aboutsummaryrefslogtreecommitdiffhomepage
path: root/backend
AgeCommit message (Collapse)Author
2026-02-15refactor(auth): replace JWT authentication with server-side sessionsnsfisis
Migrate from stateless JWT tokens to server-side session management backed by PostgreSQL. Sessions are hashed with SHA-256 before storage, cleaned up periodically, and invalidated on logout. This removes the need for JWT_SECRET/COOKIE_SECRET environment variables and the golang-jwt dependency. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14ci: add GitHub Actions CI workflow with justnsfisis
Add CI workflow running build/lint checks for all components: - backend: Go build + golangci-lint - worker/swift: Go build + golangci-lint - frontend: Biome + TypeScript + ESLint - worker/php: Biome Add `ci` recipes to each justfile so GHA uses `just ci` uniformly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14feat(openapi): generate OpenAPI specs from TypeSpec sourcesnsfisis
Migrate hand-written OpenAPI YAML to TypeSpec (.tsp) source files. TypeSpec compiles to OpenAPI 3.0 YAML, enabling type-safe API definitions. - Add typespec/ directory with api-server and fortee definitions - Integrate TypeSpec build into `just gen` and `just build` pipelines - Update backend handler code to match new generated type names (inlined error responses, separate GameType/ProblemLanguage enums) - Regenerate frontend TypeScript types from new OpenAPI output Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14feat(backend): update dependenciesnsfisis
2026-02-13feat(auth): store JWT in HTTP-only cookie instead of JS-accessible cookiensfisis
Prevent XSS-based token theft by making the JWT inaccessible to JavaScript. The backend now sets/clears the cookie via Set-Cookie headers, and the frontend retrieves user info from /api/me instead of decoding the JWT directly. - Add JWTCookieMiddleware to parse cookie and inject claims into context - Add /me and /logout endpoints to OpenAPI spec and handlers - Update PostLogin to return user object + Set-Cookie header - Replace Authorization header auth with cookie-based auth throughout - Rewrite frontend auth to use /api/me instead of jwt-decode - Remove jwt-decode dependency - Configure CORS with credentials for local dev Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13feat(auth): add login rate limiting per IPnsfisis
Prevent brute-force attacks by limiting POST /login to 5 requests per minute per IP address using golang.org/x/time/rate. Unused entries are cleaned up after 10 minutes of inactivity. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13refactor: rename module/package namensfisis
2026-02-13chore: replace Makefile with justfilensfisis
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2025-09-19feat(backend): allow admin to access private gamesnsfisis
2025-09-17feat(backend,frontend): implement tournament pagensfisis
2025-09-17feat(backend): add admin pages for submissionsnsfisis
2025-09-16feat(backend): prevent game from starting without testcasesnsfisis
2025-09-08fix(backend): set unique code hash for each test case runnsfisis
2025-09-06feat(backend): increase timeout from 5 s to 30 snsfisis
2025-09-06fix(backend): qualifying ranking tablensfisis
2025-09-06fix(backend): normalize line endings before comparing test resultsnsfisis
2025-09-06fix(*): support compile_error as worker resultnsfisis
2025-09-06fix(backend): duplicate slashes in some URLsnsfisis
2025-09-06feat(backend): update qualifying ranking pagensfisis
2025-09-06feat(backend): restore /admin/fixnsfisis
2025-09-06feat(backend): add admin pages for testcasesnsfisis
2025-09-06feat(backend): add admin page for game creationnsfisis
2025-09-06feat(backend): add admin page for problemsnsfisis
2025-09-06feat(backend): make problems.language non-nullnsfisis
2025-09-05feat(worker-swift): compile and run in one requestnsfisis
2025-09-05feat(backend): support swift languagensfisis
2025-09-05feat(worker): move directory worker/ to worker/php/nsfisis
2025-08-17fix(backend): order of table definitionnsfisis
2025-08-17feat: update "PHPerKaigi" to "iOSDC Japan"nsfisis
2025-08-14feat(backend,frontend): Replace hard-coded base path with environment variablensfisis
2025-04-02fix(backend): fix pathsnsfisis
2025-04-02feat(backend): add admin tool to fix submission statusnsfisis
2025-04-02fix(backend): fix incorrect aggregation of testcase resultsnsfisis
2025-03-29feat: show code in ranking pagensfisis
2025-03-21feat(frontend): do not transit to finished pagensfisis
2025-03-21fix(frontend): fix submission status flickeringnsfisis
2025-03-21feat(backend): limit ranking entriesnsfisis
2025-03-21feat(frontend): show game result in 1v1 watchnsfisis
2025-03-21fix(backend): fix various admin featuresnsfisis
2025-03-20fix(backend): fix online qualifying rankingnsfisis
2025-03-20feat(backend): allow admin to edit game started_atnsfisis
2025-03-20feat(backend): add /admin/online-qualifying-rankingnsfisis
2025-03-20feat: show submission date on rankingnsfisis
2025-03-17refactor(backend): remove unused fieldnsfisis
2025-03-15feat(backend): decrease max retry of testcasesnsfisis
2025-03-15feat(backend): allow admin to watch themselves 1v1 pagensfisis
2025-03-15feat(backen): allow admin to edit main playersnsfisis
2025-03-12feat(backend): implement user edit pagensfisis
2025-03-12feat(backend): change is_public input to checkbox in game edit pagensfisis
2025-03-12fix(backend): treat started_at of game edit page as time in JSTnsfisis
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-07 23:17:58 +0000