Maurice 4c9631998f Restore the reset-password rate limit and fix copyTrip reservation links ...

Two correctness/security gaps the NestJS migration introduced:

- POST /api/auth/reset-password lost its per-IP rate limiter. Restore it
  (5 attempts / 15 min on a dedicated bucket, same as the old resetLimiter)
  so reset tokens can't be brute-forced unthrottled. Covered by AUTH-019.
- copyTripById did not copy reservations.end_day_id (a day reference — now
  remapped through dayMap like day_id) or needs_review, so a duplicated trip
  lost multi-day transport end-day links and reset the review flag.

2026-05-31 13:38:02 +02:00

..

assets

refactor: move airports.json out of server/data into server/assets

2026-04-18 02:02:09 +02:00

public

v3.0.16 — bug fixes (#964)

2026-05-06 21:38:40 +02:00

scripts

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00

src

Restore the reset-password rate limit and fix copyTrip reservation links

2026-05-31 13:38:02 +02:00

tests

Restore the reset-password rate limit and fix copyTrip reservation links

2026-05-31 13:38:02 +02:00

.env.example

fix: add APP_VERSION fallback and HOST bind address env var (#952 #953) (#955)

2026-05-04 14:21:55 +02:00

.prettierrc

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00

package.json

Finish the NestJS migration — drop the legacy Express app

2026-05-31 13:29:22 +02:00

reset-admin.js

Stabilize core: better-sqlite3, versioned migrations, graceful shutdown

2026-03-22 17:52:24 +01:00

tsconfig.build.json

Phase 0 — NestJS + Zod foundation harness (F1–F8) (#1050)

2026-05-25 14:29:30 +02:00

tsconfig.json

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00

vitest.config.ts

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00