v1.9.0

Release v1.9.0 (2025-11-07)

What’s New

Added

• Security Enhancements

  • Implemented Content Security Policy (CSP) configuration using Helmet to enhance protection against XSS and data injection attacks.

• Utilities

  • Introduced the isValidDomain helper function with comprehensive unit tests, ensuring proper validation of domain and CDN URLs used in asset handling.

• Documentation

  • Expanded the README with:

    • Git LFS documentation.
    • Detailed RESTful API section.
    • Postman logo and public API collection link for easier testing.
    • Continuous Integration (CI) badge for visibility on build and test status.

Fixed

• Authentication

  • Enhanced refresh token validation logic to prevent reuse of revoked tokens and improve session security.

• Asset Management

  • Fixed issues with asset URLs when using custom domains or CDNs (e.g., https://cdn.exzly.dev).
  • Added domain validation to prevent double slashes and incorrect URL formatting.

• User Interface

  • Adjusted and aligned photo preview modals to ensure proper centering and consistent layout across admin and user views.

Changed

• View Engine

  • Improved asset handling to support external CDN integration and domain-based asset path generation.

• Codebase Refinement

  • Minor refactors across UI components and middleware for readability and maintainability.

• Environment Management

  • Extended .gitignore to include .env.* files, preventing accidental commits of local or environment-specific configurations.

Testing & CI/CD 🧪

• Unit Testing

  • Added comprehensive test coverage for isValidDomain and numeric validation utilities.
  • Verified all validation helpers meet edge case standards using Jest.

• Security Testing

  • Ensured CSP configuration works correctly via Helmet middleware and does not break existing functionality.

• CI/CD Improvements

  • Merged latest develop/v1 changes into release branch to maintain stable deployment pipelines.
  • Updated README formatting and added API usage examples.

Dependency Updates

• Core Packages

  • Upgraded critical dependencies to fix security vulnerabilities:

    • express-validator
    • validator

• Minor Updates

  • General maintenance for compatibility with Node.js 22+ and latest Express ecosystem.

Full Changelog: v1.8.0...v1.9.0

v1.8.0

Release v1.8.0 (2025-10-17)

What’s New

Added

• User Experience (UX) Enhancements
  • Implemented a spinning loading indicator during profile photo upload and removal processes in Admin views (Account Settings and User Edit pages) to improve user feedback.
• API & Utility
  • Added serverTime to the root API endpoint response (/api) to facilitate client-server time synchronization.
  • Introduced the isNumeric helper function to the number utility collection.

Fixed

• Admin/API Logic
  • Critical fix: Prevented an administrator from demoting themselves via the API, which was necessary to maintain system stability.
• User Validation
  • Added username length validation for both user registration and update processes to ensure data consistency.

Changed

• Admin User Interface (UI) Refactoring
  • Improved responsiveness of user detail modals across the Admin Dashboard and User Index views.
  • Cleaned up and restructured user action button layouts for better alignment and appearance.
  • Ensured modals are removed from the DOM after being closed to optimize performance.
• Admin User Module Logic
  • Significant code cleanup in DataTables event handlers, refactoring them to use row ID instead of passing redundant data objects.
  • Refactored AJAX success and error handling for DataTables actions (delete, restore, etc.) to ensure the user table redraws consistently.
• Code Cleanup
  • Simplified and renamed debug utility exports.

Testing & CI/CD 🧪

• Comprehensive Test Coverage
  • Added extensive unit tests for critical user API endpoints in users.spec.js, ensuring full coverage for:
    • User promotion and demotion, including the 'Cannot demote yourself' validation.
    • Validation for missing user ID in the '/profile' endpoint.
    • Validation logic for the 'Cannot delete a user with an earlier account creation date' rule.
  • Added unit tests for getFileTypeFromBuffer and getFileTypeFromFile utility functions.
• Code Coverage
  • Updated Codecov configuration to enforce a minimum overall coverage target of $80%$.
  • Enabled Codecov upload for CI workflows on develop/v1 and develop/v2 branches.
• Dependabot
  • Changed Dependabot's target branch to develop/v1.

Dependency Updates

• Core Dependencies
  • Bumped mysql2, sharp, and @types/sequelize to their latest versions for stability and security.

Full Changelog: v1.7.0...v1.8.0

v1.7.0

Release v1.7.0 (2025-10-08)

What’s New

Added

• User Management Enhancements

  • Introduced user session management via a new userSession object for client-side session tracking.
  • Added new API endpoints to promote or demote admin roles:
    • POST /api/users/promote/:userId
    • POST /api/users/demote/:userId
  • Included additional user data (gender, photoProfile) in the sign-in API response.
  • Views and templates updated to utilize the userSession object and createRoute() helper for consistent routing.

Fixed

• Web Testing

  • Removed the password reset redirection test, which was causing issues in the test flow.
  • Fixed the status check in tests, ensuring it is accurate and aligned with the intended logic.

• Authentication Testing

  • Restructured the forgot-password tests and integrated them into the account recovery test suite for improved organization and maintainability.

Changed

• User API & Views

  • Refactored validation and authorization logic to use req.userId consistently across routes.
  • Enhanced the delete user logic with better safety checks and cleaner structure.
  • Updated views to improve consistency with the new session structure.

• Code Cleanup

  • Removed deprecated <center> HTML tags from templates.
  • Improved route helpers and view logic to better support dynamic rendering.

Dependency Updates

• Production & Development Dependencies

  • jest → 30.2.0
  • express-rate-limit → 8.1.0
  • eslint → 9.37.0
  • nodemailer, @types/nodemailer → latest
  • dotenv → 17.2.3
  • globals → 16.4.0
  • @eslint/js → 9.36.0
  • prettier → 3.6.2

• Dependabot Configuration

  • Added uuid and @faker-js/faker to the monitored dependency list.

Full Changelog: v1.6.1...v1.7.0

v1.6.1

Release v1.6.1 (2025-09-15)

What’s New

Fixed

• Web Testing

  • Removed the password reset redirection test, which was causing issues in the test flow.
  • Fixed the status check in tests, ensuring that it is more accurate and aligned with the intended flow.

• Authentication Testing

  • Restructured the forgot-password tests and integrated them into the account recovery test suite for better organization and flow.

Changed

• Documentation

  • Minor adjustments to test documentation to match the new testing structure and updates.

Dependency Updates

No dependency updates were included in this version.

Full Changelog: v1.6.0...v1.6.1

v1.6.0

Full Changelog: v1.5.0...v1.6.0

v1.5.0

Full Changelog: v1.4.0...v1.5.0

v1.4.0

Release v1.4.0 (2025-07-15)

What’s New

Added

• Improved UX in Authentication Pages

  • Auto-focus is now applied to the first input field when loading login and registration pages to enhance user experience.

Fixed

• User Profile

  • Fixed the remove profile photo functionality — now properly deletes the user’s photo when requested.

• Admin Panel

  • Fixed the user overview modal to resolve display and interaction issues.

Changed

• No major changes in core logic or architecture were introduced in this release.

Dependency Updates

No dependency updates were included in this version.

Full Changelog: v1.3.0...v1.4.0

v1.3.0

Release v1.3.0 (2025-07-12)

What’s New

Changed

• Improved field existence check in the user model's order query:
  • Updated the logic in user.js to check for field existence in order query using fieldsName.indexOf() instead of Object.keys().

Dependency Updates

• Bumped multiple dependencies for improved stability and security:
  • jest from 30.0.3 to 30.0.4
  • @types/multer from 1.4.12 to 2.0.0
  • eslint from 9.28.0 to 9.30.1
  • @types/morgan from 1.9.9 to 1.9.10
  • @faker-js/faker from 9.8.0 to 9.9.0

Full Changelog: v1.2.0...v1.3.0

v1.2.0

Release v1.2.0 (2025-07-02)

What’s New

Changed

• Removed FOSSA badges from README to clean up unused license tracking service.

Dependency Updates

• Bumped multiple dependencies for improved stability and security:
  • @eslint/js from 9.28.0 to 9.30.1
  • dotenv from 16.5.0 to 17.0.1
  • globals from 16.2.0 to 16.3.0
  • jest from 29.7.0 to 30.0.3
  • nodemailer from 7.0.3 to 7.0.4
  • brace-expansion from 1.1.11 to 1.1.12

v1.1.0

Release v1.1.0 (2025-06-25)

What’s New

Added

• Admin panel sidebar now remembers its state (open/closed) to improve navigation experience.

• Added helpful links in README:

  • GitHub Wiki for detailed documentation.
  • Public Postman API collection for easy API testing.

Changed

• Updated Codecov badge to track the main branch.
• Switched Codecov badge to a token-authenticated version for better badge reliability.