publisher-dashboard

igm/publisher-dashboard

Fork 0

Commit Graph

Author	SHA1	Message	Date
RevIQ	860d791125	Implement Workstream F1: me.get and me.setupProfile procedures - Add me.get procedure returning user profile with needsSetup flag - Add me.setupProfile procedure for initial profile setup after signup - Add nonEmptyString/optionalString schema helpers with tests - Use Web Crypto API (SubtleCrypto) for Cloudflare Workers compatibility - Use @formatjs/intl-durationformat for duration formatting - Remove node:crypto dependency from crypto utilities Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-09 16:29:41 +08:00
RevIQ	9456a98eac	Implement Workstream G: Email Service with Postmark - Add postmark dependency and email configuration constants - Implement sendVerificationEmail, sendPasswordResetEmail, sendLoginConfirmationEmail, and sendOrgInviteEmail helpers - Add HTML + text email templates with inline CSS - Support dev mode (EMAIL_DEV_MODE=true) for console logging - Use URL constructor for proper URL building - Add XSS protection with HTML escaping in templates - Create .env file with email environment variables Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-09 15:42:33 +08:00
RevIQ	829d365e80	Implement auth procedures with code review fixes Add complete auth backend (Workstream D): - Auth middleware for session/API key authentication - Signup with password or passkey (WebAuthn) - Login flow with device trust and email confirmation - Password reset and email verification - Session management and logout Utilities created: - cookies.ts: Cookie helpers and configuration - crypto.ts: Token generation and hashing - password.ts: zxcvbn validation, argon2id hashing - geo.ts: IP/location extraction from headers - email.ts: Stubbed email sending - session.ts: Session creation and device trust Code review improvements applied: - Use ORPCError instead of Error in procedures - Add ast-grep rule to enforce ORPCError usage - Remove error info leakage (generic messages) - Optimize N+1 query with JOIN in login-password - Extract signupWithPassword/signupWithPasskey for testability - Add 15-minute WebAuthn challenge expiry check - Strengthen CookieOptions type definitions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-09 15:19:15 +08:00

Author

SHA1

Message

Date

RevIQ

860d791125

Implement Workstream F1: me.get and me.setupProfile procedures

- Add me.get procedure returning user profile with needsSetup flag
- Add me.setupProfile procedure for initial profile setup after signup
- Add nonEmptyString/optionalString schema helpers with tests
- Use Web Crypto API (SubtleCrypto) for Cloudflare Workers compatibility
- Use @formatjs/intl-durationformat for duration formatting
- Remove node:crypto dependency from crypto utilities

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 16:29:41 +08:00

RevIQ

9456a98eac

Implement Workstream G: Email Service with Postmark

- Add postmark dependency and email configuration constants
- Implement sendVerificationEmail, sendPasswordResetEmail,
  sendLoginConfirmationEmail, and sendOrgInviteEmail helpers
- Add HTML + text email templates with inline CSS
- Support dev mode (EMAIL_DEV_MODE=true) for console logging
- Use URL constructor for proper URL building
- Add XSS protection with HTML escaping in templates
- Create .env file with email environment variables

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 15:42:33 +08:00

RevIQ

829d365e80

Implement auth procedures with code review fixes

Add complete auth backend (Workstream D):
- Auth middleware for session/API key authentication
- Signup with password or passkey (WebAuthn)
- Login flow with device trust and email confirmation
- Password reset and email verification
- Session management and logout

Utilities created:
- cookies.ts: Cookie helpers and configuration
- crypto.ts: Token generation and hashing
- password.ts: zxcvbn validation, argon2id hashing
- geo.ts: IP/location extraction from headers
- email.ts: Stubbed email sending
- session.ts: Session creation and device trust

Code review improvements applied:
- Use ORPCError instead of Error in procedures
- Add ast-grep rule to enforce ORPCError usage
- Remove error info leakage (generic messages)
- Optimize N+1 query with JOIN in login-password
- Extract signupWithPassword/signupWithPasskey for testability
- Add 15-minute WebAuthn challenge expiry check
- Strengthen CookieOptions type definitions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 15:19:15 +08:00

3 Commits