Files

T

History

Zimeng Xiong 0476315322 0.2.1 Release (#32 )

* feat(security): implement CSRF protection

* chore: clean up CSRF implementation

  - Remove unused generateCsrfToken export from security.ts
  - Remove redundant /csrf-token path check (GET already exempt)
  - Restore defineConfig wrapper in vitest.config.ts for type safety

* add K8S note in README, fix broken e2e

* feat/upload-bar (#30)

* feat/upload-bar: add a upload bar when user upload file, indicate the upload process

* feat/save-loading-status: add save status when click back button from editor

* fix: address PR review issues in upload and save features

- Replace deprecated substr() with substring() in UploadContext
- Fix broken error handling that checked stale task status
- Fix missing useEffect dependency in UploadStatus
- Fix CSS class conflict in progress bar styling
- Add error recovery for save state in Editor (reset on failure)
- Use .finally() instead of .then() to ensure refresh on upload failure
- Fix inconsistent indentation in UploadContext

* fix e2e tests

---------

Co-authored-by: Zimeng Xiong <zxzimeng@gmail.com>

* chore: pre-release v0.2.1-dev

* Update backend/src/security.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix filename/math random UUID generation

---------

Co-authored-by: AdrianAcala <adrianacala017@gmail.com>
Co-authored-by: adamant368 <60790941+Yiheng-Liu@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

2026-01-14 11:25:27 -08:00

fixtures

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

tests

0.2.1 Release (#32 )

2026-01-14 11:25:27 -08:00

.gitignore

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

docker-compose.e2e.yml

0.2.1 Release (#32 )

2026-01-14 11:25:27 -08:00

Dockerfile.playwright

0.2.1 Release (#32 )

2026-01-14 11:25:27 -08:00

package-lock.json

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

package.json

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

playwright.config.ts

0.2.1 Release (#32 )

2026-01-14 11:25:27 -08:00

README.md

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

run-e2e.sh

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

tsconfig.json

Testing infrastructure, fix truncating of dataURLs (#26 )

2025-12-19 15:09:15 -08:00

README.md

ExcaliDash E2E Tests

Browser-based end-to-end tests for ExcaliDash using Playwright.

Prerequisites

Node.js 18+
npm
Docker (optional, for containerized testing)

Quick Start

Local Testing

# Install dependencies
npm install
npx playwright install chromium

# Run tests (will start servers automatically)
npm test

# Run tests with visible browser
npm run test:headed

# Run tests in debug mode
npm run test:debug

With Existing Servers

If you already have the backend and frontend running:

# Backend at http://localhost:8000
# Frontend at http://localhost:5173
NO_SERVER=true npm test

Docker Testing

Run tests in an isolated Docker environment:

npm run docker:test

# Or using docker-compose directly
docker-compose -f docker-compose.e2e.yml up --build --abort-on-container-exit

Test Suites

Image Persistence (Issue #17 Regression)

Tests for the bug where images wouldn't load fully when reopening files.

should preserve large image data through save/reload cycle - Core regression test
should display drawing in editor view - Browser UI test
should import .excalidraw file with embedded image - File import test
should handle multiple images of varying sizes - Multi-image test

Security Tests

Tests for malicious content blocking:

should block javascript: URLs in image data - XSS prevention
should block script tags in image data - Script injection prevention

Configuration

Environment variables:

Variable	Default	Description
`BASE_URL`	`http://localhost:5173`	Frontend URL
`API_URL`	`http://localhost:8000`	Backend API URL
`HEADED`	`false`	Run with visible browser
`NO_SERVER`	`false`	Skip starting servers
`CI`	`false`	CI mode (headless, retries)

File Structure

e2e/
├── tests/                    # Test files
│   └── image-persistence.spec.ts
├── fixtures/                 # Test data files
│   └── small-image.excalidraw
├── playwright.config.ts      # Playwright configuration
├── docker-compose.e2e.yml    # Docker setup
├── Dockerfile.playwright     # Playwright container
├── run-e2e.sh               # Convenience script
└── README.md                # This file

Writing Tests

import { test, expect } from "@playwright/test";

test("my test", async ({ page, request }) => {
  // Use `page` for browser interactions
  await page.goto("/");
  await expect(page.locator("h1")).toBeVisible();
  
  // Use `request` for API calls
  const response = await request.get("http://localhost:8000/drawings");
  expect(response.ok()).toBe(true);
});

Debugging

# Run with Playwright UI
npm run test:ui

# Run specific test
npx playwright test -g "should preserve large image"

# Show last test report
npm run report

CI Integration

The tests are integrated into GitHub Actions. See .github/workflows/test.yml.

For CI environments, tests run in headless mode with:

Automatic retries on failure
Screenshot/video on failure
HTML report generation