- Fix liked hearts not showing after page reload (sync useEffect in CatCard)
- Replace pagination with infinite scroll (useInfiniteQuery + IntersectionObserver)
- Add HEIC/HEIF/AVIF image support with sharp conversion to JPEG on upload
- Validate MIME type alongside file extension to prevent spoofing
- Limit caption to 500 chars; increase upload size limit to 20MB
- Delete physical file from uploads/ when post is removed (cats + admin routes)
- Add WAL journal mode and graceful shutdown (SIGTERM/SIGINT) to db
- Add rate limiter for upload endpoint (10 req / 15 min)
- Add pre-deploy backup of data.db and uploads/ to deploy.sh (keeps last 10)
- Add plan_modernization.md with ideas for future improvements
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix login/register to treat usernames case-insensitively (HeagBoKaT == heagbokat) using LOWER() in SQL with JS .toLowerCase() for Unicode safety
- Add helmet for HTTP security headers and express-rate-limit on auth endpoints (20 req / 15 min) to prevent brute-force
- Lock CORS to ALLOWED_ORIGIN env var; warn if JWT_SECRET is the default dev key
- Serve built client/dist from Express so a single PM2 process handles everything
- Add deploy.sh, README.md with full first-run and auto-restart instructions, and server/.env.example
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>