Gabriel Kaszewski bf73d4a695 feat: CORS, role in auth, banner_url, diary sort, cleanup ...

- CORS layer on API routes via CORS_ORIGINS env var
- role field in login + profile responses
- banner_url in profile response
- diary sort_by: rating_desc/rating_asc/date_asc/date_desc
- UserRole::as_str() to deduplicate role mapping
- typed DTOs for import preview (replace ad-hoc JSON)
- warn on invalid CORS origins

2026-06-04 02:06:51 +02:00

2.6 KiB

Raw Blame History

View Raw