Yusuf Suleman fb79f15f75 fix(fitness): eliminate cross-user data access (#4) ...

- All user_id query params now enforced to authenticated user's own ID
- /api/users restricted to return only current user (no user enumeration)
- Wildcard CORS headers removed (service is internal-only via gateway)
- Covers: entries, totals, goals, templates, favorites, goal setting

Closes #4

2026-03-29 08:53:04 -05:00

..

frontend-legacy

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

docker-compose.yml

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

Dockerfile.backend

fix: security hardening across platform

2026-03-29 08:25:50 -05:00

server.py

fix(fitness): eliminate cross-user data access (#4)

2026-03-29 08:53:04 -05:00