- Added a new `LoginAttempt` model to track login attempts, including rate limiting and lockout functionality.
- Introduced environment variables for configuring login rate limits and maximum failures.
- Updated the authentication middleware to handle login attempts and enforce rate limits.
- Enhanced the user model with indexing for username and email for improved lookup performance.
- Modified the `.env.example` file to include new optional authentication settings.
- Updated integration tests to cover new login attempt features and authentication state management.
- Introduced a `mustResetPassword` field in the User model to manage password reset requirements.
- Enhanced authentication flow to support password changes, including validation and error handling.
- Updated frontend components to handle password reset scenarios and integrate with the new API endpoints.
- Modified authentication context and hooks to accommodate the new password reset logic.
- Adjusted E2E tests to ensure proper coverage for the password reset functionality.
- Implemented multi-user authentication with role-based access control.
- Added environment variables for initial admin user setup.
- Updated README and example environment file with new authentication options.
- Introduced user and system configuration models in the database schema.
- Enhanced authentication middleware to support user registration and role management.
- Updated frontend to handle new authentication flows, including admin user creation and role updates.
* feat(security): implement CSRF protection
* chore: clean up CSRF implementation
- Remove unused generateCsrfToken export from security.ts
- Remove redundant /csrf-token path check (GET already exempt)
- Restore defineConfig wrapper in vitest.config.ts for type safety
* add K8S note in README, fix broken e2e
* feat/upload-bar (#30)
* feat/upload-bar: add a upload bar when user upload file, indicate the upload process
* feat/save-loading-status: add save status when click back button from editor
* fix: address PR review issues in upload and save features
- Replace deprecated substr() with substring() in UploadContext
- Fix broken error handling that checked stale task status
- Fix missing useEffect dependency in UploadStatus
- Fix CSS class conflict in progress bar styling
- Add error recovery for save state in Editor (reset on failure)
- Use .finally() instead of .then() to ensure refresh on upload failure
- Fix inconsistent indentation in UploadContext
* fix e2e tests
---------
Co-authored-by: Zimeng Xiong <zxzimeng@gmail.com>
* chore: pre-release v0.2.1-dev
* Update backend/src/security.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix filename/math random UUID generation
---------
Co-authored-by: AdrianAcala <adrianacala017@gmail.com>
Co-authored-by: adamant368 <60790941+Yiheng-Liu@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: implement comprehensive testing infrastructure
- Fix image dataURL truncation bug in security.ts with configurable size limits
- Add backend integration tests (22 tests) with Vitest for API validation
- Add frontend unit tests (11 tests) for JSON serialization
- Implement browser-based E2E tests (8 tests) with Playwright
- Create Docker setup for repeatable E2E testing environment
- Add GitHub Actions CI workflow for automated testing
- Update .gitignore for test artifacts and temporary files
Testing Infrastructure:
- Backend: Vitest + Supertest for API integration tests
- Frontend: Vitest + Testing Library for component tests
- E2E: Playwright with Chromium for full browser automation
- CI/CD: GitHub Actions with parallel test execution
Security Improvements:
- Make dataURL size limit configurable (default: 10MB)
- Enhanced validation for image dataURLs
- Block malicious content (javascript:, script tags)
All tests pass: 41 total (22 backend + 11 frontend + 8 E2E)
* feat(tests): add comprehensive E2E tests for dashboard workflows and image persistence
chore(env): update environment variables for consistent API URL usage
fix(api): centralize API request helpers for drawing and collection management
style(DrawingCard): enhance accessibility with ARIA attributes and data-testid for testing
* cleanup/revise documentation
* cleanup/revise documentation
* Add end-to-end tests for drawing CRUD, export/import, search/sort, and theme toggle functionalities
- Implemented E2E tests for drawing creation, editing, and deletion in `drawing-crud.spec.ts`.
- Added tests for export and import features, including JSON and SQLite formats in `export-import.spec.ts`.
- Created tests for searching and sorting drawings by name and date in `search-and-sort.spec.ts`.
- Developed tests for theme toggle functionality to ensure persistence across sessions in `theme-toggle.spec.ts`.
* fix: exclude test files from production build to fix Docker build
* feat: implement comprehensive testing infrastructure (#19)
* bump version 0.1.7
* feat: implement comprehensive testing infrastructure
- Fix image dataURL truncation bug in security.ts with configurable size limits
- Add backend integration tests (22 tests) with Vitest for API validation
- Add frontend unit tests (11 tests) for JSON serialization
- Implement browser-based E2E tests (8 tests) with Playwright
- Create Docker setup for repeatable E2E testing environment
- Add GitHub Actions CI workflow for automated testing
- Update .gitignore for test artifacts and temporary files
Testing Infrastructure:
- Backend: Vitest + Supertest for API integration tests
- Frontend: Vitest + Testing Library for component tests
- E2E: Playwright with Chromium for full browser automation
- CI/CD: GitHub Actions with parallel test execution
Security Improvements:
- Make dataURL size limit configurable (default: 10MB)
- Enhanced validation for image dataURLs
- Block malicious content (javascript:, script tags)
All tests pass: 41 total (22 backend + 11 frontend + 8 E2E)
* feat(tests): add comprehensive E2E tests for dashboard workflows and image persistence
chore(env): update environment variables for consistent API URL usage
fix(api): centralize API request helpers for drawing and collection management
style(DrawingCard): enhance accessibility with ARIA attributes and data-testid for testing
* Add end-to-end tests for drawing CRUD, export/import, search/sort, and theme toggle functionalities
- Implemented E2E tests for drawing creation, editing, and deletion in `drawing-crud.spec.ts`.
- Added tests for export and import features, including JSON and SQLite formats in `export-import.spec.ts`.
- Created tests for searching and sorting drawings by name and date in `search-and-sort.spec.ts`.
- Developed tests for theme toggle functionality to ensure persistence across sessions in `theme-toggle.spec.ts`.
* Update backend/src/__tests__/testUtils.ts
---------
Co-authored-by: Zimeng Xiong <zxzimeng@gmail.com>
* version bump 0.1.8
* fix(ci): consolidate E2E server startup to prevent shell isolation issues
Background processes started with & in separate GitHub Actions run steps
can terminate when those steps complete because each step creates a new
shell. This caused the backend and frontend servers to die before the
E2E tests could run.
Fixed by consolidating server startup and test execution into a single
shell step with:
- Proper PID tracking for cleanup
- Health check loops instead of fixed sleep times
- All processes run in the same shell session
* fix(ci): use absolute database path for E2E tests
* fix(backend): use resolved DATABASE_URL path for export/import endpoints
---------
Co-authored-by: Adrian Acala <adrianacala017@gmail.com>
- Improve cache key generation using JSON.stringify for consistent formatting
- Add promise deduplication in DrawingCard to prevent redundant API calls for full drawing data
- Clear full data state when drawing ID changes to ensure fresh data loading
- Fix async cache invalidation in drawing update and collection delete endpoints
- Move cache invalidation after database operations in SQLite import endpoint
- Add HydratedDrawingData type for better type safety in drawing data management
- Moved BACKEND_URL configuration to the frontend service in the README.
- Added validation for the generated nginx configuration in the entrypoint script.
- Removed fallback nginx configuration copy from the Dockerfile.
- Adjusted nginx template to ensure proper header formatting.
This improves the deployment process and clarifies configuration instructions.
- Add 5s in-memory cache for /drawings responses with automatic cleanup
- Split Drawing/DrawingSummary types for efficient data fetching
- Implement lazy loading of drawing data in DrawingCard component
- Add configurable DRAWINGS_CACHE_TTL_MS and RATE_LIMIT_MAX_REQUESTS env vars
- Prevent memory leaks with periodic cleanup of cache and rate limit maps
- Add loading states and better UX for export operations
- Improve JSON parsing with error handling for malformed stored data
Benchmark results (100 drawings, cached):
- Avg latency: 6.94ms (p50: 4ms, p97.5: 8ms)
- Avg throughput: 668 req/s (peak: 1,023)
- 3k requests in 5s with 0 errors
Update .gitignore to exclude generated files, env files, and build artifacts
- Added BACKEND_URL environment variable to docker-compose for frontend service.
- Introduced a new entrypoint script to configure nginx with the BACKEND_URL at runtime.
- Created a template for nginx configuration to handle API and WebSocket requests dynamically.
- Updated README with instructions for configuring reverse proxy setups.
Fixes#12
Adrian Acala