- Add logic to aggregate win rates from commanders, raw data, and chart
data
- Implement normalization for color inputs (W, U, B, R, G, C)
- Build a chart dataset filtered to display colors with win rates > 1%
- Update Color Win Rate chart title and fallback logic for empty
datasets
- Add a fallback message encouraging users to add commanders when stats
are unavailable
- Bump version to 2.4.5
* Update version to 2.4.2 and refine input styles
Bump version to 2.4.2.
Adjust date input appearance and positioning.
Tighten spacing on dashboard stats cards.
Update footer padding.
* Update version.txt
* Add keyboard event listeners to close Terms of Service modal
* changing route
* Add admin flag to user model and update authentication routes
Add `is_admin` column to `users` table and update `UserRepository` to
handle admin status during creation and retrieval. Ensure authentication
routes consistently expose `isAdmin` (mapped from `is_admin`) in user
responses. Provide a migration script and a helper utility
(`scripts/set-admin-flag.sh`) to manage admin privileges.
* Update set-admin-flag.sh
Bump version to 2.3.6 in package.json files.
Enhance password validation regex to provide specific error messages for
lowercase, uppercase, and numeric requirements instead of generic
messages.
Add a delete confirmation modal to the profile page with a button that
disables if the user has typed a different username, preventing
accidental
* Add archived state for commanders across all layers
* Add `tick` import and smooth scrollIntoView to commander and game edit
flows
Replace `setTimeout` with `await tick()` when scrolling forms into view.
Update `startEdit` functions in `/commanders` and `/games` to use the
new `tick` import. Replace hardcoded 100ms timeout with `tick` and
ensure `bind:this` is applied to form elements before scrolling.
* Add `tick` import and smooth scrollIntoView to commander and game edit
flows
Replace `setTimeout` with `await tick()` when scrolling forms into view.
Update `startEdit` functions in `/commanders` and `/games` to use the
new `tick` import. Replace hardcoded 100ms timeout with `tick` and
ensure `bind:this` is applied to form elements before scrolling.
* Add cache control headers for version.txt and handle HTML files
explicitly
* Refactor buttons to use icon-button component
Update Start/Stop/Reset controls to use the new `icon-button` class.
Replace text-only buttons with a consistent pattern of SVG icon followed
by a `<span>` label. Add corresponding CSS rules for `.icon-button`
and `.btn-icon` to ensure proper spacing and sizing.
* feat: change reset button icon and bump version
- Update reset button SVG to a circular arrow icon
- Decrease reset icon size to 1.15rem
- Bump version to 2.3.2 in static file
* Add support for displaying archived commanders count
Bump application version to 2.3.3
Refine round counter button disabled state and styling
* Add color icon assets and update version number
feat: Add color icon assets (W, U, B, R, G, C) and increment version to
2.3.4
* Add color icon assets and update version number
feat: Add color icon assets (W, U, B, R, G, C) and increment version to
2.3.4
* Update color assets from SVG to PNG and refresh image files
Replace all `.svg` color icons (W, U, B, R, G, C) with corresponding
`.png` files. Add new asset `timer.png` and `commanders.png`. Remove
`round_timer.png`, `stats.png`, and `logs.png`. Replace `logs.png` with
an updated version. Bump version number from 2.3.4 to 2.3.5.
* Update commander profile card styling and replace placeholder icons
```
Update commander profile card styling and replace placeholder icons
- Revert white background and padding for the main container
- Increase icon chip dimensions to 90% width and height
- Remove border and inset shadow from color chip icons
- Replace generic SVG placeholders (B, C, G, R, U, W) with new designs
```
* Update footer to remove version prefix and add commander images
* Bump backend package version to `2.2.0` in `package.json` and
`package-lock.json`.
* Replace local storage token management with secure HTTP-only
cookies.
* Added cookie options to `@fastify/cookie` plugin configuration
in `server.js` (request-time parsing, strict same-site,
production enforcement).
* Updated `auth.js` routes to use `reply.setCookie` and
`reply.clearCookie` instead of manual token handling.
* Added `request.headers.authorization` pre-handling hook to
inject cookie tokens into the Authorization header for route
handlers.
* Updated `frontend/src/lib/stores/auth.js`:
* Switched token storage logic to rely solely on cookies via the
browser (`credentials: 'include'`).
* Removed `localStroage` and `sessionStor`ge usage for the auth
token.
* Refactored login/register flow to call `markAuthenticated()`
immediately upon success.
* Updated logout to clear the backend cookie via
`/api/auth/logout` and reset store state.
* Modified `checkRegistrationConfig` and other store methods to
handle state updates correctly without local storage
persistence.
* Removed `localStroage` and `sessionStor`ge references from the
frontend register page UI and validation logic.
Update version to 2.2.0 and migrate to session-based cookies
Replace JWT token storage with HTTP-only session cookies in the backend.
Add `/session` endpoint to verify cookie-based authentication and remove
reliance on localStorage for client-side token management. Update
frontend auth store to handle cookies via `credentials: include` and
refresh tokens on 401 errors.
* Migrate frontend to SvelteKit with comprehensive deployment
documentation
- Create new SvelteKit project structure with routing, stores, and
components
- Implement complete authentication system with auth store and protected
routes
- Build all application pages: Home, Login, Register, Dashboard, Games,
Stats, Commanders, Profile, and Round Counter
- Configure Vite, TailwindCSS, PostCSS, and Nginx for production
deployment
- Add Dockerfile.svelte for containerized builds with multi-stage
optimization
- Create comprehensive SVELTE_DEPLOYMENT.md and SVELTE_MIGRATION.md
guides
- Update deployment scripts and package dependencies for SvelteKit
ecosystem
* feat: Add user authentication and game tracking pages to EDH Stats
Tracker
* Migrate frontend to SvelteKit and update Docker configuration
- Replace Alpine.js with SvelteKit for improved DX and hot module
replacement
- Switch frontend service to `Dockerfile.dev` with volume mounts and
Vite dev server
- Update `docker-compose.yml` to map ports 5173 and use
`http://localhost:5173` for CORS
- Add `Dockerfile.svelte` for production static builds
- Configure Vite proxy to target `http://backend:3000` in containers and
`localhost:3002` locally
- Migrate existing components to new routes and update authentication
store logic
- Add Chart.js integration to stats page and handle field name mapping
for forms
- Include static assets (`fonts/Beleren-Bold.ttf`) and update deployment
scripts
- Document migration status, testing checklist, and known minor issues
in guides
* Refactor frontend state properties from snake_case to camelCase
This commit standardizes frontend property access across Dashboard,
Games, and Stats pages.
Changes include:
- Renaming API data fields (e.g., `commanderName`, `playerCount`,
`winRate`).
- Updating `startEdit` logic to normalize mixed snake_case/camelCase
inputs.
- Replacing template literals like `_player_won` with camelCase
versions.
- Consistent usage of `totalGames` and `wins` instead of snake_case
variants.
* Update version to 2.1.12 and refactor commander management
- Upgrade application version to 2.1.12
- Add Footer component and include in all pages
- Refactor `/commanders` page to fetch commanders and stats separately
- Fix commander API endpoint to load all commanders instead of only
those with stats
- Add stats merging logic to calculate wins, win rate, and avg rounds
- Split add/edit command logic into shared `loadCommanders` function
- Fix color toggle logic to work with both new and editing command modes
- Update API methods for update requests to send `PUT` for existing
commanders
- Enhance commander delete functionality with proper API response
handling
- Refactor dashboard and stats pages to reuse shared data loading logic
- Add chart cleanup on destroy for both dashboard and stats pages
- Implement Chart.js for Win Rate by Color and Player Count charts
- Reorganize round counter component state and timer functions
- Add localStorage persistence for round counter with pause/resume
support
- Update game log page to integrate footer component
* Refactor auth store and backend to use stable user ID
* Backend: Switch user lookup from username to ID in auth routes to
maintain stability across username changes.
* Frontend: Update user store to reflect ID-based updates.
* UI: Refactor user menu Svelte component to use ID-based user data.
* Profile: Switch profile page to use ID-based user data for
validation and state management.
* format date formatting options consistently across dashboard and games
pages
* format date formatting options consistently across dashboard and games
pages
* Refactor card action buttons to use icons with semantic text
- Switch "Edit" and "Delete" button text to SVG icons in `commanders`
and `games` pages
- Update icon colors and font styles to match standard design tokens
(indigo/red, bold text)
- Improve responsive spacing by adding `lg:grid-cols-3`
* grids
- Clarify hover states and titles for better UX accessibility
Bump application versions to 2.2.0 and update deployment configuration
* Convert `+page.svelte` to use template strings for multiline strings and
fix syntax errors.
* Update static version to 2.2.2 and tighten nginx cache headers
- Reformat logging calls in server.js for readability
- Bump API version from 1.0.0 to 2.1.2
- Update Traefik labels; switch TLS certresolver to
letsencrypt-cloudflare
- Reformat logging calls in server.js for readability
- Bump API version from 1.0.0 to 2.1.2
- Update Traefik labels; switch TLS certresolver to
letsencrypt-cloudflare
- Parse MAX_USERS from env in registrationConfig
- Count total users with new UserRepository.countUsers()
- Enforce registration cap in the signup flow
- Expose MAX_USERS in docker-compose and env example
- Bump frontend version to 2.1.2
- Harden /change-password with JWT guard and per-hour rate limit
- Validate current and new passwords, and update password on success
- Replace previous password-change flow with a streamlined
delete-account path
- Implement /me DELETE to permanently remove user data and respond with
success
- Add frontend delete account flow: profile.js handles deletion, modal
UI, and token-based API call
- Extend profile.html with a Danger Zone and a Delete Account modal
- Update register.html: link to Terms of Service now points to /tos.html
and opens in a new tab
- Backend: extend filters with dateFrom/dateTo, won, roundsMin/Max and
colors; implement color identity using jsonb and order by date with
limit/offset.
- Frontend: adjust slideshow spacing in index.html and include new
images; bump version to 2.0.5.
- Backend: extend filters with dateFrom/dateTo, won, roundsMin/Max and
colors; implement color identity using jsonb and order by date with
limit/offset.
- Frontend: adjust slideshow spacing in index.html and include new
images; bump version to 2.0.5.
- Backend now returns first validation error message in 'message' field
- Both POST and PUT commander endpoints updated
- Frontend fallback to handle either message or details array format
- Users now see 'Select at least one color' instead of generic error
- Improved error response consistency across all validation errors
* Migrate from SQLite to PostgreSQL for dev and prod environments
- Replace better-sqlite3 with pg library in backend
- Update database.js to use PostgreSQL connection pooling
- Convert migrations.sql to PostgreSQL syntax with proper triggers and constraints
- Convert seeds.sql to PostgreSQL syntax with JSONB for colors and ON CONFLICT handling
- Update docker-compose.yml with PostgreSQL service and db-migrate container
- Update deploy.sh to generate production docker-compose with PostgreSQL configuration
- Configure environment variables for database connection (DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD)
* Update database models to use PostgreSQL async API
- Convert User.js from better-sqlite3 to PostgreSQL async queries
- Use parameterized queries with , placeholders
- Update all methods to use async/await
- Use result.rowCount instead of result.changes
- Use result.rows[0].id for RETURNING clause results
- Convert Commander.js from better-sqlite3 to PostgreSQL async queries
- Implement proper async methods with pg library
- Update JSONB color handling (no longer needs JSON.parse/stringify)
- Use ILIKE for case-insensitive search instead of LIKE
- Use proper numeric casting for win rate calculations
- Convert Game.js from better-sqlite3 to PostgreSQL async queries
- All query methods now properly async
- Update boolean handling (true/false instead of 1/0)
- Use ILIKE for case-insensitive commander name search
- Use RETURNING clause instead of lastInsertRowid
All models now use dbManager.query(), dbManager.get(), and dbManager.all() methods
* Add PostgreSQL cleanup and repository pattern for improved DB abstraction
Database Improvements:
- Fix migrate.js to use async PostgreSQL API with proper error handling
- Update .env.example to reflect PostgreSQL configuration variables
- Update GitHub Actions workflow to generate production docker-compose with PostgreSQL
Architectural Improvements:
- Create base Repository class providing common CRUD operations
- Implement UserRepository for user-specific database operations
- Implement CommanderRepository for commander-specific database operations
- Implement GameRepository for game-specific database operations
- All repositories use parameterized queries to prevent SQL injection
- Centralized database access patterns for better maintainability
Benefits:
- Cleaner separation of concerns (repositories handle data access)
- Reusable repository pattern can be extended for new entities
- Better error handling and transaction support
- Improved code organization and maintainability
- All database queries now properly handle PostgreSQL async operations
* Add comprehensive PostgreSQL migration documentation
- Complete migration summary with before/after comparison
- Detailed changes to each component
- Architecture improvements and benefits
- Repository pattern explanation
- Quick start guide for development and production
- Deployment instructions
- Testing guidelines
- Verification checklist
* Fix Docker build: update package-lock.json and npm syntax
- Run npm install to update package-lock.json with pg dependencies
- Replace deprecated --only=production with --omit=dev (npm 7+)
- Resolves Docker build error about missing pg packages in lock file
* Add migration status document
- Executive summary of completed migration
- Detailed commits history with verification
- Architecture before/after comparison
- Deployment instructions (dev & prod)
- Testing procedures
- Performance characteristics
- Troubleshooting guide
- Rollback instructions (if needed)
- Final sign-off for production readiness
* Add comprehensive deployment checklist
- Pre-deployment verification checklist
- Development deployment step-by-step guide
- Production deployment procedures
- Rollback instructions for emergency cases
- Monitoring and maintenance procedures
- Common issues and solutions
- Performance monitoring commands
- Sign-off checklist for deployment readiness
* Fix PostgreSQL user authentication in docker-compose
- Use postgres superuser instead of creating custom user
- Add init-db script directory for database initialization
- Update docker-compose to mount init scripts
- Simplify credentials: use 'postgres' user for dev
- Update .env.example with correct default credentials
- Health check now uses postgres user
This resolves the 'role edh_user does not exist' error on container startup.
The postgres superuser can create and manage databases and migrations.
* Add Docker Compose testing guide
- Prerequisites checklist
- Step-by-step startup instructions
- Service verification procedures
- API and database testing commands
- Frontend verification steps
- Troubleshooting guide for common issues
- Cleanup procedures
- Expected results checklist
* Fix PostgreSQL password authentication - use correct default user
- Remove incorrect POSTGRES_USER setting (defaults to postgres)
- Set POSTGRES_PASSWORD=edh_password for the default postgres user
- Set POSTGRES_DB=edh_stats to create database automatically
- Update db-migrate and backend services to use password: edh_password
- Update .env.example with correct credentials
PostgreSQL Docker image automatically creates the 'postgres' superuser
when POSTGRES_PASSWORD is set. This resolves the authentication error.
* Add final verification document for completed migration
- Complete migration status verification
- All issues resolved checklist
- Final commit log with all 10 commits
- Quick start command for docker-compose
- Development credentials reference
- Complete list of deliverables
- Documentation index
- Ready-to-deploy status confirmation
* Fix PostgreSQL initialization and SQL migration execution
- Fix 01-init.sql: Remove invalid MySQL syntax and rely on POSTGRES_DB for database creation
- Fix database.js: Execute entire migration/seed SQL files as single queries instead of splitting by semicolon
This prevents issues with multi-statement SQL constructs (functions, views, triggers)
- Fix docker-compose.yml: Add listen_addresses=* to allow connections from Docker network containers
and add PGPASSWORD to healthcheck for proper password authentication
All services now start successfully:
- PostgreSQL accepts connections from Docker network
- Migrations run without errors
- Seed data is properly inserted
- Backend API starts and health checks pass
- Database schema with tables, views, and triggers created correctly
* Fix production docker-compose configuration in deploy.sh
- Add listen_addresses=* to PostgreSQL command for Docker network connectivity
- Use 'postgres' superuser instead of DB_USER variable (matches development setup)
- Fix PostgreSQL healthcheck to include PGPASSWORD environment variable
- Fix frontend healthcheck to check root path instead of non-existent /health endpoint
- Add resource limits to frontend container for consistency
- Update .env documentation to reflect correct PostgreSQL user
* Fix DB_USER configuration consistency
- Change default DB_USER in database.js from 'edh_user' to 'postgres'
- Aligns with .env.example, docker-compose.yml, and deploy.sh
- Add clarifying comment in .env.example explaining superuser requirement
- DB_USER must be a superuser to run migrations and create schema objects
The PostgreSQL superuser 'postgres' is created automatically by the Docker image
and has the necessary privileges for all application operations.
* Add DB_SEED environment variable to toggle automatic seeding
- Add DB_SEED environment variable to db-migrate service (default: false)
- Update migrate.js to check DB_SEED and automatically seed if enabled
- Fix seeds.sql ON CONFLICT clauses and sequence resets to use dynamic MAX(id)
- Seeds can now be triggered by setting DB_SEED=true in docker-compose or .env
- Add documentation to .env.example explaining DB_SEED option
- Update deploy.sh to support DB_SEED in production configuration
This allows developers to quickly populate test data during development
without manual seeding commands, while keeping it opt-in for clean databases.
* Fix Commander model: properly convert colors array to JSON for JSONB storage
- Convert JavaScript arrays to JSON strings before inserting into JSONB column
- Add ::jsonb type cast in SQL queries for explicit JSONB conversion
- Handle both array and string inputs in create() and update() methods
- Fixes 'invalid input syntax for type json' error when creating/updating commanders
The pg library doesn't automatically convert JS arrays to JSON, so we must
stringify them before passing to PostgreSQL. The ::jsonb cast ensures proper
type conversion in the database.
* Fix JSON parsing in routes: PostgreSQL JSONB is already parsed
PostgreSQL's pg library automatically parses JSONB columns into JavaScript objects.
The routes were incorrectly calling JSON.parse() on already-parsed JSONB data,
which would fail or cause errors.
Fixed in:
- backend/src/routes/commanders.js (3 occurrences)
- backend/src/routes/games.js (3 occurrences)
- backend/src/routes/stats.js (1 occurrence)
Changed from: JSON.parse(colors) or JSON.parse(commander_colors)
Changed to: colors || [] or commander_colors || []
This matches how the models already handle JSONB data correctly.
* Fix seeds.sql: correct bcrypt hash for password123
The previous bcrypt hash was incorrect and did not match 'password123'.
Generated the correct hash using bcryptjs with 12 rounds.
Correct credentials for seeded test users:
- Username: testuser
Password: password123
- Username: magictg
Password: password123
This allows developers to login to the application with seeded data.
* Fix stats routes: convert from SQLite to PostgreSQL async methods
- Replace db.prepare().get() with await dbManager.get()
- Replace db.prepare().all() with await dbManager.all()
- Update parameterized query placeholders from ? to $1, $2, etc
- Change boolean comparisons from 'won = 1' to 'won = TRUE' for PostgreSQL
- Remove unnecessary db.initialize() calls
- Both /api/stats/overview and /api/stats/commanders now working correctly
* Fix games routes: remove SQLite boolean conversions and unnecessary JSON parsing
- Remove boolean-to-integer conversion (was converting true/false to 1/0)
- Remove JSON.parse() on JSONB colors column (PostgreSQL pg driver already parses JSONB)
- Fix in both POST create response and PUT update response
- Colors array now correctly returned as already-parsed JavaScript array
- Boolean fields now correctly returned as native boolean type
* Fix frontend: remove JSON.parse() on colors from API responses
- colors field is now pre-parsed array from PostgreSQL JSONB
- Simplified stats.html line 124: remove JSON.parse(stat.colors)
- Simplified dashboard.html line 279: remove defensive type checking for colors
- Frontend now properly handles colors as JavaScript arrays
* Simplify: remove defensive type checking for commanderColors in
dashboard
- game.commanderColors is always an array from PostgreSQL JSONB
- Changed from complex ternary to simple: game.commanderColors || []
* feat: improve environment variable handling in docker-compose and .env.example
- Add RATE_LIMIT_WINDOW and RATE_LIMIT_MAX to .env.example (commented for now)
- Update docker-compose.yml to use environment variables with defaults
- All DB_* variables now use default format
- NODE_ENV, JWT_SECRET, CORS_ORIGIN, LOG_LEVEL, ALLOW_REGISTRATION now respect env vars
- DB_SEED now uses environment variable
- Improves flexibility for development, testing, and production deployments
- Maintains backward compatibility with defaults
- Reduces hardcoded values and increases configurability
* fix: use DB_PASSWORD environment variable in postgres healthcheck
- PGPASSWORD in healthcheck was hardcoded to 'edh_password'
- Changed to use ${DB_PASSWORD:-edh_password} for consistency
- Ensures healthcheck respects DB_PASSWORD environment variable
- Fixes issue where custom DB_PASSWORD would cause healthcheck to fail
* fix: make PostgreSQL external port configurable via DB_PORT
- Changed postgres port mapping from hardcoded '5432:5432' to '${DB_PORT:-5432}:5432'
- Allows users to expose PostgreSQL on different external port via DB_PORT env variable
- Internal container port remains 5432 (unchanged)
- Enables non-standard port usage in constrained environments
- Maintains backward compatibility with default of 5432
* fix: update production docker-compose template in deploy.sh for environment variables
Changes to generated docker-compose.prod.deployed.yml:
Postgres Service:
- Added configurable external port: ${DB_PORT:-5432}:5432
- Ensures port mapping respects DB_PORT environment variable
DB-Migrate Service:
- DB_HOST: postgres -> ${DB_HOST:-postgres}
- DB_PORT: 5432 -> ${DB_PORT:-5432}
- DB_USER: postgres -> ${DB_USER:-postgres}
- Maintains configuration consistency with development
Backend Service:
- DB_HOST: postgres -> ${DB_HOST:-postgres}
- DB_PORT: 5432 -> ${DB_PORT:-5432}
- DB_USER: postgres -> ${DB_USER:-postgres}
- LOG_LEVEL: warn -> ${LOG_LEVEL:-warn}
- Removed hardcoded RATE_LIMIT_* variables (not used yet)
- All variables now properly parameterized
Documentation:
- Updated .env example to include DB_USER, LOG_LEVEL, DB_SEED
- Better guidance for production deployment
Ensures production deployments have same flexibility as development
* fix: update GitHub Actions workflow for PostgreSQL and environment variables
Postgres Service:
- POSTGRES_USER: edh_user -> postgres (matches .env.example and deploy.sh)
- POSTGRES_PASSWORD: change-this-in-production -> edh_password (matches .env.example)
- Added ports configuration: ${DB_PORT:-5432}:5432 (allows external access)
- Fixed healthcheck to use PGPASSWORD and proper variable syntax
DB-Migrate Service:
- DB_HOST: postgres -> ${DB_HOST:-postgres}
- DB_PORT: 5432 -> ${DB_PORT:-5432}
- DB_USER: edh_user -> postgres
- DB_PASSWORD: change-this-in-production -> edh_password
- Added DB_SEED=${DB_SEED:-false}
Backend Service:
- DB_HOST: postgres -> ${DB_HOST:-postgres}
- DB_PORT: 5432 -> ${DB_PORT:-5432}
- DB_USER: edh_user -> postgres
- DB_PASSWORD: change-this-in-production -> edh_password
- JWT_SECRET: removed unsafe default (must be provided)
- LOG_LEVEL: warn -> ${LOG_LEVEL:-warn}
Ensures GitHub Actions workflow is consistent with:
- docker-compose.yml (development)
- deploy.sh (production script)
- .env.example (configuration template)
* feat: implement global rate limiting and request/response logging
- Added rateLimitConfig to jwt.js with configurable window (minutes) and max requests
- Integrated global rate limiting into server.js using RATE_LIMIT_WINDOW and RATE_LIMIT_MAX env vars
- Default: 100 requests per 15 minutes (overridable via environment)
- Added request/response logging hooks for debugging (logged at debug level)
- Logs include method, URL, IP, status code, and duration
- Updated .env.example to document rate limiting configuration
* docs: update README for PostgreSQL migration and new features
- Updated intro to mention PostgreSQL instead of SQLite
- Added rate limiting and request logging features to infrastructure
section
- Updated Technology Stack to reflect PostgreSQL and rate-limiting
- Revised environment variables section with PostgreSQL config
- Added Custom Environment Variables section with examples
- Expanded Database section with PostgreSQL-specific details
- Added Tips & Common Operations for PostgreSQL management
- Updated Recent Changes to document Session 3 migration work
- Updated Development Notes for async database operations
- Added JSONB field documentation
* security: remove exposed PostgreSQL port from docker-compose
PostgreSQL no longer needs to be exposed to the host since:
- Backend container accesses postgres via internal Docker network
- DB_PORT=5432 is only for internal container connections, not port mapping
- Removes unnecessary attack surface in production
Changes:
- Removed 'ports:' section from postgres service in docker-compose.yml
- Removed port mapping from production deploy.sh template
- Clarified DB_PORT usage in .env.example (internal only)
- Added DB_USER to .env.example with explanation
Security Impact:
- PostgreSQL only accessible within Docker network
- Reduced container exposure to host network
- More secure production deployments
Tested:
- All services start successfully
- Backend connects to postgres via internal network
- Login works, database queries successful
- Frontend accessible on 8081, Backend on 3002
* refactor: remove hardcoded DB_PORT, use PostgreSQL standard port 5432
Simplified database configuration by removing configurable DB_PORT since
PostgreSQL always runs on standard port 5432:
Changes:
- Updated backend/src/config/database.js to hardcode port 5432
- Removed DB_PORT from all docker-compose services
- Removed DB_PORT from production deploy.sh template
- Updated .env.example with clearer documentation
- Clarified that port 5432 is not configurable
Benefits:
- Simpler configuration (fewer environment variables)
- Standard PostgreSQL port is expected behavior
- Reduced configuration surface area
- Still flexible: can adjust DB_HOST for different database servers
Tested:
- All services start successfully
- Database connections work via internal Docker network
- User authentication functional
- API endpoints respond correctly
* docs: update README to reflect DB_PORT removal and configuration simplification
Updated documentation to reflect latest changes:
- Removed DB_PORT from environment variables section (port 5432 is standard)
- Added note that PostgreSQL port is not configurable
- Clarified connection details (port 5432 is standard, not configurable)
- Updated project structure: postgres_data instead of database
- Added deployment script to project structure
- Updated Recent Changes section with configuration simplification details
- Added DB_SEED documentation to environment variables
- Improved clarity on which settings are configurable vs. standard
Emphasizes the security and simplicity improvements from removing
unnecessary port configuration.
* Remove migration docs and init scripts
* refactor: migrate routes from models to repositories
Replaced all data access layer calls in routes from Model classes to Repository classes.
Changes:
- auth.js: Now uses UserRepository instead of User model
* User.create() → UserRepository.createUser()
* User.findByUsername() → UserRepository.findByUsername()
* User.findById() → UserRepository.findById()
* User.verifyPassword() → UserRepository.verifyPassword()
* User.updatePassword() → UserRepository.updatePassword()
* User.updateUsername() → UserRepository.updateUsername()
* User.updateProfile() → UserRepository.updateProfile()
- commanders.js: Now uses CommanderRepository instead of Commander model
* Commander.create() → CommanderRepository.createCommander()
* Commander.findByUserId() → CommanderRepository.getCommandersByUserId()
* Commander.search() → CommanderRepository.searchCommandersByName()
* Commander.findById() → CommanderRepository.findById()
* Commander.update() → CommanderRepository.updateCommander()
* Commander.delete() → CommanderRepository.deleteCommander()
* Commander.getStats() → CommanderRepository.getCommanderStats()
* Commander.getPopular() → CommanderRepository.getPopularCommandersByUserId()
- games.js: Now uses GameRepository instead of Game model
* Game.findByUserId() → GameRepository.getGamesByUserId()
* Game.findById() → GameRepository.getGameById()
* Game.create() → GameRepository.createGame()
* Game.update() → GameRepository.updateGame()
* Game.delete() → GameRepository.deleteGame()
* Game.exportByUserId() → GameRepository.exportGamesByUserId()
Benefits:
✅ Clean separation of concerns (routes vs data access)
✅ Better testability (can mock repositories)
✅ More maintainable (database logic centralized)
✅ Consistent patterns across all data access
✅ Easier to add caching or logging layers
Testing:
✓ All syntax checks pass
✓ Authentication working
✓ Commanders endpoint returning 5 commanders
✓ Games endpoint returning 16 games
✓ All endpoints functional
* refactor: remove unused model classes
Models (User, Commander, Game) have been fully replaced by their
corresponding Repository classes. All functionality is preserved in
the repositories with no loss of capability or breaking changes.
Deleted files:
- User.js (136 lines)
- Commander.js (195 lines)
- Game.js (204 lines)
Total: ~535 lines of unused code removed
Benefits:
✅ Cleaner codebase - no duplicate data access logic
✅ Single source of truth - repositories handle all data access
✅ Better maintainability - clear separation of concerns
✅ No confusion - developers only use repositories
✅ Follows DRY principle - no code duplication
Testing:
✓ All routes verified to use repositories only
✓ All endpoints tested and working
✓ Authentication (8 endpoints)
✓ Commanders (7 endpoints)
✓ Games (6 endpoints)
✓ Stats (read-only)
No breaking changes - all functionality identical to before.
* Configure DB env defaults and add health checks
- Use DB_USER, DB_PASSWORD, and DB_NAME with defaults in deploy.sh and
docker-compose.yml
- Replace wget-based health check with curl to /health in the frontend
service
- Remove listen_addresses configuration from Postgres in
deploy/docker-compose
- Delete frontend/public/status.html
* Return camelCase game data and richer responses
* Add validation utilities and stricter schemas
* Update commanders.html
- Remove memory usage from health response
- Remove the /test route from the server
- Enable per-route rate limiting by registering rateLimit with global:
false
- Apply a per-route limit to /test (max 3, timeWindow 15 minutes)
- Wire in Fastify rate-limit (backend) and add dependency
- Update JWT expiresIn to 24h in config
- Remove legacy auth middleware
- Add healthcheck to deployment (deploy.sh)
- Minor frontend tweaks: include average time per round in logs
- Remove Dashboard link from dashboard.html
- Frontend: use commanderId as the key for topCommanders in dashboard
- Frontend: rely on backend-sorted stats and slice to 5, removing
client-side dedup
- Backend: fix indentation in stats route
- Refactor stats views to compute totals with subqueries
- Simplify 401 handling and token-based fetch in routes
- Update Commander stats to use per-commander subqueries
- Improve frontend auth flow with clearer Alpine components
- Overhaul register page markup and scripts for accessibility
- Harden stats routes with JWT verification in preHandler and
streamlined handlers
- Read stats from user_stats and commander_stats views with debug logs
- Introduce client-side auto-refresh: listen for visibilitychange and
use a dirty flag
- Add reloadStats() to fetch overview and mark dashboard dirty after
mutations
- Minor SQL tweaks in migrations (distinct game counts and trigger
formatting)
- Small HTML/JS tweaks: add key in color loop and deduplicate top
commanders
- Refactor SQL usage in Commander and Game models to use multiline
template strings with prepared().run for readability
- Sanitize sorting in Commander.findByUserId by whitelisting columns and
normalizing the sort order to prevent SQL injection
- Align Game.create/findById to the same style with multiline queries
and consistent field list
- Harden games route: set default offset to 0 and build the query safely
(sanitized sort/order)
- Add new frontend/public/register.html with a full signup form
- Add missing fs imports in backend/database.js (existsSync, mkdirSync)
