You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From the #79 code review (R12 partial, R18, R22, R23). Content-size caps and markdown sanitization already landed on the branch.
export/all builds the whole zip in a MemoryStream then ToArray() (doubles it). Stream to Response.Body instead.
Journal entry first-write upsert is check-then-insert, not atomic: two overlapping PUTs for a new (template, date) can 500 on the unique index. Catch DbUpdateException and retry as update.
Extreme dates cause unhandled 500s: date=9999-12-31 overflows AddDays(1); an entry at 0001-01-01 makes that day's export permanently throw (yesterday-link underflow). Clamp accepted dates to a sane window in one shared check.
New journal functions in lib/api.ts interpolate dates/templateKey into URLs unencoded (all current call sites pass safe dateKey output). Use URLSearchParams/encodeURIComponent consistently.
Context note for v3.1 auth: the pre-existing AllowAnyOrigin CORS policy now fronts journal/mood data - any website open in a LAN browser can read it cross-origin. Should be revisited alongside auth (Feature: Journaling #79 follow-up program).
From the #79 code review (R12 partial, R18, R22, R23). Content-size caps and markdown sanitization already landed on the branch.