Lesstime

MALIO-DEV/Lesstime

Fork 0

Commit Graph

Author	SHA1	Message	Date
Matthieu	fd3097cc26	chore(backend) : rate limiting, cache-control, remove twig, clean deps - Add login_throttling on /login_check (5 attempts/min) with symfony/rate-limiter - Add Cache-Control: public, max-age=86400 on avatar responses - Remove symfony/twig-bundle (unused in API-only project) - Remove unused dev deps: symfony/browser-kit, symfony/css-selector - Rename API Platform title to "Lesstime API" Tickets: T-010, T-016, T-022, T-024, T-025 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-17 15:27:16 +01:00
matthieu	a5144443a4	fix(avatar) : address review findings — security and UX fixes - Use getMimeType() instead of getClientMimeType() to prevent MIME spoofing - Change IsGranted to IS_AUTHENTICATED_FULLY so ROLE_CLIENT can access avatars - Remove Groups from avatarFileName (only avatarUrl needed by frontend) - Disable aggressive caching to prevent stale avatar images - Add error handling to avatar upload in profile page - Use i18n for "Mon profil" button text Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-15 22:02:27 +01:00
matthieu	4d0aa65920	feat(avatar) : add avatar upload/serve/delete controller Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-15 21:54:23 +01:00

Author

SHA1

Message

Date

Matthieu

fd3097cc26

chore(backend) : rate limiting, cache-control, remove twig, clean deps

- Add login_throttling on /login_check (5 attempts/min) with symfony/rate-limiter
- Add Cache-Control: public, max-age=86400 on avatar responses
- Remove symfony/twig-bundle (unused in API-only project)
- Remove unused dev deps: symfony/browser-kit, symfony/css-selector
- Rename API Platform title to "Lesstime API"

Tickets: T-010, T-016, T-022, T-024, T-025

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-17 15:27:16 +01:00

matthieu

a5144443a4

fix(avatar) : address review findings — security and UX fixes

- Use getMimeType() instead of getClientMimeType() to prevent MIME spoofing
- Change IsGranted to IS_AUTHENTICATED_FULLY so ROLE_CLIENT can access avatars
- Remove Groups from avatarFileName (only avatarUrl needed by frontend)
- Disable aggressive caching to prevent stale avatar images
- Add error handling to avatar upload in profile page
- Use i18n for "Mon profil" button text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-15 22:02:27 +01:00

matthieu

4d0aa65920

feat(avatar) : add avatar upload/serve/delete controller

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-15 21:54:23 +01:00

3 Commits