Commit Graph

9 Commits

Author SHA1 Message Date
null 135bd98c6a refactor(server): migrate middleware, workers, and db layer to TypeScript (.cts)
- middleware/ (5): requireAuth, securityHeaders, errorFormatter, csrf,
  rateLimiter — fully typed against the shared http Req/Res/Next types.
- workers/dailyWorker — fully typed.
- db/ (4): database, subscriptionCatalogSeed, migrations/versionedMigrations,
  migrations/legacyReconcileMigrations — large dynamic schema/migration infra,
  converted with @ts-nocheck (typing deferred). All requires updated to .cts.

Behavior-preserving. Verified: typecheck:server 0, check:server 0, suite 226/226.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 11:34:08 -05:00
null 6746d42380 refactor(server): migrate 5 more services to TypeScript (.cts)
webauthnService, cleanupService, backupService, bankSyncService, authService.

Behavior-preserving. Verified: typecheck:server 0, check:server 0, suite 226/226.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 11:06:05 -05:00
null a6b2e8bb87 fix: login mode card update, OIDC service improvements, auth middleware refinements 2026-06-04 03:53:38 -05:00
null d720931894 v0.27.02 push 2026-05-14 21:00:07 -05:00
null 80b3bcc17b fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0)
HIGH:
- Admin toggle-paid: removed cross-user admin branch, now requires ownership
- Analytics crash: imported missing standardizeError
- Export data loss: added cycle_type, cycle_day, bill_history_ranges to exports
- Single-user lockout: removed unnecessary sessions join from getSingleModeUser

MEDIUM:
- Password rate limiter: scoped to change-password only, not all profile routes
- Profile session invalidation: fixed req.sessionId → req.cookies[COOKIE_NAME]
- CSRF default: httpOnly now defaults to false (matches SPA double-submit pattern)
- CSRF password routes: removed csrfSkip for password change endpoints
- Notification due-day: calendar day comparison instead of timestamp floor
- Upcoming bills: clamped days to 1-365, default 30 for invalid input

FUTURE.md: marked all 10 items as FIXED, bumped version refs
HISTORY.md: added v0.24.0 entry
2026-05-10 15:25:47 -05:00
kaspa 4d1709aea3 push 2026-05-09 13:03:36 -05:00
_null 3228332e8c push 2026-05-04 23:34:24 -05:00
_null 734e190884 corrected admin view 2026-05-03 20:40:48 -05:00
_null b9d1366d46 initial commit 2026-05-03 19:51:57 -05:00