summaryrefslogtreecommitdiff
path: root/app
AgeCommit message (Collapse)AuthorLines
2026-06-20Move passkey login inline to home page, remove /auth/login routeHEADmasteryyamashita-113/+83
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Remove debug code from passkey registration pageyyamashita-22/+5
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Fix TypeError: remove erroneous b64urlToBuffer call on user objectyyamashita-1/+0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Fix: move passkey API to dedicated route without React componentyyamashita-174/+200
React Router v7 treats POST to routes with a default export as document requests and returns HTML instead of the action's JSON response. Moving the API logic to an action-only route (/api/passkey) fixes this. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Debug: show raw response body to diagnose json() failureyyamashita-4/+10
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Debug: force render between steps, remove rp.id from native optionsyyamashita-10/+8
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Add step-by-step debug display to passkey registrationyyamashita-5/+15
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Bypass @simplewebauthn/browser: call WebAuthn API directlyyyamashita-8/+56
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Debug passkey: send minimal options to isolate iOS SyntaxErroryyamashita-7/+12
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Strip extensions + filter algs for iOS Safari compatibilityyyamashita-3/+7
- Remove extensions.credProps (WebAuthn L2, causes TypeError on older iOS) - Remove alg:-8 (Ed25519, not universally supported) - Show error name in UI for easier debugging Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20Fix passkey registration on iOS: strip hints field and set displayNameyyamashita-1/+4
hints is a WebAuthn L3 field that older iOS Safari cannot process, causing "String does not match expected pattern" TypeError. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Fix passkey registration: fixed userID + surface actual error messageyyamashita-6/+14
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Separate API_TOKEN from REGISTER_TOKENyyamashita-1/+1
REGISTER_TOKEN: passkey registration only API_TOKEN: POST /api/posts authentication Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Require Bearer token auth on POST /api/postsyyamashita-0/+6
Reuses REGISTER_TOKEN so the same secret covers both passkey registration and API posting. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Require REGISTER_TOKEN to create a passkeyyyamashita-26/+42
Prevents anyone who finds /auth/register from registering. Token is set via REGISTER_TOKEN env var on the server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Add white theme, post delete, and passkey authenticationyyamashita-76/+575
- Rewrite CSS to light/white theme - Add delete button (auth-gated) with confirm dialog - Add passkey register/login/logout routes via @simplewebauthn - Gate compose form and delete behind session authentication - Add credentials table to SQLite schema - Add SESSION_SECRET and WebAuthn env vars to docker-compose Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Clear form textarea after successful post submissionyyamashita-1/+12
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19Initial implementation of microblogyyamashita-0/+414
Markdown-based personal microblog with REST API. XSS protection via sanitize-html on server-side markdown rendering. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>