- Added CSRF exemption to all JWT-authenticated API endpoints
- API routes use JWT tokens, not session cookies, so CSRF protection is not needed

- Change import to from flask_wtf.csrf import csrf_exempt
- Replace @csrf.exempt with @csrf_exempt decorators

- Initialize CSRFProtect in app/__init__.py
- Update import in app/upload/routes.py from flask_wtf.csrf to flask_wtf
- Maintain existing @csrf.exempt decorators

- Improved FileLike class with proper file handling and close() method
- Added better error handling and validation for JSON input
- Added try/finally block to ensure file handles are closed
- Added detailed error logging with traceback for debugging
- Ensures server always returns JSON instead of HTML error pages

- Error message now shows correct maximum file size from database setting
- Consistent with other validation functions using the same setting

- validate_file_size() now uses database setting instead of MAX_CONTENT_LENGTH
- detect_malicious_content() uses database setting for size limits
- Both functions now respect the configurable max_upload_size_mb (default 2048MB = 2GB)

- Explicitly set MAX_CONTENT_LENGTH in Flask app config during initialization
- Add logging to verify MAX_CONTENT_LENGTH is set correctly
- Fixes 'File too large' error for files over 500MB (now supports 5GB)

- Add seek(), tell(), read() methods to FileLike class
- Add content_type attribute for validation
- Fixes 'FileLike object has no attribute seek' error in chunked uploads

- Fix FileLike object to have proper filename attribute for validation
- Implement parallel chunk uploading (3 concurrent chunks) to speed up uploads
- Update all templates with improved chunking logic
- Fixes validation error and slow upload performance

- Add chunking JavaScript to fixture_detail.html for individual match uploads
- Add chunking JavaScript to fixture_detail.html for fixture-level bulk uploads
- Add chunking JavaScript to match_detail.html for match ZIP uploads
- All ZIP uploads now use 1MB chunks instead of uploading entire files at once
- Fixes issue where large ZIP files would fail due to memory/timeouts

- Add Migration_007_AddDoneToStatusEnum class
- Safely adds 'done' to existing status ENUM if not present
- Handles databases created before 'done' status was added
- Includes proper rollback support
- Update README and CHANGELOG with migration details

- Updated set_active() method to require status='pending' in addition to ZIP upload completion
- Added comprehensive documentation for new active status criteria
- Updated CHANGELOG.md with version 1.2.3 details
- Enhanced README.md with active status requirements documentation

Active status now requires:
1. ZIP upload status = 'completed'
2. ZIP checksum present
3. Match status = 'pending'

This provides more precise control over match activation workflow.

- Add status column to matches table with 8 enum values (pending, scheduled, bet, ingame, cancelled, failed, paused, done)
- Create Migration_006_AddStatusColumn for database schema updates
- Update Match model to include status field with proper enum validation
- Enhance match detail template to display status information
- Improve configuration auto-migration system for persistent directories
- Update README and CHANGELOG with version 1.2.3 documentation
- Maintain backward compatibility with existing matches

- Add status column to matches table with enum values (pending, scheduled, bet, ingame, cancelled, failed, paused, done)
- Implement database migration 006 for status tracking
- Update Match model with status field and validation
- Enhance match detail template to display status information
- Update documentation (README and CHANGELOG) for v1.2.3
- Enable comprehensive match lifecycle management

Delete prompt.txt

See merge request !1

- Fixed critical bug where both fighter1 and fighter2 were incorrectly sourced from fighter1 column during XLSX uploads
- Enhanced FixtureParser.detect_required_columns() with fighter-specific matching logic in app/upload/fixture_parser.py
- Added proper fighter number detection (1 or 2) to prevent cross-mapping during partial column matching
- Fighter1 columns now correctly map to fighter1 database field, Fighter2 to fighter2 field
- Prevents false positives where 'fighter2' column incorrectly matched 'fighter1' field
- Root cause: Original partial matching used split()[0] causing both 'fighter 1' and 'fighter 2' to become 'fighter'
- Solution: Implemented specific logic checking for both 'fighter' keyword AND number in column names
- Updated documentation (README.md, CHANGELOG.md) with bug fix details and version bump to v1.2.2
- Maintains backward compatibility with existing column naming conventions

- Fixed import error for get_persistent_directories (renamed to get_config_directory)
- Fixed TypeError with classmethod call during class definition
- Added config directory support to directory utilities
- Enhanced configuration loading with proper function structure
- Ensured all persistent directories are created during setup

## Cross-Platform PyInstaller Support
- Implemented persistent directory system for Windows (%APPDATA%), macOS (~/Library/Application Support), and Linux (/opt/MBetter)
- Added PyInstaller environment detection and automatic directory path optimization
- Created comprehensive directory utilities (app/utils/directories.py) with fallback mechanisms
- Enhanced configuration system to use persistent mbetterd.conf instead of .env for PyInstaller deployments

## Configuration System Enhancement
- Added configuration file migration system (migrate_config.py) for .env to mbetterd.conf transition
- Enhanced config.py with persistent config file loading and priority system (env vars > config file > defaults)
- Automatic config file discovery in persistent directories with fallback to local .env

## Authenticated ZIP Downloads
- Added new /api/download/zip/<match_id> endpoint with hybrid JWT/API token authentication
- Enhanced /api/updates endpoint to use authenticated download URLs instead of web routes
- Implemented access control ensuring users can only download their own match files (or admin access)
- Updated API routes to use persistent ZIP_UPLOADS_DIR for file serving

## Upload System Enhancement
- Modified file upload handlers to use persistent directories (ZIP_UPLOADS_DIR, FIXTURES_DIR, TEMP_DIR)
- Enhanced upload file paths to use appropriate persistent directories based on file type
- Updated main routes for ZIP downloads to use persistent directory paths
- Fixed PyInstaller temporary directory issues ensuring files persist between application restarts

## Documentation Updates
- Updated README.md with PyInstaller features, cross-platform compatibility, and authenticated downloads
- Enhanced CHANGELOG.md with comprehensive v1.2.1 release notes
- Added migration utility documentation and deployment instructions
- Updated version numbers and platform compatibility information

## Technical Improvements
- Enhanced error handling and logging throughout persistent directory operations
- Added comprehensive fallback mechanisms for various deployment scenarios
- Improved path handling with proper cross-platform directory structures
- Security enhancements for API file downloads with proper authentication validation