summaryrefslogtreecommitdiff
path: root/app
AgeCommit message (Collapse)AuthorLines
2026-06-19Fix passkey registration: fixed userID + surface actual error messageyyamashita-6/+14
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Separate API_TOKEN from REGISTER_TOKENyyamashita-1/+1
REGISTER_TOKEN: passkey registration only API_TOKEN: POST /api/posts authentication Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Require Bearer token auth on POST /api/postsyyamashita-0/+6
Reuses REGISTER_TOKEN so the same secret covers both passkey registration and API posting. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Require REGISTER_TOKEN to create a passkeyyyamashita-26/+42
Prevents anyone who finds /auth/register from registering. Token is set via REGISTER_TOKEN env var on the server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Add white theme, post delete, and passkey authenticationyyamashita-76/+575
- Rewrite CSS to light/white theme - Add delete button (auth-gated) with confirm dialog - Add passkey register/login/logout routes via @simplewebauthn - Gate compose form and delete behind session authentication - Add credentials table to SQLite schema - Add SESSION_SECRET and WebAuthn env vars to docker-compose Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Clear form textarea after successful post submissionyyamashita-1/+12
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Initial implementation of microblogyyamashita-0/+414
Markdown-based personal microblog with REST API. XSS protection via sanitize-html on server-side markdown rendering. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>