Added a blank line for readability in the bare-metal installation guide and updated the navigation title in mkdocs.yml to 'Bare-Metal installation guide' for consistency.
Deleted the MFA backup codes API router test file. Expanded the authentication developer guide to document MFA backup code usage, format, error responses, and related endpoints for status and regeneration.
Session retrieval endpoints now return empty lists and log access attempts when ENVIRONMENT is set to 'demo'. Also, updated session cookie security to treat 'demo' like 'production', and clarified ENVIRONMENT options in documentation. Unused imports were removed from users/user/router.py.
Added instructions for updating to a new version of Endurain, including steps for stopping the service, removing old files, downloading the latest release, building the frontend, setting up the backend, and starting the service.
Enhanced the Content-Security-Policy header to allow inline images, styles, scripts, and OpenStreetMap tiles to allow frontend static serving from FastAPI.
Major expansion of authentication documentation: clarified OAuth 2.1 hybrid token storage, CSRF protection, refresh token rotation, session management, progressive account lockout, and best practices for web and mobile clients.
Updated backend and frontend to use '/auth/login', '/auth/refresh', '/auth/mfa/verify', and '/auth/logout' endpoints instead of legacy paths. Adjusted CSRF middleware, route prefixes, tests, documentation, and service utilities to match the new endpoint structure for improved clarity and consistency.
Implements optional session idle and absolute timeout logic, including new environment variables for configuration. Adds last_activity_at to sessions, enforces timeouts on token refresh, and introduces a scheduler job to clean up idle sessions. Also introduces progressive lockout for failed logins and updates documentation and examples accordingly.
Implements database-backed OAuth state management to support secure PKCE flows for mobile SSO. Adds new models, CRUD, and scheduled cleanup for OAuth state, updates identity provider login and callback flows to use server-side state, and introduces a token exchange endpoint for mobile clients. Updates session and rate limiting logic, and maintains backward compatibility for web clients using cookie-based state.
Expanded the authentication documentation with a detailed step-by-step guide for implementing OAuth/SSO in mobile applications using WebView. The new section covers prerequisites, provider discovery, WebView handling, token extraction, secure storage, authenticated API requests, and token refresh logic.
Updated authentication documentation to reflect new public and profile-based identity provider API routes. Also added support for displaying the PocketID icon in the identity provider list component.
Introduced details about the public demo environment, including URL, credentials, and reset schedule, to the README, and documentation index. This helps users try Endurain before installation and clarifies demo limitations.
Replaces the old 'Single-sign-on' doc with a new, comprehensive 'single-sign-on.md' covering SSO setup for multiple providers, troubleshooting, and security. Updates mkdocs.yml to reference the new file, enhance navigation, and enable additional markdown extensions and icons for improved documentation formatting.
Split the monolithic developer-guide.md into three focused documents: setup-dev-env.md, authentication.md, and supported-types.md. Updated mkdocs.yml navigation to reflect the new structure, improving documentation clarity and maintainability.
This is a set of documentation instructions to set up SSO using either Pocket ID or Tailscale as the SSO provider. It provides the steps needed within the provider as well as how to complete the "Identity Providers" custom form within Endurain.
Replaced all references to 'joaovitoriasilva/endurain' with 'endurain-project/endurain' across documentation, templates, Docker examples, and code. Updated badge URLs, Docker image paths, and author email in backend metadata to reflect the new organization. This ensures consistency and correct attribution following the repository migration.
Updated backend and frontend version numbers to 0.16.1. User-Agent headers in backend now use the API version from config. Improved migration guide wording. Added placeholders to weight input fields and set their default values to null in HealthWeightAddEditModalComponent. #438
Eliminated default-libmysqlclient-dev and pkg-config from the bare-metal installation instructions for Endurain on Debian, as they are no longer required.
Expanded the documentation to include installation and configuration steps for both Caddy and Nginx Proxy Manager as reverse proxies. The guide now provides clearer separation of Docker, Caddy, and Nginx Proxy Manager installation steps, and includes an example Nginx Proxy Manager config inline. Removed the standalone npm_endurain.conf file, as its contents are now integrated into the documentation.
Updated the application to read SMTP_PASSWORD using the read_secret method, enabling support for Docker secrets via SMTP_PASSWORD_FILE. Documentation was updated to reflect this new option for configuring SMTP credentials.
Updated trademark notice to reflect registered status. Revised ROADMAP.md to replace multiple security features with passkey support. Updated docs/index.md to reflect new logging features, sign-up options, SSO support, and linked to ROADMAP.md for planned features.
Replaced login, reset password modal, and sign-up screenshots in the gallery. Updated gallery.md to specify that images should be 1000x1000 pixels. Also updated the login asset in the frontend.
Added new screenshots for health, settings, and authentication pages, updated several existing images, and removed obsolete ones. The gallery documentation was updated to reflect the new and reorganized screenshots, providing a more comprehensive and up-to-date visual overview of the application's UI. Minor formatting cleanups were also made in the developer and getting started guides.
Added new 'Features' section in docs. Renamed 'sleep-scoring.md' from 'getting-started' to 'features' and updated mkdocs.yml navigation to reflect this change.
Added fields for resting heart rate and average skin temperature deviation to the HealthSleepAddEditModalComponent, including support in form data, submission logic, and i18n translations for both English and Portuguese. Updated documentation to mention DB_HOST as a required environment variable. #426
Introduces a comprehensive sleep scoring module with detailed calculation logic and integration into health sleep creation and editing endpoints. Refactors HealthSleep model and schema to use integer types for heart rate, SpO2, respiration, and sleep stress fields. Updates related tests and documentation to reflect the new scoring system and data type changes.
Changed DATA_DIR to use BACKEND_DIR for consistency in config.py and removed unused import in fit/utils.py. Added documentation for FRONTEND_DIR, BACKEND_DIR, DATA_DIR, and LOGS_DIR environment variables in advanced-started.md to clarify their usage.
Introduces 'Inline skating' as a new activity type (ID 45) across backend and frontend. Updates schemas, utility mappings, i18n files, UI components, and search functionality to handle inline skating activities. #411
Introduces 'Snow shoeing' as a new activity type (ID 44) across backend and frontend. Updates schema, activity mappings, goal calculations, developer documentation, i18n files, activity utilities, and UI components to support the new activity. Ensures snow shoeing is selectable, filterable, and properly displayed throughout the application. #411
Introduces Sailing (type 43) as a supported activity throughout the backend and frontend. Updates activity mappings, i18n files, UI dropdowns, and utility functions to include Sailing. Adjusts search and filtering logic to handle the new activity type and corrects some error message keys in SearchView. #411
Introduces kayaking as a new activity type (ID 42) in backend and frontend. Updates activity mappings, i18n labels, UI components, and search logic to support kayaking alongside rowing where appropriate. #411
Introduces 'Cardio training' as a new activity type (ID 41) across backend and frontend. Updates activity mappings, enums, goal logic, UI components, and i18n files to support the new type. Also fixes goal list initialization in SettingsUserGoals.vue.
Introduces Slovenian (SL) as a supported language across backend and frontend, including language enum, language switchers, and i18n resources. Updates documentation to credit the contributor, and increments version numbers in backend and frontend to 0.15.7.
