Mobile-BillTracker/nodejs-assets/nodejs-project
null c1523ece1a feat(mobile): shared api/config layer, server-mode CSRF fix, robustness + update-safe DB (batch 10)
Unify the native shell and harden it:

- src/config.ts: single source for local host/port, preference keys, secure-storage
  key, timeouts, and CSRF constants (dedupes LOCAL_URL etc. across App/LoadingScreen).
- src/api.ts: one HTTP client — credentials mode, AbortController timeouts, and error
  normalization into user-facing messages (network/timeout/401/403/429/5xx), with typed
  auth responses.
- Batch 10 CSRF fix: /api/auth/totp/challenge is not CSRF-exempt, so the native TOTP
  step now fetches GET /api/auth/csrf-token and echoes it as x-csrf-token (mirrors the
  web client); TOTP login no longer breaks for 2FA users.
- Error-handling / boot robustness: LoadingScreen gets a health-poll timeout and
  surfaces main.js's {type:'serverError'} channel messages instead of spinning forever;
  App.tsx bootstrap and the encryption-key fetch now .catch to a visible state; crypto.ts
  reports secure-storage failures.
- Data safety: move the SQLite DB, backups, and tmp OUT of nodejs-project into the app's
  filesDir (bt-data). nodejs-mobile re-copies nodejs-project on every app update, which was
  silently wiping local-mode data. Verified on the emulator: create data -> bump versionCode
  -> reinstall -> migrations skipped, no re-seed, data persists.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-11 10:48:23 -05:00
..
prebuilds feat(mobile): run the TypeScript backend on Node 18 in local mode (batch 7-9) 2026-07-11 09:42:53 -05:00
main.js feat(mobile): shared api/config layer, server-mode CSRF fix, robustness + update-safe DB (batch 10) 2026-07-11 10:48:23 -05:00
package-lock.json feat(mobile): run the TypeScript backend on Node 18 in local mode (batch 7-9) 2026-07-11 09:42:53 -05:00
package.json feat(mobile): run the TypeScript backend on Node 18 in local mode (batch 7-9) 2026-07-11 09:42:53 -05:00