- models.py: add composite (user_id, date) indexes to flock_history,
feed_purchases, and other_purchases for faster date-filtered queries
(egg_collections already had one via its unique constraint)
- main.py: add v2.2 migration to create the three composite indexes on
existing installs at startup
- stats.py: fix N+1 query in monthly_stats — flock history is now fetched
once and looked up per month using bisect_right instead of one DB query
per month row; also remove unnecessary Decimal(str(...)) round-trips
since SQLAlchemy already returns Numeric columns as Decimal
- eggs.py: add limit parameter (default 500, max 1000) to list_eggs to
cap unbounded fetches on large datasets
- dashboard.js: pass start= (30 days ago) when fetching eggs so the
dashboard only loads the data it actually needs for the chart and
recent collections list
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- nginx: add X-Content-Type-Options, X-Frame-Options, X-XSS-Protection,
and Referrer-Policy headers on all responses; rate limit /api/auth/login
to 5 req/min per IP (burst 3) to prevent brute force
- frontend: add escHtml() utility to api.js; use it on all notes fields
across dashboard, log, history, flock, and budget pages to prevent XSS
- log.js: fix broken loadRecent() call referencing removed #recent-body
element; replaced with loadHistory() from history.js
- schemas.py: raise minimum password length from 6 to 10 characters
- admin.py: add audit logging for password reset, disable, delete, and
impersonate actions; fix impersonate to use named admin param for logging
- main.py: add startup env validation — exits with clear error if any
required env var is missing; configure structured logging to stdout
- docker-compose.yml: add log rotation (10 MB / 3 files) to all services
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Removed standalone History page (history.html); full collection history
(date filter, edit, delete, totals footer) is now embedded in the Log
Eggs page below the log form
- Removed History nav link from all pages
- Reordered dashboard stat cards: egg counts → averages → Flock Size →
cost cards
- Egg count and average cards now use green; Flock Size card uses orange
- Updated README to reflect removed History page, merged log/history
feature, dashboard card changes, and project structure
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Rename app from Eggtracker to Yolkbook throughout
- Add JWT-based authentication (python-jose, passlib/bcrypt)
- Add users table; all data tables gain user_id FK for full data isolation
- Super admin credentials sourced from ADMIN_USERNAME/ADMIN_PASSWORD env vars,
synced on every startup; orphaned rows auto-assigned to admin post-migration
- Login page with self-registration; JWT stored in localStorage (30-day expiry)
- Admin panel (/admin): list users, reset passwords, disable/enable, delete,
and impersonate (Login As) with Return to Admin banner
- Settings modal (gear icon in nav): timezone selector and change password
- Timezone stored per-user; stats date windows computed in user's timezone;
date input setToday() respects user timezone via Intl API
- migrate_v2.sql for existing single-user installs
- Auto-migration adds timezone column to users on startup
- Updated README with full setup, auth, admin, and migration docs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New other_purchases table (date, total, notes)
- /api/other CRUD endpoints
- Budget stats now include other costs in cost/egg and cost/dozen math
- Budget page: new Log Other Purchases form, stat cards for other costs,
combined Purchase History table showing feed and other entries together
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
