Bio updates were sent directly to DBAL which returned 403 (user JWT lacks
admin privileges). Moved profile read/write through new Flask endpoints
(GET/PUT /api/profile) that use the DBAL admin token server-side.
Also fixed ProfileSettingsCard to fetch and populate the existing bio on
mount instead of always starting with an empty string.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The /api/auth/me endpoint read `username` from the top-level DBAL response,
but DBAL wraps records in {data: {...}, success: bool}. This caused the
avatar to show a blank circle and the profile menu to display "@" with no
username. Now correctly reads from `body.data.username`.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The code runner used `python3 -c` to decode FILES_PAYLOAD inside every
container, but 6+ runner images (node, golang, bash, ruby, php, perl)
don't ship python3 — so JS/Go/Bash/Ruby/PHP/Perl snippets all failed.
Replaced with a pure POSIX `base64 -d | awk` pipeline that works on
every image. Also fixes:
- pids_limit 64→256 (Go compiler crashed spawning threads)
- Per-user configurable runTimeout via settings panel (5–300s)
- Default run timeout 10→30s, server-side cap at 300s
- Frontend AbortSignal raised to 310s to match max timeout
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Align PyJWT (2.8.0→2.10.1) and requests (2.32.5→2.32.4) in pastebin
backend to match all other services. Replace futile retry loop with a
merge-and-deduplicate strategy that gives pip a single consistent set
of constraints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
