Full deployment history for this project.
Fix TOCTOU race condition in job processing endpoint - Modifies the Supabase update query in `app/api/process-job/route.ts` to include `.eq('status', 'queued')` and chain `.select()`, making the state-check and state-update atomic. - Adds condition to verify if rows were successfully updated, otherwise returning a 409 status. - Appends an entry to `.jules/sentinel.md` documenting this race condition. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Fix CRON_SECRET bypass vulnerability and add health endpoint - Fix: Require `CRON_SECRET` for all background automation endpoints to prevent unauthorized access if the secret is missing. - Feat: Add a basic `/api/health` check endpoint for monitoring. - Docs: Update `README.md` with an FAQ section and the new health endpoint. - Test: Add unit tests for the health endpoint and the `CRON_SECRET` authorization mechanism. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat(a11y): Add ARIA labels to icon-only buttons Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #5 from mbarbine/sentinel-oauth-csrf-fix-18165746674339231602 š”ļø Sentinel: [CRITICAL] Fix OAuth CSRF vulnerability
š”ļø Sentinel: [CRITICAL] Fix OAuth CSRF vulnerability Added cryptographically secure nonce to the OAuth state parameter and stored it in an HttpOnly cookie to verify during the callback. This prevents CSRF attacks targeting the OAuth flow. Also enhanced the PlatPhorm JSON schema and added tests for both schema validation and the OAuth CSRF protection. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #4 from mbarbine/sentinel-fix-ssrf-6109957195882198144 š”ļø Sentinel: [CRITICAL] Fix SSRF in image fetch operations
Merge branch 'main' into sentinel-fix-ssrf-6109957195882198144
Merge branch 'main' into sentinel-fix-ssrf-6109957195882198144
Merge branch 'main' into sentinel-fix-ssrf-6109957195882198144
š”ļø Sentinel: [CRITICAL] Fix SSRF vulnerability in fetch calls - Added strict URL validation for `downloadPhoto` in `lib/google-photos/client.ts` to enforce HTTPS and restrict domain to `*.googleusercontent.com` - Added strict URL validation for `uploadFromUrl` in `lib/storage/blob-storage.ts` to enforce HTTPS - Documented findings in `.jules/sentinel.md` Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
š”ļø Sentinel: [CRITICAL] Fix IDOR in batch enhance endpoint Added a database check to verify that all photo IDs requested in the batch enhancement endpoint actually belong to the authenticated user. This prevents users from initiating enhancement jobs on photos they don't own. Added a learning entry to .jules/sentinel.md detailing the vulnerability and prevention strategy. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #1 from mbarbine/vercel/react-server-components-cve-vu-1jsidn Fix React Server Components CVE vulnerabilities
Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
feat: finalize production setup for AI photo enrichment app Document setup guide and verify production readiness Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
fix: resolve auth redirect loop and enhance app robustness Fix middleware redirect loop and improve error handling, UX, and robustness. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
fix: resolve auth loop & SQL idempotency Update SQL scripts for idempotency and fix middleware redirect loop. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
fix: close missing brace in globals.css Correct CSS syntax error and separate base layer from theme block. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
fix: update profiles table schema and trigger function Add missing columns and fix user registration trigger. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
feat: enable Google Sign-In for authentication Add Google Sign-In to login and signup pages and update setup guide. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
feat: add Google OAuth setup and documentation Update README and SETUP_GUIDE with OAuth credentials and redirect URIs. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>