Harden auth/upload, fix PR-delete cascade and sync backfill
- OIDC: require signed short-lived state on login callback; reject missing userinfo sub (account-takeover guard); validate token exchange + userinfo responses - Upload: safe zip extraction (path-traversal + zip-bomb cap), streamed size-capped writes, sanitised filenames - Garmin: increasing lookback resets last_sync_at for one-time backfill - Activities: delete/reprocess remove PersonalRecord rows (no FK cascade) - Profile: validate /weight limit; sync lookback UI copy - Dashboard: sleep shading uses same day as charted body battery Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -168,8 +168,11 @@ export default function DashboardPage() {
|
||||
date: rows[0]?.date ? rows[0].date.slice(0, 10) : null, // intraday endpoint wants YYYY-MM-DD
|
||||
resting_hr: pick('resting_hr'),
|
||||
sleep_duration_s: pick('sleep_duration_s'),
|
||||
sleep_start: pick('sleep_start'),
|
||||
sleep_end: pick('sleep_end'),
|
||||
// Sleep window must come from the SAME day as `date` (the day whose intraday
|
||||
// body battery we chart), not the latest non-null — otherwise the sleep
|
||||
// shading is aligned to a different night. Null here just means "no shading".
|
||||
sleep_start: rows[0]?.sleep_start ?? null,
|
||||
sleep_end: rows[0]?.sleep_end ?? null,
|
||||
hrv_nightly_avg: pick('hrv_nightly_avg'),
|
||||
sleep_score: pick('sleep_score'),
|
||||
steps: pick('steps'),
|
||||
|
||||
Reference in New Issue
Block a user