# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [v0.2.0-alpha] - 2026-01-29

### Added

- **Authentication System**
  - User registration with email/password
  - User login with JWT access/refresh tokens
  - Token refresh endpoint
  - Logout functionality
  - Protected routes middleware

- **API Endpoints**
  - `POST /api/auth/register` - User registration
  - `POST /api/auth/login` - User login
  - `POST /api/auth/logout` - User logout
  - `GET /api/auth/me` - Get current user
  - `POST /api/auth/refresh` - Refresh access token

- **Security Features**
  - Password hashing with bcryptjs (work factor 12)
  - Rate limiting (10 login attempts/15min, 20 registrations/hour)
  - Input validation with Zod
  - JWT authentication middleware
  - Helmet security headers

- **Frontend**
  - API client with token management
  - Request interceptor for Authorization header
  - React + Vite project setup
  - Mantine UI components integration
  - Tailwind CSS configuration

### Changed

- Database provider switched from Supabase to self-hosted Node.js backend
- Schema updated for SQLite (development) and PostgreSQL (production)

### Technical

- **Backend**: Express.js + TypeScript + Prisma ORM
- **Frontend**: React 18 + Vite + Mantine + Tailwind CSS
- **Database**: SQLite (dev) / PostgreSQL (prod)
- **Authentication**: JWT with access token (7d) + refresh token (30d)

## [v0.1.0-alpha] - 2026-01-28

### Added

- Project initialization
- Frontend React + Vite project
- Backend Node.js + Express project
- Prisma ORM setup
- Initial database schema

[Unreleased]: https://github.com/your-repo/compare/v0.2.0-alpha...HEAD
[v0.2.0-alpha]: https://github.com/your-repo/releases/tag/v0.2.0-alpha
[v0.1.0-alpha]: https://github.com/your-repo/releases/tag/v0.1.0-alpha