kapteins-daagbok

Author	SHA1	Message	Date
elpatron	3ac4201734	Add AI travel day summaries via OpenRouter for skippers. Skipper-only proxy with per-entry rate limiting, encrypted payload storage, CSV export, and Plausible tracking. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-03 11:26:19 +02:00
elpatron	9bf59280b2	Apply strict rate limits to sensitive auth endpoints. Account deletion, key enrollment, and credential management use a separate 30/15min limiter so they are not left at 300/min while login and sync routes stay independent. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-02 22:52:52 +02:00
elpatron	2b029a26f0	Fix passkey login 429 by forwarding client IPs correctly. Forward X-Forwarded-For through frontend nginx, use TRUST_PROXY=1 for the Docker hop, and limit auth rate limiting to login flows only. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-02 22:48:15 +02:00
elpatron	0edf4a789c	feat(quality): Sprint 2 pre-deploy gates and server smoke tests Extract Express app factory for testability, add Vitest/Supertest API smoke tests, root npm run check script, and deployment docs. Fix express-rate-limit IPv6 keyGenerator for feedback limiter. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-01 15:17:46 +02:00