Commit Graph

26 Commits

Author SHA1 Message Date
Josh Creek f302721119 data(*): Add working regenerated data structure 2026-01-17 20:39:55 +00:00
Josh Creek ee73c01afe feat(*): Change how data is set up 2026-01-16 21:11:21 +00:00
Josh Creek 070604fb89 fix(#56): Address PR comments 2026-01-10 12:47:27 +00:00
Josh Creek b30be24fd5 feat(#56): Address PR comments 2026-01-10 12:37:43 +00:00
Josh Creek b1b6e63b6f refactor(#56): Improve how the dex updating is handled and the error messaging around it 2026-01-10 12:07:05 +00:00
Josh Creek 07af29e6e6 chore(#67): Address pr comments 2026-01-09 18:45:47 +00:00
Josh Creek 28bb39d558 feat(*): Add improvements to the UX and the data seeding 2026-01-07 20:13:07 +00:00
Josh Creek b9a49686c1 refactor(*): Implement CSV-based seeding, dynamic box placement, and enforce forms from pokedex configuration 2026-01-05 09:44:15 +00:00
Josh Creek 19a571e315 feat(#67): Add support for multiple pokedexes per user 2026-01-04 22:06:36 +00:00
Josh Creek c063e9d2cd fix(*): map all updatable fields in PokedexEntryRepository.update method 2025-07-26 22:49:21 +01:00
Josh Creek c2c8fd1fb4 refactor(*): Remove unused userId parameter from countCombinedData method 2025-07-26 22:39:25 +01:00
Josh Creek 120f936eb7 Update src/lib/repositories/CatchRecordRepository.ts 2025-07-26 22:22:03 +01:00
Josh Creek 389f73d164 chore(*): Clean up migration artifacts and optimize data repository queries 2025-07-26 21:50:54 +01:00
Josh Creek fa38fa69ca refactor(*):Address PR comments 2025-07-26 19:42:04 +01:00
Josh Creek bc9ce84615 feat(*): Migrate from MongoDB to unified Supabase PostgreSQL architecture 2025-07-26 18:50:05 +01:00
Josh Creek 3aa716b941 fix(#55): implement user data isolation to prevent cross-user data access
- Add server-side authentication validation for all protected API endpoints
- Create auth utility with requireAuth() function for session validation
- Update CombinedDataRepository to filter data by authenticated user ID
- Add findByUserId() method to CatchRecordRepository for user-specific queries
- Replace client-side userId parameters with server-side session extraction
- Use MongoDB aggregation with $lookup and $expr for secure user filtering
- Return 401 errors for unauthenticated requests
- Fix critical security vulnerability where users could see others' catch records

Fixes: User data isolation bug where one user's catch records were used for everyone
Security: Prevents unauthorized access to other users' Pokemon tracking data
2025-07-26 16:34:19 +01:00
Josh Creek 4d9d5e74d7 feat(#46): Componentise the boxes view 2024-07-17 21:11:58 +01:00
Josh Creek 2ad7e219a2 feat(#46): Add boxes page 2024-07-15 20:49:36 +01:00
Josh Creek bc25ab0e38 fix(*): Fix bug returning 0 for document counts when filtering by region and game 2024-07-14 21:03:57 +01:00
Josh Creek 0285725b6d feat(*): Add ability to filter by game and region 2024-07-14 20:51:05 +01:00
Josh Creek 62c03f41eb feat(*): Add region-game mappings 2024-07-14 19:45:06 +01:00
Josh Creek 0edc7f0974 feat(*): Enable filtering to either do a forms dex or a regular dex 2024-07-14 17:47:16 +01:00
Josh Creek 7467a4425f feat(*): Update pokedex entry data structure and re-add error handling 2024-07-14 16:16:18 +01:00
Josh Creek 2cf3a03f8f feat(*): Add pagination to my dex 2024-07-12 21:33:02 +01:00
Josh Creek e7f1930eff feat(*): Add support for catch records to My Dex page 2024-07-12 14:19:44 +01:00
Josh Creek 44fa581ecd feat(#5): Add ability to seed pokedex entry data 2024-04-08 20:08:53 +01:00