igm/publisher-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
164 Commits 2 Branches 0 Tags
5a2e0297e5bc7df3d91f220b17f4cef14badb049
Commit Graph

7 Commits

Author SHA1 Message Date
igm
8b63eb3538 Add ast-grep rule to prevent String() function usage 
Prefer .toString() or .toLocaleString() over String() for
more predictable behavior and consistency.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-12 13:48:13 +08:00
igm
587e151fbd Fix ast-grep tests and add no-countall-number test 
- Update zod-namespace-import snapshot (semicolon fix)
- Add test cases for no-countall-number rule
- Update rule pattern to match method calls on objects

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-12 13:45:14 +08:00
igm
6fa4da1abb Fix lint errors and add ast-grep rule for countAll 
- Fix template literal expressions: wrap Date.now() in String()
- Add missing afterAll import in admin.test.ts
- Fix countOwners to use countAll() without misleading <number> type
- Add ast-grep rule to prevent countAll<number>() usage
- Fix formatting issues from merge conflict resolution

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-12 13:40:06 +08:00
RevIQ
1bf05465c3 Replace void returns with { success: true } across all API endpoints 
- Add successResponseSchema to common.ts for explicit success responses
- Update all auth, me, orgs, and admin procedures to return { success: true }
- Update contract.ts to use successResponseSchema instead of z.void()
- Add ast-grep rule to prevent future z.void() usage in contracts
- Add build:packages script to root package.json
- Fix test file lint errors with eslint-disable comments

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 16:30:22 +08:00
RevIQ
829d365e80 Implement auth procedures with code review fixes 
Add complete auth backend (Workstream D):
- Auth middleware for session/API key authentication
- Signup with password or passkey (WebAuthn)
- Login flow with device trust and email confirmation
- Password reset and email verification
- Session management and logout

Utilities created:
- cookies.ts: Cookie helpers and configuration
- crypto.ts: Token generation and hashing
- password.ts: zxcvbn validation, argon2id hashing
- geo.ts: IP/location extraction from headers
- email.ts: Stubbed email sending
- session.ts: Session creation and device trust

Code review improvements applied:
- Use ORPCError instead of Error in procedures
- Add ast-grep rule to enforce ORPCError usage
- Remove error info leakage (generic messages)
- Optimize N+1 query with JOIN in login-password
- Extract signupWithPassword/signupWithPasskey for testability
- Add 15-minute WebAuthn challenge expiry check
- Strengthen CookieOptions type definitions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-09 15:19:15 +08:00
RevIQ
b6bce41092 Fix zod imports with ast-grep namespace import rule 
Applied ast-grep rule to convert named zod imports to namespace imports
across the api-contract package for consistency.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-09 12:14:19 +08:00
RevIQ
322155b4a1 set up ast-grep and dbmate and postgres 2026-01-09 10:51:47 +08:00