manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
323 commits 3 branches 0 tags 7.3 MiB
Commit graph

8 commits

Author SHA1 Message Date
Mannu
b6814579c6 feat(pwa): add Serwist service worker, manifest, icons, install prompt 
- Wrap next.config.ts with @serwist/next (webpack mode, disabled in dev)
- Service worker: NetworkOnly for /api/*, offline fallback → /~offline
- Web app manifest via Next.js metadata API (app/manifest.ts)
- PNG icon set generated with sharp (192, 512, maskable-512, apple-180)
- iOS meta tags: appleWebApp, themeColor viewport export
- Middleware: pwaAssets early-return so /sw.js never gets a 302→login
- Offline fallback page at /~offline (static, no auth dependency)
- InstallPrompt component: beforeinstallprompt (Android) + iOS Share sheet instructions
- Logout (menu/page.tsx): purge all SW caches on signout (shared-device safety)
- Fix invite/[token]/page.tsx params type for Next.js 16 (use(params))
- Build script: next build --webpack (Serwist requires webpack, not Turbopack)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-27 23:20:48 +05:30
Mannu
2a09c027fa feat(marketing): public homepage replacing / → /login redirect 
- Add (marketing) route group: /, /pricing, /privacy, /terms
- Add (app) route group: moves all authenticated pages, app home → /home
- Root / is now a static marketing page (zero DB imports, zero auth)
- NavAuthButton client component: shows "Open Tia →" if logged in, else "Continue with Google"
- Plausible analytics hook in marketing layout
- Auto-generated OG image via opengraph-image.tsx
- Middleware updated to allowlist marketing routes
- All /-redirects updated to /home (login, onboarding, invite, circle join)
- BottomNav home tab updated: / → /home

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-25 23:26:26 +05:30
Mannu
c459b4411a fix: secure /api/ai endpoint and remove debug routes 
- Add auth to /api/ai via requireFamily middleware
- Remove /api/ai and /api/auth/debug from public routes
- Delete debug/test routes that expose internal state

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-17 16:41:47 +05:30
Mannu
082c2bcdd8 Add debug endpoint 2026-05-17 00:46:12 +05:30
Mannu
a54f30ddcb Security hardening - all 8 patches applied 
Patch 1: Add requireFamily to chat route
Patch 2: Add requireFamily to family routes
Patch 3: Create admin-auth.ts, apply to all admin routes
Patch 4: Delete debug and migrate routes, update middleware
Patch 5: Create audit_log table and schema
Patch 6: Create password reset flow (reset-request, reset-confirm)
Patch 7: Replace with real HTTP security tests
Patch 8: RLS migrations already exist (01-app-role, 02-enable-rls)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-16 23:59:43 +05:30
Mannu
2196c3d07d Security hardening: auth, bcrypt, rate-limiting, RLS, audit 2026-05-16 23:11:01 +05:30
Mannu
152bf2079c demo: simple UI without DB 2026-05-10 04:45:30 +05:30
Mannu
330367dcc8 feat: add login page and auth API route 2026-05-10 04:09:19 +05:30