summaryrefslogtreecommitdiff
path: root/app/routes
AgeCommit message (Collapse)AuthorLines
2026-06-19Require Bearer token auth on POST /api/postsyyamashita-0/+6
Reuses REGISTER_TOKEN so the same secret covers both passkey registration and API posting. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Require REGISTER_TOKEN to create a passkeyyyamashita-26/+42
Prevents anyone who finds /auth/register from registering. Token is set via REGISTER_TOKEN env var on the server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Add white theme, post delete, and passkey authenticationyyamashita-35/+376
- Rewrite CSS to light/white theme - Add delete button (auth-gated) with confirm dialog - Add passkey register/login/logout routes via @simplewebauthn - Gate compose form and delete behind session authentication - Add credentials table to SQLite schema - Add SESSION_SECRET and WebAuthn env vars to docker-compose Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Clear form textarea after successful post submissionyyamashita-1/+12
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Initial implementation of microblogyyamashita-0/+129
Markdown-based personal microblog with REST API. XSS protection via sanitize-html on server-side markdown rendering. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>