null/BillTracker
null
/
BillTracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
BillTracker/routes
History
null 80b3bcc17b fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 
HIGH:
- Admin toggle-paid: removed cross-user admin branch, now requires ownership
- Analytics crash: imported missing standardizeError
- Export data loss: added cycle_type, cycle_day, bill_history_ranges to exports
- Single-user lockout: removed unnecessary sessions join from getSingleModeUser

MEDIUM:
- Password rate limiter: scoped to change-password only, not all profile routes
- Profile session invalidation: fixed req.sessionId → req.cookies[COOKIE_NAME]
- CSRF default: httpOnly now defaults to false (matches SPA double-submit pattern)
- CSRF password routes: removed csrfSkip for password change endpoints
- Notification due-day: calendar day comparison instead of timestamp floor
- Upcoming bills: clamped days to 1-365, default 30 for invalid input

FUTURE.md: marked all 10 items as FIXED, bumped version refs
HISTORY.md: added v0.24.0 entry
 		2026-05-10 15:25:47 -05:00
..
about.js push 2026-05-04 20:12:57 -05:00
aboutAdmin.js v0.20.1: code splitting, version badge on roadmap, roadmap nav link 2026-05-09 22:01:19 -05:00
admin.js v0.23.1: migration rollback capability 2026-05-10 10:44:39 -05:00
analytics.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
auth.js fix: remove duplicate login route (authLogin.js), consolidate into auth.js 2026-05-10 12:20:50 -05:00
authOidc.js initial commit 2026-05-03 19:51:57 -05:00
bills.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
calendar.js push 2026-05-09 13:03:36 -05:00
categories.js push 2026-05-09 13:03:36 -05:00
export.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
import.js push 2026-05-09 13:03:36 -05:00
monthly-starting-amounts.js push 2026-05-04 20:12:57 -05:00
notifications.js initial commit 2026-05-03 19:51:57 -05:00
payments.js v0.20.5: Bulk payment input validation 2026-05-09 23:41:28 -05:00
profile.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
settings.js fix: clear demo data button, seed user ID bug, duplicate endpoint (v0.23.4) 2026-05-10 15:11:02 -05:00
status.js initial commit 2026-05-03 19:51:57 -05:00
summary.js push 2026-05-04 20:12:57 -05:00
tracker.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
user.js push 2026-05-09 13:03:36 -05:00
version.js initial commit 2026-05-03 19:51:57 -05:00