Skip to content

feat: add authentication system with admin panel#2

Open
Andialbundy wants to merge 1 commit intoAlexPEClub:mainfrom
Andialbundy:main
Open

feat: add authentication system with admin panel#2
Andialbundy wants to merge 1 commit intoAlexPEClub:mainfrom
Andialbundy:main

Conversation

@Andialbundy
Copy link
Copy Markdown

@Andialbundy Andialbundy commented Feb 11, 2026

No description provided.

@rhueller
Copy link
Copy Markdown

rhueller commented Feb 25, 2026

PR geschlossen: Verbindung zum externen Fork wird getrennt.

firstofficer added a commit to firstofficer/projekt_template that referenced this pull request Apr 13, 2026
@firstofficer @claude
test(PROJ-3): Add QA test results for magic link auth
56cf57b 
All 7 acceptance criteria pass. Security audit: no critical/high bugs.
Findings:
- AlexPEClub#1 (Medium): edge function accepts requests without apikey header
  — mitigated by per-email rate limit, recommend fix before public launch
- AlexPEClub#2 (Low): permissive email regex lets XSS-like addresses reach Supabase
- AlexPEClub#3 (Low): orphaned auth-bridge function (OTP code became primary flow)
- AlexPEClub#4 (Low, pre-existing PROJ-2): pdf-intake test needs env vars

Also in this commit:
- Privacy + imprint page drafts at /privacy and /imprint (TODO-gated
  placeholders for legal entity data, needs lawyer review pre-launch)
- tsconfig excludes extension/supabase so Next.js build doesn't compile them
- uuid dep added (was missing, broke PROJ-2 build)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
firstofficer added a commit to firstofficer/projekt_template that referenced this pull request Apr 13, 2026
@firstofficer @claude
fix(PROJ-3): Harden edge function + remove orphaned auth-bridge
32678ea 
- Require apikey/Bearer header on magic-link-rate-limit (Bug AlexPEClub#1, Medium):
  was an open endpoint, anyone could spam login mails. Per-email rate
  limit still capped impact, but defense-in-depth via PUBLIC_ANON_KEY
  secret. Returns 401 unauthorized when missing.
- Tighten email regex to RFC-5322 subset (Bug AlexPEClub#2, Low): rejects angle
  brackets, quotes, whitespace at the edge instead of letting Supabase
  reject downstream.
- Delete auth-bridge function (Bug AlexPEClub#3, Low): orphaned after OTP code
  became the primary flow. Removed from disk + Supabase project.
- pdf-intake/route.ts: lazy-init Supabase client (Bug AlexPEClub#4, partial):
  module-load throw broke tests that mock createClient. Tests still
  fail on jsdom Blob handling — that's a separate PROJ-2 issue.

Verified post-deploy:
  POST without apikey         → 401 unauthorized
  POST with apikey            → 200 ok
  XSS payload email           → 400 invalid_email

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
frankie0079 pushed a commit to frankie0079/Frank-lernt that referenced this pull request Apr 16, 2026
@claude
feat(PROJ-34): dedicated intro cover + ending scene + music fade-out
273034b 
User feedback: title was appearing on scene AlexPEClub#2 (the LLM-generated
"cover" type wasn't reliably at position 0), at full size, blocking
the photo. Music cut off abruptly at the end.

Renderer now has three phases:
1. Intro (5s): Event cover photo + title animated fade-in at 2-3.5s
2. Storyboard scenes (as before, now rendered from INTRO_MS..)
3. End (3.5s): "Ende" + event name fade-in, music fades to 0

Audio mixer: added GainNode + fadeOut(delay, duration) that schedules
a linear ramp in the audio-context timeline, aligned with the end
phase.

Data: get_report_storyboard_input RPC now returns event.cover_url
(migration 20260416_storyboard_input_cover_url.sql — apply manually
via SQL Editor before first use).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Andialbundy @rhueller