Commit Graph

29 Commits

Author SHA1 Message Date
Josh Creek f17b350e4e fix(#64): Address PR comments 2026-01-10 18:27:01 +00:00
Josh Creek 68cc2a0712 fix(#64): Address PR comments 2026-01-10 17:06:52 +00:00
Josh Creek adc96baa90 feat(#64): Improve the about page 2026-01-10 15:27:00 +00:00
Josh Creek b30be24fd5 feat(#56): Address PR comments 2026-01-10 12:37:43 +00:00
Josh Creek b1b6e63b6f refactor(#56): Improve how the dex updating is handled and the error messaging around it 2026-01-10 12:07:05 +00:00
Josh Creek 07af29e6e6 chore(#67): Address pr comments 2026-01-09 18:45:47 +00:00
Josh Creek 28bb39d558 feat(*): Add improvements to the UX and the data seeding 2026-01-07 20:13:07 +00:00
Josh Creek 19a571e315 feat(#67): Add support for multiple pokedexes per user 2026-01-04 22:06:36 +00:00
Josh Creek 0e2d7f7792 fix(#69): Use service role key for seeding 2026-01-02 20:35:38 +00:00
Josh Creek 2f5c0d68be feat(#69): Improve seeding process 2026-01-02 20:17:13 +00:00
Josh Creek 5e0e45494f chore(*): Fix remaining PR comments 2025-07-26 23:18:36 +01:00
Josh Creek 852c6c3f34 feat(*): Complete MongoDB to Supabase migration cleanup 2025-07-26 23:13:11 +01:00
Josh Creek c2c8fd1fb4 refactor(*): Remove unused userId parameter from countCombinedData method 2025-07-26 22:39:25 +01:00
Josh Creek fa38fa69ca refactor(*):Address PR comments 2025-07-26 19:42:04 +01:00
Josh Creek bc9ce84615 feat(*): Migrate from MongoDB to unified Supabase PostgreSQL architecture 2025-07-26 18:50:05 +01:00
Josh Creek 3aa716b941 fix(#55): implement user data isolation to prevent cross-user data access
- Add server-side authentication validation for all protected API endpoints
- Create auth utility with requireAuth() function for session validation
- Update CombinedDataRepository to filter data by authenticated user ID
- Add findByUserId() method to CatchRecordRepository for user-specific queries
- Replace client-side userId parameters with server-side session extraction
- Use MongoDB aggregation with $lookup and $expr for secure user filtering
- Return 401 errors for unauthenticated requests
- Fix critical security vulnerability where users could see others' catch records

Fixes: User data isolation bug where one user's catch records were used for everyone
Security: Prevents unauthorized access to other users' Pokemon tracking data
2025-07-26 16:34:19 +01:00
Josh Creek 4d9d5e74d7 feat(#46): Componentise the boxes view 2024-07-17 21:11:58 +01:00
Josh Creek f62b18b0ee feat(#22): Add sprites 2024-07-16 21:43:41 +01:00
Josh Creek 2ad7e219a2 feat(#46): Add boxes page 2024-07-15 20:49:36 +01:00
Josh Creek 0285725b6d feat(*): Add ability to filter by game and region 2024-07-14 20:51:05 +01:00
Josh Creek 62c03f41eb feat(*): Add region-game mappings 2024-07-14 19:45:06 +01:00
Josh Creek 0edc7f0974 feat(*): Enable filtering to either do a forms dex or a regular dex 2024-07-14 17:47:16 +01:00
Josh Creek 7467a4425f feat(*): Update pokedex entry data structure and re-add error handling 2024-07-14 16:16:18 +01:00
Josh Creek 2cf3a03f8f feat(*): Add pagination to my dex 2024-07-12 21:33:02 +01:00
Josh Creek e7f1930eff feat(*): Add support for catch records to My Dex page 2024-07-12 14:19:44 +01:00
Josh Creek 6aac4c5985 feat(*): Update seeding logic to handle new fields and record the last modified date 2024-07-12 14:16:30 +01:00
Josh Creek 454259d9e7 feat(#19): Add a basic My Dex page 2024-04-08 21:09:34 +01:00
Josh Creek 44fa581ecd feat(#5): Add ability to seed pokedex entry data 2024-04-08 20:08:53 +01:00
Josh Creek ee191aa7cf feat(#11): Add sprite component 2024-04-07 10:50:59 +01:00