blackheart-website

diana.dolgolyova/blackheart-website

Fork 0

Commit Graph

Author	SHA1	Message	Date
diana.dolgolyova	66dce3f8f5	fix: HIGH priority — scroll debounce, timing-safe auth, a11y, error logging, cleanup dead modals - Header: throttle scroll handler via requestAnimationFrame (was firing 60+/sec) - Auth: use crypto.timingSafeEqual for password and token signature comparison - A11y: add role="dialog", aria-modal, aria-label to all modals (SignupModal, NewsModal, TeamProfile lightbox) - A11y: add aria-label to close buttons, menu toggle (with aria-expanded), floating CTA - A11y: add aria-label to MC Instagram buttons - Error logging: add console.error with route names to all API catch blocks (admin + public) - Fix open-day-register error leak (was returning raw DB error to client) - Fix MasterClasses key={index} → key={item.title} - Delete 3 unused modal components (BookingModal, MasterClassSignupModal, OpenDaySignupModal) — replaced by unified SignupModal Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-19 14:01:21 +03:00
diana.dolgolyova	6cbdba2197	feat: add CSRF protection for admin API routes Double-submit cookie pattern: login sets bh-csrf-token cookie, proxy.ts validates X-CSRF-Token header on POST/PUT/DELETE to /api/admin/*. New adminFetch() helper in src/lib/csrf.ts auto-includes the header. All admin pages migrated from fetch() to adminFetch(). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-17 17:53:02 +03:00
diana.dolgolyova	27c1348f89	feat: admin panel with SQLite, auth, and calendar-style schedule editor Complete admin panel for content management: - SQLite database with better-sqlite3, seed script from content.ts - Simple password auth with HMAC-signed cookies (Edge + Node compatible) - 9 section editors: meta, hero, about, team, classes, schedule, pricing, FAQ, contact - Team CRUD with image upload and drag reorder - Schedule editor with Google Calendar-style visual timeline (colored blocks, overlap detection, click-to-add) - All public components refactored to accept data props from DB (with fallback to static content) - Middleware protecting /admin/* and /api/admin/* routes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 16:59:12 +03:00

Author

SHA1

Message

Date

diana.dolgolyova

66dce3f8f5

fix: HIGH priority — scroll debounce, timing-safe auth, a11y, error logging, cleanup dead modals

- Header: throttle scroll handler via requestAnimationFrame (was firing 60+/sec)
- Auth: use crypto.timingSafeEqual for password and token signature comparison
- A11y: add role="dialog", aria-modal, aria-label to all modals (SignupModal, NewsModal, TeamProfile lightbox)
- A11y: add aria-label to close buttons, menu toggle (with aria-expanded), floating CTA
- A11y: add aria-label to MC Instagram buttons
- Error logging: add console.error with route names to all API catch blocks (admin + public)
- Fix open-day-register error leak (was returning raw DB error to client)
- Fix MasterClasses key={index} → key={item.title}
- Delete 3 unused modal components (BookingModal, MasterClassSignupModal, OpenDaySignupModal) — replaced by unified SignupModal

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-19 14:01:21 +03:00

diana.dolgolyova

6cbdba2197

feat: add CSRF protection for admin API routes

Double-submit cookie pattern: login sets bh-csrf-token cookie,
proxy.ts validates X-CSRF-Token header on POST/PUT/DELETE to /api/admin/*.
New adminFetch() helper in src/lib/csrf.ts auto-includes the header.
All admin pages migrated from fetch() to adminFetch().

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-17 17:53:02 +03:00

diana.dolgolyova

27c1348f89

feat: admin panel with SQLite, auth, and calendar-style schedule editor

Complete admin panel for content management:
- SQLite database with better-sqlite3, seed script from content.ts
- Simple password auth with HMAC-signed cookies (Edge + Node compatible)
- 9 section editors: meta, hero, about, team, classes, schedule, pricing, FAQ, contact
- Team CRUD with image upload and drag reorder
- Schedule editor with Google Calendar-style visual timeline (colored blocks, overlap detection, click-to-add)
- All public components refactored to accept data props from DB (with fallback to static content)
- Middleware protecting /admin/* and /api/admin/* routes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-11 16:59:12 +03:00

3 Commits