What’s changed
- Added server-side auth enforcement for sensitive API/tRPC/WebSocket endpoints.
- Implemented
requireApiAuthin multiple settings routes to enforce authentication. - Added checks for setup completion in the authentication setup route.
- Enhanced error handling and response messages for better clarity.
- Prevented sensitive server data from being exposed in API responses.
- Fixed Alpine script path normalization to avoid double alpine- prefixes (e.g. alpine-alpine-...) and resulting 404s. #596
Improved manual auto-sync error handling:
- PocketBase fetch failures and empty responses now return explicit diagnostic errors.
- Manual sync no longer reports success when the backend sync actually failed.
Validation #587
- Targeted ESLint checks passed for changed files.
- Typecheck passed (tsc --noEmit)
- Upgraded various node packages
- Upgraded npm to 11.x
Full Changelog: v1.1.1...v1.1.2