yoinkkk/ExcaliDash
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

0.2.1 Release (#32)

Browse Source 
* feat(security): implement CSRF protection

* chore: clean up CSRF implementation

  - Remove unused generateCsrfToken export from security.ts
  - Remove redundant /csrf-token path check (GET already exempt)
  - Restore defineConfig wrapper in vitest.config.ts for type safety

* add K8S note in README, fix broken e2e

* feat/upload-bar (#30)

* feat/upload-bar: add a upload bar when user upload file, indicate the upload process

* feat/save-loading-status: add save status when click back button from editor

* fix: address PR review issues in upload and save features

- Replace deprecated substr() with substring() in UploadContext
- Fix broken error handling that checked stale task status
- Fix missing useEffect dependency in UploadStatus
- Fix CSS class conflict in progress bar styling
- Add error recovery for save state in Editor (reset on failure)
- Use .finally() instead of .then() to ensure refresh on upload failure
- Fix inconsistent indentation in UploadContext

* fix e2e tests

---------

Co-authored-by: Zimeng Xiong <zxzimeng@gmail.com>

* chore: pre-release v0.2.1-dev

* Update backend/src/security.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix filename/math random UUID generation

---------

Co-authored-by: AdrianAcala <adrianacala017@gmail.com>
Co-authored-by: adamant368 <60790941+Yiheng-Liu@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Zimeng Xiong
2026-01-14 11:25:27 -08:00
committed by GitHub
parent e75b727a5a
commit 0476315322
37 changed files with 2074 additions and 685 deletions
Download Patch File Download Diff File Expand all files Collapse all files
e2e/playwright.config.ts
+28 -18
View File
@@ -17,49 +17,56 @@ const BACKEND_URL = process.env.API_URL || `http://localhost:${BACKEND_PORT}`;
*/
export default defineConfig({
testDir: "./tests",
// Run tests in parallel
fullyParallel: true,
// Fail the build on test.only() in CI
forbidOnly: !!process.env.CI,
// Retry on CI only
retries: process.env.CI ? 2 : 0,
// Limit parallel workers in CI
workers: process.env.CI ? 1 : undefined,
// Reporter configuration
reporter: [
["list"],
["html", { outputFolder: "playwright-report" }],
[
"html",
{
// Useful when a previous Docker run produced root-owned artifacts.
// Allows local runs to redirect output without editing the config.
outputFolder: process.env.PLAYWRIGHT_REPORT_DIR || "playwright-report",
},
],
],
// Output folder for test artifacts
outputDir: "test-results",
outputDir: process.env.PLAYWRIGHT_OUTPUT_DIR || "test-results",
// Global timeout for each test
timeout: 60000,
// Expect timeout
expect: {
timeout: 10000,
},
use: {
// Base URL for page.goto()
baseURL: FRONTEND_URL,
// Collect trace on first retry
trace: "on-first-retry",
// Screenshot on failure
screenshot: "only-on-failure",
// Video on failure
video: "on-first-retry",
// Headed mode based on env var
headless: process.env.HEADED !== "true",
},
@@ -67,7 +74,7 @@ export default defineConfig({
projects: [
{
name: "chromium",
use: {
use: {
...devices["Desktop Chrome"],
// Viewport for consistent screenshots
viewport: { width: 1280, height: 720 },
@@ -76,7 +83,7 @@ export default defineConfig({
],
// Run local dev servers before tests (skip if NO_SERVER or CI)
webServer: (process.env.CI || process.env.NO_SERVER) ? undefined : [
webServer: (process.env.CI || process.env.NO_SERVER === "true") ? undefined : [
{
command: "cd ../backend && npm run dev",
url: `${BACKEND_URL}/health`,
@@ -85,8 +92,11 @@ export default defineConfig({
stdout: "pipe",
stderr: "pipe",
env: {
DATABASE_URL: "file:./prisma/dev.db",
// Prisma resolves relative SQLite paths from the schema directory (backend/prisma).
// Using `file:./dev.db` avoids accidentally creating `prisma/prisma/dev.db`.
DATABASE_URL: "file:./dev.db",
FRONTEND_URL,
CSRF_MAX_REQUESTS: "1000",
},
},
{