nuzlocke-tracker

pokemon/nuzlocke-tracker

Fork 0

Commit Graph

Author	SHA1	Message	Date
Julian Tabel	eeb1609452	fix: enforce run ownership on all mutation endpoints Add require_run_owner helper in auth.py that enforces ownership on mutation endpoints. Unowned (legacy) runs are now read-only. Applied ownership checks to: - All 4 encounter mutation endpoints - Both boss result mutation endpoints - Run update/delete endpoints - All 5 genlocke mutation endpoints (via first leg's run owner) Also sets owner_id on run creation in genlockes.py (create_genlocke, advance_leg) and adds 22 comprehensive ownership enforcement tests. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-21 13:28:47 +01:00
Julian Tabel	0a519e356e	feat: add auth system, boss pokemon details, moves/abilities API, and run ownership Some checks failed CI / backend-tests (push) Failing after 1m16s Details CI / frontend-tests (push) Successful in 57s Details Add user authentication with login/signup/protected routes, boss pokemon detail fields and result team tracking, moves and abilities selector components and API, run ownership and visibility controls, and various UI improvements across encounters, run list, and journal pages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-20 21:41:38 +01:00
Julian Tabel	d6a0b60585	Add integration tests for Runs & Encounters API 28 tests covering run CRUD, rules JSONB storage, encounter creation, route-lock enforcement, shinyClause and giftClause bypasses, status transitions (complete/fail), and encounter update/delete. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 12:58:28 +01:00

Author

SHA1

Message

Date

Julian Tabel

eeb1609452

fix: enforce run ownership on all mutation endpoints

Add require_run_owner helper in auth.py that enforces ownership on
mutation endpoints. Unowned (legacy) runs are now read-only.

Applied ownership checks to:
- All 4 encounter mutation endpoints
- Both boss result mutation endpoints
- Run update/delete endpoints
- All 5 genlocke mutation endpoints (via first leg's run owner)

Also sets owner_id on run creation in genlockes.py (create_genlocke,
advance_leg) and adds 22 comprehensive ownership enforcement tests.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-03-21 13:28:47 +01:00

Julian Tabel

0a519e356e

feat: add auth system, boss pokemon details, moves/abilities API, and run ownership

CI / backend-tests (push) Failing after 1m16s

Details

CI / frontend-tests (push) Successful in 57s

Details

Add user authentication with login/signup/protected routes, boss pokemon
detail fields and result team tracking, moves and abilities selector
components and API, run ownership and visibility controls, and various
UI improvements across encounters, run list, and journal pages.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-20 21:41:38 +01:00

Julian Tabel

d6a0b60585

Add integration tests for Runs & Encounters API

28 tests covering run CRUD, rules JSONB storage, encounter creation,
route-lock enforcement, shinyClause and giftClause bypasses, status
transitions (complete/fail), and encounter update/delete.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-21 12:58:28 +01:00

3 Commits