- portal.ts: keep min(1) validation for customerNotes (more restrictive)
- index.ts: keep waitlistRouter import and both calendar + portal public routes
- Both routers can coexist in public section (different URL namespaces)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Replace blocking window.confirm() with showRevokeConfirm state + inline
confirmation dialog in CalendarSyncSection
- Rename CalendarSync.tsx to CalendarSyncSection.tsx to match export convention
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Capture DTSTAMP once before loop instead of new Date() per event
- Return plain text 401 for auth errors (calendar clients can't parse JSON)
- Use encodeURIComponent for Content-Disposition filename
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Replace N+1 queries with single INNER JOIN across clients, pets, services
- Change Content-Disposition from attachment to inline for calendar auto-sync
- Add SEQUENCE:0 for confirmed, SEQUENCE:1 for cancelled events (RFC 5546)
- Fix sensitive field leak: return only {id, customerNotes, updatedAt}
- Add missing null-check guard after .returning() in portal.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add CalendarSync component with generate/revoke/copy functionality
- Add unit tests for generateIcalToken function
- Fix StaffRow type in petPhotos.test.ts and rbac.test.ts to include icalToken
The CalendarSync component can be added to a staff profile/settings page.
Currently the Staff page (admin/staff) does not have a profile section
for individual staff - integration will need a new route or profile section.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add 401 when DELETE /waitlist/:id has no session (auth bypass fix)
- Add auth to PATCH /waitlist/:id (was zero auth)
- Add RBAC guard for /waitlist/* routes
- Fix migration to use proper ENUM type instead of TEXT
- Add unit tests for auth scenarios
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Scrubs McBarkley