rules missing-doc bypass, webhook timing attack, entitlement replay protection and entitlement_id check
|
2026-06-16 21:45:04 -05:00 |
null
|
afeb1a1a03
|
docs: add README, add proguard rules, Firestore entitlement checker, network security config, update build config and onboarding
|
2026-06-16 20:16:47 -05:00 |
null
|
e42de938e7
|
fix: update Invite model, backup rules, and Firestore security rules
|
2026-06-16 19:44:28 -05:00 |
null
|
1a33d4f2b9
|
feat(analytics): Firebase Analytics, Crashlytics, ObservabilityModule, Firestore rules
|
2026-06-16 01:13:20 -05:00 |