null/BillTracker
null
/
BillTracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
BillTracker/middleware
History
null 80b3bcc17b fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 
HIGH:
- Admin toggle-paid: removed cross-user admin branch, now requires ownership
- Analytics crash: imported missing standardizeError
- Export data loss: added cycle_type, cycle_day, bill_history_ranges to exports
- Single-user lockout: removed unnecessary sessions join from getSingleModeUser

MEDIUM:
- Password rate limiter: scoped to change-password only, not all profile routes
- Profile session invalidation: fixed req.sessionId → req.cookies[COOKIE_NAME]
- CSRF default: httpOnly now defaults to false (matches SPA double-submit pattern)
- CSRF password routes: removed csrfSkip for password change endpoints
- Notification due-day: calendar day comparison instead of timestamp floor
- Upcoming bills: clamped days to 1-365, default 30 for invalid input

FUTURE.md: marked all 10 items as FIXED, bumped version refs
HISTORY.md: added v0.24.0 entry
 		2026-05-10 15:25:47 -05:00
..
csrf.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
errorFormatter.js push 2026-05-09 13:03:36 -05:00
rateLimiter.js push 2026-05-09 13:03:36 -05:00
requireAuth.js fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0) 2026-05-10 15:25:47 -05:00
securityHeaders.js push 2026-05-09 13:03:36 -05:00