diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 3a791c2..3070d9e 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -19,7 +19,12 @@ "Bash(iptables:*)", "Bash(npx tsc:*)", "Bash(npx prisma generate:*)", - "Bash(timeout 3 node:*)" + "Bash(timeout 3 node:*)", + "Bash(git commit:*)", + "Bash(git config:*)", + "Bash(git remote add:*)", + "Bash(git push:*)", + "Bash(git remote set-url:*)" ] } } diff --git a/CLAUDE.md b/CLAUDE.md index c3418cd..95ce198 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -64,7 +64,7 @@ Next.js runs behind a custom HTTP server that also handles WebSocket upgrades. T - **Production standalone mode**: Monkey-patches `http.createServer` to intercept the HTTP server that Next.js's `startServer()` creates, injecting WebSocket upgrade handling for `/ws/chat` before Next.js registers its own upgrade handler. Reads the embedded `nextConfig` from `server.standalone.js` (saved during Docker build) and sets `__NEXT_PRIVATE_STANDALONE_CONFIG` env var so Next.js skips webpack loading. The server also runs: -- Chat message broadcasting with blacklist filtering and JWT token decoding for user identity +- Chat message broadcasting with blacklist filtering; user identity resolved by looking up `userId` (sent from client session) in the DB — the NextAuth session cookie is HttpOnly so the JWT cannot be read client-side - `squares:changed` → `squares:refresh` broadcast for real-time grid updates - Payment reminder scheduler (15-minute interval) that checks unconfirmed squares approaching grace period deadline diff --git a/src/middleware.ts b/src/middleware.ts index 82c4e05..b789607 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -36,6 +36,7 @@ export default withAuth( pathname.startsWith('/api/auth') || pathname.startsWith('/api/setup') || pathname.startsWith('/api/squares') || + pathname.startsWith('/api/settings') || pathname.startsWith('/api/users') || pathname.startsWith('/_next') || pathname.startsWith('/images')