marcel

0 Followers · 0 Following

• Joined on 2026-03-17

Repositories

3

Projects Packages Public Activity Starred Repositories

marcel opened issue marcel/mealprep#22 2026-04-02 11:27:12 +02:00

Frontend: B1 — Recipe library

marcel opened issue marcel/mealprep#21 2026-04-02 11:26:53 +02:00

Frontend: A4 — Join household (accept invite)

marcel opened issue marcel/mealprep#20 2026-04-02 11:26:44 +02:00

Frontend: A3/D3 — Pantry staples component (onboarding + settings)

marcel opened issue marcel/mealprep#19 2026-04-02 11:26:33 +02:00

Frontend: A2 — Household setup + invite

marcel opened issue marcel/mealprep#18 2026-04-02 11:26:24 +02:00

Frontend: A1 — Sign up screen

marcel opened issue marcel/mealprep#17 2026-04-02 11:26:15 +02:00

Frontend: App shell — responsive layout, navigation, routing

marcel opened issue marcel/mealprep#16 2026-04-02 11:25:59 +02:00

Frontend: Design system foundation — Tailwind 4 theme, CSS tokens, fonts

marcel opened issue marcel/mealprep#15 2026-04-02 11:21:38 +02:00

No password complexity requirements beyond minimum length

marcel opened issue marcel/mealprep#14 2026-04-02 11:21:33 +02:00

createInvite has no role check — any member can invite

marcel opened issue marcel/mealprep#13 2026-04-02 11:21:28 +02:00

No household-level DB enforcement — isolation relies solely on application code

marcel opened issue marcel/mealprep#12 2026-04-02 11:21:23 +02:00

Shopping list addItem does not validate ingredient belongs to household

marcel opened issue marcel/mealprep#11 2026-04-02 11:21:17 +02:00

Unbounded limit/offset parameters allow resource exhaustion

marcel opened issue marcel/mealprep#10 2026-04-02 11:21:11 +02:00

No CORS configuration — will block frontend or risk misconfiguration

marcel opened issue marcel/mealprep#9 2026-04-02 11:21:08 +02:00

Admin audit log does not capture IP addresses

marcel opened issue marcel/mealprep#8 2026-04-02 11:20:46 +02:00

Login error responses enable account enumeration via HTTP status codes

marcel opened issue marcel/mealprep#7 2026-04-02 11:20:41 +02:00

Missing catch-all exception handler — stack traces leak to clients

marcel opened issue marcel/mealprep#6 2026-04-02 11:20:35 +02:00

Swagger UI exposed to unauthenticated users in all environments

marcel opened issue marcel/mealprep#5 2026-04-02 11:20:30 +02:00

No validation on systemRole values — arbitrary roles accepted

marcel opened issue marcel/mealprep#4 2026-04-02 11:20:26 +02:00

Sessions not invalidated on password/role change or deactivation

marcel opened issue marcel/mealprep#3 2026-04-02 11:20:18 +02:00

Signup creates session but never authenticates the user